diff --git a/database/baseline/sqlfw/images/sqlfw-005.png b/database/baseline/sqlfw/images/sqlfw-005.png index 87e74ccb..1c1e6c44 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-005.png and b/database/baseline/sqlfw/images/sqlfw-005.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-006.png b/database/baseline/sqlfw/images/sqlfw-006.png index b8e1888c..76b0a29c 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-006.png and b/database/baseline/sqlfw/images/sqlfw-006.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-008.png b/database/baseline/sqlfw/images/sqlfw-008.png index 53a53337..c53844da 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-008.png and b/database/baseline/sqlfw/images/sqlfw-008.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-009.png b/database/baseline/sqlfw/images/sqlfw-009.png index 70c451f2..04198194 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-009.png and b/database/baseline/sqlfw/images/sqlfw-009.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-010.png b/database/baseline/sqlfw/images/sqlfw-010.png index aa521034..4e63483d 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-010.png and b/database/baseline/sqlfw/images/sqlfw-010.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-011.png b/database/baseline/sqlfw/images/sqlfw-011.png index 5305fd17..eae5efa6 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-011.png and b/database/baseline/sqlfw/images/sqlfw-011.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-012.png b/database/baseline/sqlfw/images/sqlfw-012.png index f56741d2..fb9e9def 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-012.png and b/database/baseline/sqlfw/images/sqlfw-012.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-013.png b/database/baseline/sqlfw/images/sqlfw-013.png index 3f8d21df..452836a8 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-013.png and b/database/baseline/sqlfw/images/sqlfw-013.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-014.png b/database/baseline/sqlfw/images/sqlfw-014.png index 2c7d5aee..870a3b16 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-014.png and b/database/baseline/sqlfw/images/sqlfw-014.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-015.png b/database/baseline/sqlfw/images/sqlfw-015.png index 718499a7..3d834ad1 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-015.png and b/database/baseline/sqlfw/images/sqlfw-015.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-026.png b/database/baseline/sqlfw/images/sqlfw-026.png index 89b0fcf3..0e7bbda7 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-026.png and b/database/baseline/sqlfw/images/sqlfw-026.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-027.png b/database/baseline/sqlfw/images/sqlfw-027.png index 010f5512..a05a43f5 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-027.png and b/database/baseline/sqlfw/images/sqlfw-027.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-028.png b/database/baseline/sqlfw/images/sqlfw-028.png index 8263d1ac..49a1d9e7 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-028.png and b/database/baseline/sqlfw/images/sqlfw-028.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-029.png b/database/baseline/sqlfw/images/sqlfw-029.png index 88012c9f..5cd20dc8 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-029.png and b/database/baseline/sqlfw/images/sqlfw-029.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-030.png b/database/baseline/sqlfw/images/sqlfw-030.png index 9505c9aa..ee8b1e94 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-030.png and b/database/baseline/sqlfw/images/sqlfw-030.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-031.png b/database/baseline/sqlfw/images/sqlfw-031.png index 8901760d..856f5f3f 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-031.png and b/database/baseline/sqlfw/images/sqlfw-031.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-033.png b/database/baseline/sqlfw/images/sqlfw-033.png index af306790..0ce97c8b 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-033.png and b/database/baseline/sqlfw/images/sqlfw-033.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-034.png b/database/baseline/sqlfw/images/sqlfw-034.png index ebe2e7b8..8b2403cc 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-034.png and b/database/baseline/sqlfw/images/sqlfw-034.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-035.png b/database/baseline/sqlfw/images/sqlfw-035.png index 90d7f32c..cdd957bc 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-035.png and b/database/baseline/sqlfw/images/sqlfw-035.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-036.png b/database/baseline/sqlfw/images/sqlfw-036.png index 3464b28d..596285a9 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-036.png and b/database/baseline/sqlfw/images/sqlfw-036.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-038.png b/database/baseline/sqlfw/images/sqlfw-038.png index a237cb3a..ddd79ec7 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-038.png and b/database/baseline/sqlfw/images/sqlfw-038.