I was interviewed for a nice article about database security on Dark Reading. The interesting question, I think, is not wether to invest in DB security. To me, it’s a given that you have to do it (even though some customers still don’t agree). The question is – how will the threat landscape change if [...]
I’m sure we all did something similar once or twice in our DBA lives. I had to create a simple script to perform regular expression based data discovery for Oracle. This script will be used as a check in our McAfee Database Vulnerability Manager. We do support data discovery directly in the tool but the [...]
Yesterday I gave a presentation ”Best of Oracle Security 2012” at the DOAG 2012 conference in Nürnberg.
An article Raj Samani and I wrote was published in infosecurity magazine.
I just uploaded my talk Hashdays 2012 ”Self-Defending Databases” to the Red-Database-Security website. The talk explains how to detect SQL Injection attacks in databases (Oracle/MSSQL/MySQL) and how to react in case of a SQL Injection (e.g. done with Pangolin, Havij or Netsparker).
Initially the idea covered only Oracle and MSSQL but Xavier Mertens extend the concept to MySQL (MySQL Attacks Self-Detection) after he saw my presentation at the Hashdays Management Session.
I see an Oracle Waveset Identity Manager (previously Sun Identity Manager) Migration project as a cooking challenge where you need to recreate a given dish in a particular time frame. You are going to be using different tools and techniques in your reconstruction but it has to resemble the taste and look-and-feel of the original dish. I could guarantee that almost everyone knows how to approach the challenge. First you carefully observe the original dish by tasting and feeling its texture, then identify the individual ingredients, and finally design a recipe by choosing the right tools and applying appropriate techniques. (more...)
Doraemon - you’ve seen him even if you don’t know his name, the cutest robotic cat from the future! He was my favorite cartoon character when growing up and he's going to help us today.
When attempting to visualize this (magic) migration tool from Oracle Waveset/Sun Identity Manager to Oracle Identity Manager 11g, (see previous blog entry "Grown Kittens Need a New Home"
), I can’t help but to think of Doraemon. He has a 4-dimensional pocket from which he produces gadgets and tools from the future. The Take-copter (a propeller which can be attached to anything to enable flight) (more...)
When Oracle announced that “Oracle Identity Manager will be the strategic Identity Administration and Provisioning product moving forward" and with Oracle Waveset going into ‘sustain and converge’ mode, I was ready to offer all of my Waveset knowledge for adoption. Having delivered Sun Identity Manager projects all the way from when it was “Waveset Lighthouse” (Sun acquired Waveset in 2003), I am personally attached to everything I engineered on top of Waveset throughout the years. For the time I spent getting to know my Waveset customers, taking care of their needs and trying to build/customize the best home possible for (more...)
If your refridgerator needs to be cleaned out, everyone living with you probably knows it because the task is usually so far down on your to-do list, you might as well plan a trip to Mars first. The task moves up the list as the odor becomes worse with each door swing. Eventually it reaches crescendo when your friends, neighbors and significant other(s) can stand it no more. This is the point where the "smell" becomes the "stink" or for those of you counting yourselves as fans of Sir David Attenborough, it becomes titan arum
Back in the 1990s, Kent (more...)
I hear that the Age of Facebook is upon us. While I was busy tending to my identity and access tomatoes, the new dawn has been declared. Apparently right outside my window there be walking people whose identity has been sucked into a space-time deviation yet they're blissfully unaware of this. For those of you in the know (read: in the possession of a secret handshake
), the Age of Aquarius is really where things have been happening for a while but I digress.
Astrology and social networking aside (wait, aren't they one and the same?)
I think (more...)
There was a jolly man named St. Nick
Who didn't know which IDM stack to pick
By the yule log
He read our blog
That well-rounded cheeky man named St. Nick
More coverage of Oracle IAM 11g suite based on OpenWorld sessions. If Oracle Identity Manager 11g
is an evolutionary step and Oracle Identity Analytics 11g
is fresh air then OAM 11g is a shot heard round the world. Changes, they're a comin'.
