Publisher: Oracle press
Year: 2005
Language: English
Commentary: (add ocr)
Pages: 266
Contents......Page 3
List of Figures......Page 15
List of Tables......Page 16
Documentation Accessibility......Page 19
Organization......Page 20
Related Documentation......Page 22
Conventions......Page 23
Oracle Database 10g Release 1 (10.1) New Features in Oracle Advanced Security......Page 27
Part I Getting Started with Oracle Advanced Security......Page 29
Security in Enterprise Grid Computing Environments......Page 31
Data Tampering......Page 32
Data Encryption......Page 33
RC4 Encryption:......Page 34
Data Integrity......Page 35
How Centralized Network Authentication Works......Page 36
Supported Authentication Methods......Page 37
Secure Sockets Layer......Page 38
Oracle Advanced Security Architecture......Page 39
Oracle Advanced Security Restrictions......Page 41
Oracle Net Manager......Page 43
Navigating to the Oracle Advanced Security Profile......Page 44
SSL Property Sheet......Page 45
Oracle Wallet Manager......Page 46
Navigator Pane......Page 47
Right Pane......Page 48
Wallet Menu......Page 49
Operations Menu......Page 50
Duties of a Security Administrator/DBA......Page 51
Part II Data Encryption and Integrity......Page 53
When to Use Transparent Data Encryption......Page 55
How Transparent Data Encryption Works......Page 56
Overview of Basic Transparent Data Encryption Operations......Page 57
Using Transparent Data Encryption......Page 58
Using Wallets with Automatic Login Enabled for Transparent Data Encryption......Page 59
Setting the Master Key for First Time Use of Transparent Data Encryption......Page 60
Creating Tables That Contain Encrypted Columns......Page 61
Creating an Encrypted Column on an External Table......Page 62
Encrypting Unencrypted Columns......Page 63
Changing the Encryption Key or Algorithm on Tables Containing Encrypted Columns......Page 64
Datatypes That Can Be Encrypted with the Transparent Data Encryption Feature......Page 65
Creating Wallets......Page 66
Backup and Recovery of Oracle Wallet......Page 67
Performance Effects of Transparent Data Encryption......Page 68
Transparent Data Encryption with OCI......Page 69
Transparent Data Encryption Data Dictionary Views......Page 70
About Encryption......Page 71
RSA RC4 Algorithm for High Speed Encryption......Page 72
Authentication Key Fold-in......Page 73
About Activating Encryption and Integrity......Page 74
REQUESTED......Page 75
Setting the Encryption Seed (Optional)......Page 76
Configuring Encryption on the Client and the Server......Page 77
Configuring Integrity on the Client and the Server......Page 78
Java Database Connectivity Support......Page 81
Securing Thin JDBC......Page 82
Client Encryption Level: ORACLE.NET.ENCRYPTION_CLIENT......Page 83
Client Integrity Selected List: ORACLE.NET.CRYPTO_CHEKSUM_TYPES_CLIENT......Page 84
Part III Oracle Advanced Security Strong Authentication......Page 87
RADIUS Overview......Page 89
RADIUS Authentication Modes......Page 90
Synchronous Authentication Mode......Page 91
Challenge-Response (Asynchronous) Authentication Mode......Page 92
Step 1: Configure RADIUS on the Oracle Client......Page 95
Step 2: Configure RADIUS on the Oracle Database Server......Page 96
Step 3: Configure Additional RADIUS Features......Page 98
Task 4: Configure External RADIUS Authorization (optional)......Page 101
Set RADIUS Accounting on the Oracle Database Server......Page 102
Task 9: Configure Mapping Roles......Page 103
Using RADIUS to Log In to a Database......Page 104
RSA ACE/Server Configuration Checklist......Page 105
Task 1: Install Kerberos......Page 107
Task 3: Extract a Service Table from Kerberos......Page 108
Task 6: Configure Oracle Net Services and Oracle Database......Page 109
Step 1: Configure Kerberos on the Client and on the Database Server......Page 110
Step 2: Set the Initialization Parameters......Page 111
Step 3: Set sqlnet.ora Parameters (optional)......Page 112
Task 9: Create an Externally Authenticated Oracle User......Page 113
Obtaining the Initial Ticket with the okinit Utility......Page 114
Configuring Interoperability with a Windows 2000 Domain Controller KDC......Page 115
Step 2: Specify the Oracle Configuration Parameters in the sqlnet.ora File......Page 116
Step 2: Create the Oracle Database Principal......Page 117
Task 4: Obtain an Initial Ticket for the Kerberos/Oracle User......Page 118
Troubleshooting......Page 119
Difference between SSL and TLS......Page 121
How SSL Works in an Oracle Environment: The SSL Handshake......Page 122
About Public Key Cryptography......Page 123
Certificate Revocation Lists......Page 124
Hardware Security Modules......Page 125
How SSL Works with Other Authentication Methods......Page 126
SSL and Firewalls......Page 127
SSL Usage Issues......Page 128
Step 1: Confirm Wallet Creation on the Server......Page 129
Step 2: Specify the Database Wallet Location on the Server......Page 130
