Friday, August 29, 2014

Oracle Database FIPS 140-2 security

With the release of Oracle database Oracle has introduced a new parameter in the database in relation to security. The new parameter DBFIPS_140 is used to ensure your database is secured according to the FIPS 140-2 standards level 2. FIPS 140-2 stands for Federal Information Processing Standard and dictates how data should be encrypted in rest and during transmission.

The fact that Oracle now has the option to activate a parameter in the database which will control that your data will be secured in accordance to FIPS 140-2 level 2 is a huge benefit when deploying databases in government environments demanding FIPS compliancy, however, it can also be used for non government systems as it will show a level of security implemented in your system.

To ensure your entire solution is FIPS compliant in an end-to-end fashion will take more then only activate the DBFIPS_140 parameter in your database however from a database component point of view in the overall solution it is a good thing.

The current DBFIPS_140 parameter is designed to be compliant with FIPS 140-2 level 2. The FIPS 140 standard consist out of 4 levels from which Oracle is currently covering level 2. The overall standard has the following descriptions on the levels within FIPS 140-2:

  • FIPS 140-2 Level 1 the lowest, imposes very limited requirements; loosely, all components must be "production-grade" and various egregious kinds of insecurity must be absent.
  • FIPS 140-2 Level 2 adds requirements for physical tamper-evidence and role-based authentication.
  • FIPS 140-2 Level 3 adds requirements for physical tamper-resistance (making it difficult for attackers to gain access to sensitive information contained in the module) and identity-based authentication, and for a physical or logical separation between the interfaces by which "critical security parameters" enter and leave the module, and its other interfaces.
  • FIPS 140-2 Level 4 makes the physical security requirements more stringent, and requires robustness against environmental attacks

The FIPS 140-2 setting uses the cryptographic libraries which are included in the Oracle database to ensure encryption of the data and are designed to meet the federal requirements for data encryption during rest and during transmission. For this Oracle uses a combination of 3 solutions; a Secure Socket Layer implementation (SSL), Transparent Data Encryption (TDE) and the DBMS_CRYPTO package.

To active the FIPS 140 setting you have to apply the below command and restart your database to ensure the change has taken effect;


When designing a secure environment for you customer, government or non-government it is however of importance to understand that security takes more then only activating DBFIPS_140. Even if you only take the database into account a real secure Oracle database implementation will take a lot more and will include full separate security architecture.  The Oracle Advanced Security portfolio for databases contains a lot of products, which are pure for the database.

Implementing this, and taking into account you will still need additional security around networking, operating systems, physical location security, client system security and others will take more time then an average secured system. Only securing the database will provide you a secure solution for your database however to ensure true security you will have to apply the same level of masseurs on all components of your secured landscape.

Tuesday, August 05, 2014

Oracle virtualbox Disk UUID issue resolved

Oracle Virtualbox is a desktop virtualization technology used by many developers and system administrators to be able to quickly run a virtual operating system on top of their workstation OS. It is freely available from Oracle and has a widespread adoption. Even though it is a robust solution for running virtual machines on your workstation it can in some situations have some issues. Especially when you change the location of your virtual disks there might be a strange error in the Virtualbox gui.

Due to a running out of diskspace issue I was forced to move some of the virtual disks attached to my virtual machines to another disk on my workstation. Oracle virtualbox allows you to attach (or de-attach) disks to a virtual machine via the GUI. However, if you move a virtual disk to another location and try to re-attach it to a virtual machine the GUI is giving a warning like the one below:

The message reads that virtuabox cannot register the hard disk with a specific UUID because a hard disk with the same UUID is already know. This is due to the fact that virtualbox keep track of virtual disk files with a combination of UUID and location. As you move the file it is seen as a different virtual disk however with the same UUID. Solution for this is to change the UUID in the file so Virtualbox will see it as a new disk and you will be able to attach it to your virtual machine again. On windows (host) systems this can be resolved by executing the below command:

After executing this command you will see that you are able to attach the disk without any issue and can use it again while running at its new location.

Oracle Big Data trends 2014

Oracle has released an insight into the top trends for 2014 in relation to Big Data and Analytics. As can be seen from the 10 points that Oracle sees as trends for 2014 there is a clear focus on big data, predictive analytics and integrating this into existing solutions and processes within an enterprise.

1) Mobile Analytics are on the rise; plans for mobile BI initiatives will double this year.
2) ½ of organizations will move analytics to the cloud for easier reporting
3) ¼ of organizations will unite Hadoop-based data reservoirs with data warehouses as a cost-effective method for long-term storage and in place analysis
4) Organizations will double the number of people with advanced skills in Hadoop and predictive analysis in the coming year
5) 33% of human capital management professionals will use big data discovery tools to explore data from performance reviews, internal surveys, professional profiles and insider workplace websites such as Glassdoor.
6) 40% will prioritize predictive analysis to gain insight into big data strategies
7) 52% will use predictive analytics to gain insight into old business processes
8) 59% will use decision optimization technologies to provide a more personalized and more effective experience for customer interaction.
9) 44% of decision makers will embrace packaged analytics to integrate with existing ERP systems.
10) Organizations still feel their analytics skills are on a beginner level. To keep up they will focus on developing analytic competences.