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-039.png b/database/baseline/sqlfw/images/sqlfw-039.png index 28e2a624..4afec905 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-039.png and b/database/baseline/sqlfw/images/sqlfw-039.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-040.png b/database/baseline/sqlfw/images/sqlfw-040.png index fe15889e..b516d8fa 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-040.png and b/database/baseline/sqlfw/images/sqlfw-040.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-041.png b/database/baseline/sqlfw/images/sqlfw-041.png index c8c2791d..d7db0102 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-041.png and b/database/baseline/sqlfw/images/sqlfw-041.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-043.png b/database/baseline/sqlfw/images/sqlfw-043.png index b1268c66..93ceaf2f 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-043.png and b/database/baseline/sqlfw/images/sqlfw-043.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-045.png b/database/baseline/sqlfw/images/sqlfw-045.png index 1f025ae8..c7a7b4ac 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-045.png and b/database/baseline/sqlfw/images/sqlfw-045.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-046.png b/database/baseline/sqlfw/images/sqlfw-046.png index 61b9cf8d..48f5c2eb 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-046.png and b/database/baseline/sqlfw/images/sqlfw-046.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-049.png b/database/baseline/sqlfw/images/sqlfw-049.png index 7dfb46ed..1cc76c29 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-049.png and b/database/baseline/sqlfw/images/sqlfw-049.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-050.png b/database/baseline/sqlfw/images/sqlfw-050.png index 8e8f1b27..69a7b675 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-050.png and b/database/baseline/sqlfw/images/sqlfw-050.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-052.png b/database/baseline/sqlfw/images/sqlfw-052.png index 77bca9a5..97b89cab 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-052.png and b/database/baseline/sqlfw/images/sqlfw-052.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-053.png b/database/baseline/sqlfw/images/sqlfw-053.png index 42d9b085..017beb10 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-053.png and b/database/baseline/sqlfw/images/sqlfw-053.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-056.png b/database/baseline/sqlfw/images/sqlfw-056.png index 57080445..8d8ec01a 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-056.png and b/database/baseline/sqlfw/images/sqlfw-056.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-057.png b/database/baseline/sqlfw/images/sqlfw-057.png index 5d592f79..36b61bb0 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-057.png and b/database/baseline/sqlfw/images/sqlfw-057.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-058.png b/database/baseline/sqlfw/images/sqlfw-058.png index 0233359c..6e446a27 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-058.png and b/database/baseline/sqlfw/images/sqlfw-058.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-059.png b/database/baseline/sqlfw/images/sqlfw-059.png index a61facb8..347d45b3 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-059.png and b/database/baseline/sqlfw/images/sqlfw-059.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-061.png b/database/baseline/sqlfw/images/sqlfw-061.png index 461e378e..fa3c5365 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-061.png and b/database/baseline/sqlfw/images/sqlfw-061.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-067b.png b/database/baseline/sqlfw/images/sqlfw-067b.png index af623729..af667ab4 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-067b.png and b/database/baseline/sqlfw/images/sqlfw-067b.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-071.png b/database/baseline/sqlfw/images/sqlfw-071.png index 1105b292..30042445 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-071.png and b/database/baseline/sqlfw/images/sqlfw-071.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-072.png b/database/baseline/sqlfw/images/sqlfw-072.png index 3af59b53..6dfc60c9 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-072.png and b/database/baseline/sqlfw/images/sqlfw-072.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-073.png b/database/baseline/sqlfw/images/sqlfw-073.png index bcce3bf4..bb860262 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-073.png and b/database/baseline/sqlfw/images/sqlfw-073.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-074.png b/database/baseline/sqlfw/images/sqlfw-074.png index be7f3608..387cb6da 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-074.png and b/database/baseline/sqlfw/images/sqlfw-074.