Step 3: Set the SSL Cipher Suites on the Server (Optional)......Page 131
Step 5: Set SSL Client Authentication on the Server (Optional)......Page 133
Step 6: Set SSL as an Authentication Service on the Server (Optional)......Page 134
Step 1: Confirm Client Wallet Creation......Page 135
Step 2: Configure Oracle Net Service Name to Include Server DNs and Use TCP/IP with SSL on the Client......Page 136
Step 3: Specify Required Client SSL Configuration (Wallet Location)......Page 137
Step 4: Set the Client SSL Cipher Suites (Optional)......Page 138
Step 6: Set SSL as an Authentication Service on the Client (Optional)......Page 140
Troubleshooting SSL......Page 141
How CRL Checking Works......Page 144
Configuring Certificate Validation with Certificate Revocation Lists......Page 145
Certificate Revocation List Management......Page 147
Renaming CRLs with a Hash Value for Certificate Validation......Page 148
Listing CRLs Stored in Oracle Internet Directory......Page 149
Deleting CRLs from Oracle Internet Directory......Page 150
Oracle Net Tracing File Error Messages Associated with Certificate Validation......Page 151
General Guidelines for Using Hardware Security Modules with Oracle Advanced Security......Page 153
About Installing an nCipher Hardware Security Module......Page 154
Error Messages Associated with Using Hardware Security Modules......Page 155
Oracle Wallet Manager Overview......Page 157
Options Supported:......Page 158
Multiple Certificate Support......Page 159
LDAP Directory Support......Page 161
How to Create a Complete Wallet: Process Overview......Page 162
Required Guidelines for Creating Wallet Passwords......Page 163
Creating a Wallet to Store Hardware Security Module Credentials......Page 164
Opening an Existing Wallet......Page 165
Exporting Oracle Wallets to Tools that Do Not Support PKCS #12......Page 166
Downloading a Wallet from an LDAP Directory......Page 167
Saving the Open Wallet to a New Location......Page 168
Changing the Password......Page 169
Managing Certificates......Page 170
Adding a Certificate Request......Page 171
To import the user certificate from the text of the Certificate Authority's e-mail......Page 173
Importing Certificates and Wallets Created by Third Parties......Page 174
Removing a User Certificate from a Wallet......Page 175
Managing Trusted Certificates......Page 176
Removing a Trusted Certificate......Page 177
Exporting All Trusted Certificates......Page 178
Disabling Oracle Advanced Security Authentication......Page 179
Configuring Multiple Authentication Methods......Page 180
Setting the SQLNET.AUTHENTICATION_SERVICES Parameter in sqlnet.ora......Page 181
Setting OS_AUTHENT_PREFIX to a Null Value......Page 182
Part IV Appendixes......Page 185
Sample sqlnet.ora File......Page 187
Data Encryption and Integrity Parameters......Page 188
SQLNET.ENCRYPTION_SERVER Parameter......Page 189
SQLNET.ENCRYPTION_TYPES_SERVER Parameter......Page 190
SQLNET.ENCRYPTION_TYPES_CLIENT Parameter......Page 191
Seeding the Random Key Generator (Optional)......Page 192
sqlnet.ora File Parameters......Page 195
SQLNET.RADIUS_AUTHENTICATION_RETRIES......Page 196
SQLNET.RADIUS_ALTERNATE_PORT......Page 197
SQLNET.RADIUS_AUTHENTICATION_INTERFACE......Page 198
SSL Authentication Parameters......Page 199
Supported SSL Cipher Suites......Page 200
SSL Client Authentication Parameters......Page 201
SSL_SERVER_CERT_DN......Page 202
Wallet Location......Page 203
Customizing the RADIUS Challenge-Response User Interface......Page 205
Configuration Parameters......Page 207
Cryptographic Seed Value......Page 208
Status Information......Page 209
Physical Security......Page 210
Configuring FIPS Parameter......Page 211
Verifying FIPS Connections......Page 212
orapki Utility Syntax......Page 215
Creating and Viewing Oracle Wallets with orapki......Page 216
Adding Certificates and Certificate Requests to Oracle Wallets with orapki......Page 217
Exporting Certificates and Certificate Requests from Oracle Wallets with orapki......Page 218
orapki Usage Examples......Page 219
Syntax......Page 221
Purpose......Page 222
orapki crl list......Page 223
orapki wallet add......Page 224
Syntax......Page 225
Syntax......Page 226
Enhanced X.509-Based Authentication and Single Sign-On......Page 227
Entrust Authority for Oracle......Page 228
Entrust Authority IPSec Negotiator Toolkit......Page 229
Administrator-Created Entrust Profiles......Page 230
Configuring Entrust on the Client......Page 231
Configuring Entrust on a UNIX Server......Page 232
Configuring Entrust on a Windows Server......Page 233
Logging Into the Database Using Entrust-Enabled SSL......Page 234
Error Messages Returned When Running Entrust on Any Platform......Page 235
Error Messages Returned When Running Entrust on Windows Platforms......Page 236
Checklist for Entrust Installations on Windows......Page 238
Glossary......Page 241
E......Page 261
L......Page 262
R......Page 263
S......Page 264
X......Page 265