infoFence, is a 3rd. party real time security database software for Oracle databases.
SCOPE
Login Control
DDL/DCL (Database Definition & Control Language) Control
DML (Data Manipulation Language)/QUERY Control
Database and Application Error Detection System
Conditional Table Access Logging System.
Only tool that can use Oracle's Data Redaction easily
It is installed into Oracle Databases (11g, 12c, 19c and over) and runs using Database Triggers and optionally be integrated with Oracle Database Vault Option
Oracle Database Vault Option Integration
Oracle Database Vault is a security platform running in database. Segregation of duty is enforced by limiting privileges of DBAs having unlimited privileges. This option requires an additional licence from Oracle Corp. infoFence with its unique design and Oracle Database Vault integration, creates an enourmous difference in database security and management.
Maximum Security
infoFence is a security layer on Oracle Databases.
Each client logging into database are redefined with their client session values. Existing privileges are never altered but reauthorized in a new layer.
User access, DDL, data change, update, query, mask and redaction operations are easily controlled and logged.
infoFence provides ability to test before blocking. (Try, analyze then apply)
infoFence prevents any security breaches and backdoor access to the database.
Login Control
Any user knowing the right user-password can not login to the database unless defined by infoFence explicitly.
Even the most powerful user SYS (as sysdba) can not login unless defined in infoFence. No Oracle privileges are revoked at all to provide this restriction.
DDL/DCL Control
Users with same database user-pasword may have different privileges and may execute DDL/DCL commands like ALTER, DROP, CREATE, GRANT, REVOKE on specified objects only if defined by infoFence.
Even the most powerful user sys (as sysdba) can not execute DDL/DCL commands unless defined by infoFence.
All DDL/DCL executions are logged and source code of database object versions are kept historically with their state and error.
Specified database Schema and objects are protected against DDL/DCL operations.
DML/Query Control
Critical data are now secured. Even the DBAs and the most powerful user SYS are prevented to query and access critical data. Unauthorized accesses are blocked and logged.
The selected clients are prevented to access selected tables.
The selected clients are prevented to see critical data with Masking or Data Redaction. Data Redaction requires additional Licence from Oracle Corp.
Data Redaction can be used on table and views easily with try & apply approach.
TRY & APPLY APPROACH: In production environment, it is possible to test and analyze the consequences of blocking a table access before blocking. First define in SNIFFMODE, analyze it, then switch to GUARDMODE later on.
Error Detection
Any database errors occuring in Oracle database are logged in alertSID.log file. The errors arisen from both database and application are detected and logged by infoFence.
When explicitly defined, any database and application error can automatically run an event action by infoFence. The user can write his/her own PL/SQL code for the automatic action alarms.
Logging
Logs can be kept in a seperate electronic data storage away from Oracle Databases where Oracle DBAs can not access, infoSaver is the storage part of infoFence.
Login attempts, DDL, DCL, DML (Access & Block), QUERY access operations and error detections are logged.
Table/view accesses for desired user groups can be logged. E.g. You can log table/view accesses for direct user connections but not log application server clients.
Checksums are kept for each log. Any log can be checked if it is modified, hacked or not. The encrypted logs may logged explicitly.
LDAP OID Support
Client defined in Oracle Internet Directory (OID) may login to database with his/her username via Enterprise User Security (EUS). Client authentication definition can be done in infoFence using Client’s username (LDAP user), Ldap path, proxy user and mapped schema name.
Identity Management Support
It is easy to integrate with Identity Management Systems.
There are fields in client definition for identity definition. Using the APIs at INFOFENCE_PANEL package from infoFence, integration can be done easily.
Reports
infoFence user interface panel has generic reports to be generated.
Performance
infoFence is highly tuned. It has no top query or wait event on 10000 (ten thousand) concurrent user system and a very high transaction rate.
Control Panel
infoFence has a very user friendly and easy interface.
Reinforce Your Database Security Rapidly and Easily