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-075.png b/database/baseline/sqlfw/images/sqlfw-075.png index 2b308800..a1cfd80e 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-075.png and b/database/baseline/sqlfw/images/sqlfw-075.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-076.png b/database/baseline/sqlfw/images/sqlfw-076.png index 8c26e4fa..12e068cc 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-076.png and b/database/baseline/sqlfw/images/sqlfw-076.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-077.png b/database/baseline/sqlfw/images/sqlfw-077.png index f4ac3db1..02b825ce 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-077.png and b/database/baseline/sqlfw/images/sqlfw-077.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-078.png b/database/baseline/sqlfw/images/sqlfw-078.png index 6a79997b..d067722d 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-078.png and b/database/baseline/sqlfw/images/sqlfw-078.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-079.png b/database/baseline/sqlfw/images/sqlfw-079.png index 866cc9be..63015ecb 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-079.png and b/database/baseline/sqlfw/images/sqlfw-079.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-080.png b/database/baseline/sqlfw/images/sqlfw-080.png index 1de18e14..2cf1da36 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-080.png and b/database/baseline/sqlfw/images/sqlfw-080.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-081.png b/database/baseline/sqlfw/images/sqlfw-081.png new file mode 100644 index 00000000..39dd53db Binary files /dev/null and b/database/baseline/sqlfw/images/sqlfw-081.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-082.png b/database/baseline/sqlfw/images/sqlfw-082.png index a060e223..329c6d78 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-082.png and b/database/baseline/sqlfw/images/sqlfw-082.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-090.png b/database/baseline/sqlfw/images/sqlfw-090.png index e4414d42..0f8ef01b 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-090.png and b/database/baseline/sqlfw/images/sqlfw-090.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-091.png b/database/baseline/sqlfw/images/sqlfw-091.png index 6e2b2b06..71e17e15 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-091.png and b/database/baseline/sqlfw/images/sqlfw-091.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-092.png b/database/baseline/sqlfw/images/sqlfw-092.png index 1e07da7e..08041200 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-092.png and b/database/baseline/sqlfw/images/sqlfw-092.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-204.png b/database/baseline/sqlfw/images/sqlfw-204.png index 191ea37c..76ff9f97 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-204.png and b/database/baseline/sqlfw/images/sqlfw-204.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-205.png b/database/baseline/sqlfw/images/sqlfw-205.png index 4ebb126b..d4a584da 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-205.png and b/database/baseline/sqlfw/images/sqlfw-205.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-207.png b/database/baseline/sqlfw/images/sqlfw-207.png index 68c8fcde..656c4e69 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-207.png and b/database/baseline/sqlfw/images/sqlfw-207.png differ diff --git a/database/baseline/sqlfw/images/sqlfw-concept.png b/database/baseline/sqlfw/images/sqlfw-concept.png index 05ed47a1..ffa2bdb4 100644 Binary files a/database/baseline/sqlfw/images/sqlfw-concept.png and b/database/baseline/sqlfw/images/sqlfw-concept.png differ diff --git a/database/baseline/sqlfw/sqlfw.md b/database/baseline/sqlfw/sqlfw.md index 0d0a9cb0..9f2adddb 100644 --- a/database/baseline/sqlfw/sqlfw.md +++ b/database/baseline/sqlfw/sqlfw.md @@ -8,7 +8,7 @@ This workshop introduces the functionality of Oracle SQL Firewall. It gives the *Version tested in this lab:* Oracle DBEE 23.2 ### Video Preview -Watch a preview of "*Introducing SQL Firewall – a new security capability in Oracle Database*" [](youtube:aiwb6od3mfo) +Watch a preview of "*Introducing SQL Firewall – a new security capability in Oracle Database 23ai*" [](youtube:81N23MDhYXU) ### Objectives - Train the SQL Firewall to learn the normal activity @@ -73,7 +73,7 @@ To use a database with Oracle Data Safe, you first need to register it with Orac 6. Fill out as following: - - Name: `` (here "*`DBSeclabs_DB23c`*") + - Name: `` (here "*`DBSeclabs_EP_DB23ai`*") - Compartment: Select your Compartment - Virtual cloud network: Select your VCN - Subnet: Select your Subnet @@ -87,7 +87,7 @@ To use a database with Oracle Data Safe, you first need to register it with Orac ![SQLFW](./images/sqlfw-006.png "the Private endpoint is ACTIVE") **Note**: - - A Private IP is assigned to this Private endpoint (here '10.0.0.113') + - A Private IP is assigned to this Private endpoint (here '10.0.0.57') - There's no target database register by default 9. Now, configure your target database to be registered