The current release of Oracle Access Manager is based on the 2005 acquisition of Oblix. The Oblix product is written in C++ and is comprised of a number of independent components that all function, well, independently! In the late 90s-early 00s world of enterprise applications where CORBA was still considered a viable deployment option, J2EE was learning how (more...)
UPDATE (Feb 2010)
: The product described in this post is dead. Sun Role Manager has been renamed to Oracle Identity Analytics and the end result is NOT the same as the product announced at OpenWorld. Stay tuned for more details in another blog post.
Another session at Oracle OpenWorld I attended was for Oracle Identity Analytics (OIA), a new product Oracle built from existing parts for 11g. The product was first announced in early summer of 2009 but if you were reading Oracle tea leaves, you knew about it even before that.
Oracle Identity Analytics is a "classic" (more...)
Hot off the Oracle OpenWorld presses, I give you OIM 11g:
To expand a bit on the above highlights:
1) Shiny new web UI based on Oracle's Application Development Framework (ADF).
2) BPEL-based request/approval workflows. By using inference and set algebra, I can claim that provisioning workflows will stay "as is" (if there can be such a state as "as is" in 11g
). To see is to believe so we shall see.
3) Embedded Oracle Entitlement Server (OES) that will deliver enough semantic firepower in rules that make up various authorization pieces. I am calling this an OES (more...)
Come see us at the Oracle OpenWorld 2009 Unconference
on Monday Oct 12th
. We will be in Moscone West on 3rd floor in Overlook II. Our talk is entitled "Everything You Wanted to Know About Managing Entitlements with Oracle Identity Manager (OIM) But Were Afraid to Ask
". Following our session, we'll be hosting a cocktail reception between 5:30pm-7pm
. Please RSVP
if you'd like to stop by and have a drink with us.
Naturally, we think our session will be very interesting but in case you want to see what else is out there, Oracle IDM marketing (more...)
I like to refer to Identigral as "she." Perhaps it is a subconscious reaction, similar to naming a car Clarice
or perhaps not, it is a woman-owned company after all. She is celebrating her third year today and I thought it might be a good idea for the blog to recap our top 11 greatest blog hits. In order of decreasing popularity, they are:
1. The Rise of Suncle, Volume 1
. The first article in the 3-part Suncle series looks at the Oracle acquisition of Sun and drills down into their respective identity and access management product lines, taking (more...)
After the Suncle series
covering the Sun/Oracle identity and access portfolios, one of the most popular posts on our blog was an article talking about best practices for Active Directory provisioning
by guest blogger Martin Sandren. To continue with the thought of providing interesting (and different from our usual ruminations) content I am pleased to introduce Tom Ebner as our guest blogger. Tom Ebner
has spent the last 7 years leading the creation and deployment of Identity and Access Management infrastructure and services for a Fortune 500 financial services corporation. Tom successfully delivered IAM in the real world despite the (more...)
Thanks to Anil John's tweets,
I've been alerted to National Institute of Standards and Technology (NIST) workshop
on Access Management. Having worked for DARPA a long time ago in a land far away, I am not afraid of terms such as Plenary Session
they make any proceeding seem important and rife with danger. Someone abused their access privileges or shared a password? Call the NSA to erase
him. (Let's see if there are going to be any information security incidents after that..)
I know that some are not aware that NIST does good work in the (more...)
...but perhaps it should be. A properly fortified island with double moats, crocodiles (or cheerleaders),
molten lead showers, Spartan warriors and of course artillery straight from Guns of Navarone . (I don't know why you need artillery if you have crocodiles but I wanted to add it just in case. As the ancient Finnish proverb says, "backups never hurt").
In many an enterprise you'll find a network architecture where a lot of effort has been spent on protecting the perimeter, separating nice, shiny, internal TCP packets from mean, dirty and virus-laden external packets. (UDP packets are always lost and confused, no (more...)
To showcase some of the challenges and solutions of managing entitlements' lifecycle, we're putting on a webinar. The topic of entitlement management is broad so we're going to focus on what we think has the highest value proposition to the business - entitlement attestation. We're going to demo some of the design patterns for fine-grained attestation as implemented in Oracle Identity Manager. Take a look at our entitlement blogs
and our whitepaper
(registration required) for background information.