into Data Safe @@ -135,14 +135,14 @@ To use a database with Oracle Data Safe, you first need to register it with Orac - Fill out the "Register Target Database" as following - Database Type: Select *`Oracle On-Premises Database`* - - Data Safe Target Display Name: *`DBSeclabs_DB23c-freepdb1`* - - Description: *`On-Premises pluggable database of DB23c VM (freepdb1)`* + - Data Safe Target Display Name: *`DBSeclabs_DB23ai-freepdb1`* + - Description: *`On-Premises pluggable database of DB23ai VM (freepdb1)`* - Compartment: Select your own Compartment ![SQLFW](./images/sqlfw-011.png "Fill out the Register Target Database parameters") - Choose a connectivity option: *`Private endpoint`* - - Select private endpoint: Select *`DBSeclabs_DB23c`* + - Select private endpoint: Select *`DBSeclabs_EP_DB23ai`* - TCP/TLS: *`TCP`* - Database Service Name: *`freepdb1`* - Database IP Address: *`10.0.0.155`* @@ -202,7 +202,7 @@ To use a database with Oracle Data Safe, you first need to register it with Orac ## Task 1b: Enable SQL Firewall to protect Glassfish HR Application -In this lab you will learn how the administrator trains the system to learn the authorized SQL statements and the trusted connection paths of HR application. SQL Firewall policy is generated with allow-lists representing authorized SQL connections and statements, and deployed to the target. +In this task you will learn how the administrator trains the system to learn the authorized SQL statements and the trusted connection paths of HR application. SQL Firewall policy is generated with allow-lists representing authorized SQL connections and statements, and deployed to the target. ### Step 1: Enable SQL Firewall @@ -215,7 +215,7 @@ In this lab you will learn how the administrator trains the system to learn the ![SQLFW](./images/sqlfw-026.png "Click on SQL Firewall sub-menu") -3. Click on the target database **`DBSeclabs_DB23c-freepdb1`** +3. Click on the target database **`DBSeclabs_DB23ai-freepdb1`** ![SQLFW](./images/sqlfw-027.png "Click on the target DB") @@ -278,7 +278,7 @@ In this lab you will learn how the administrator trains the system to learn the **Note:** Click [**Refresh insights**] if you don't see any data! - ![SQLFW](./images/sqlfw-037.png "Refresh SQL collections insights") + 4. If you are satisfied, click [**Stop**] to stop the SQL workload capture @@ -375,17 +375,17 @@ In this lab you will learn how the administrator trains the system to learn the - Associate the SQL Firewall violation policy to your target database - - Select **Selected targets only (up to 10)** and choose *`DBSeclabs_DB23c-freepdb1`* - - Select **Selected policies only** and choose *`SQL Firewall violations`* + - Select **Selected targets only (up to 10)** and choose *`DBSeclabs_DB23ai-freepdb1`* + - Select **Selected policies only** and choose *`All policies`* ![SQLFW](./images/sqlfw-057.png "Associate the SQL Firewall violation policy") - Click [**Apply policy**] - ![SQLFW](./images/sqlfw-058.png "Apply policy") - - Once the association is done, you can click on **Close** to close the window + ![SQLFW](./images/sqlfw-058.png "Apply policy") + - Now, you should see your target database associated to the SQL Firewall violations policy ![SQLFW](./images/sqlfw-059.png "SQL Firewall violations policy associated") @@ -680,7 +680,7 @@ Here, we will enable the SQL Firewall to block on detection of unauthorized SQL ![SQLFW](./images/sqlfw-203.png "Target databases") - - Click on the target database **`DBSeclabs_DB23c-freepdb1`** + - Click on the target database **`DBSeclabs_DB23ai-freepdb1`** ![SQLFW](./images/sqlfw-204.png "Target database to deregister") @@ -718,7 +718,7 @@ With PL/SQL procedures in the `SYS.DBMS_SQL_FIREWALL` package, you can administe In this lab you will learn how the administrator trains the system to learn the authorized SQL statements and the trusted connection paths of HR application. SQL Firewall policy is generated with allow-lists representing authorized SQL connections and statements, and deployed to the target. -## Step 1: Setup SQL Firewall env +### Step 1: Setup SQL Firewall env 1. Create an administrator (**`dba_tom`**) to manage SQL Firewall diff --git a/database/common/init-start-env/init-start-env-sqlfw.md b/database/common/init-start-env/init-start-env-sqlfw.md index f8e4e2f5..fe457a3b 100644 --- a/database/common/init-start-env/init-start-env-sqlfw.md +++ b/database/common/init-start-env/init-start-env-sqlfw.md @@ -37,7 +37,7 @@ This lab assumes you have: ![DB Service Status](images/db-service-status.png "DB Service Status") - - DBSec-lab Service (Enterprise Manager 13c and My HR Applications on Glassfish) + - DBSec-lab Service (My HR Applications on Glassfish and other components) ``` @@ -154,7 +154,7 @@ You may now **proceed to the next lab**. sudo systemctl restart oracle-database ``` -2. DBSec-lab Service (Enterprise Manager 13c and My HR Applications on Glassfish) +2. DBSec-lab Service (My HR Applications on Glassfish and other components) - Start