C Copyright © 2007, Oracle. All rights reserved. Security New Features.

Slides:



Advertisements
Similar presentations
The following is intended to outline our general product direction
Advertisements

18 Copyright © Oracle Corporation, All rights reserved. Transporting Data Between Databases.
Oracle Database Security
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Backup The flip side of recovery. Types of Failures Transaction failure –Transaction must be aborted System failure –Hardware or software problem resulting.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
15 Copyright © 2006, Oracle. All rights reserved. Database Security.
Administering User Security
Configuring Recovery Manager
4 Copyright © 2008, Oracle. All rights reserved. Configuring Backup Specifications.
9 Copyright © Oracle Corporation, All rights reserved. Oracle Recovery Manager Overview and Configuration.
Database Security Managing Users and Security Models.
Module 8: Implementing Administrative Templates and Audit Policy.
Oracle TDE -11gR2.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
11 Copyright © 2004, Oracle. All rights reserved. Oracle Database Security.
14 Copyright © Oracle Corporation, All rights reserved. Managing Password Security and Resources.
CHAPTER 6 Users and Basic Security. Progression of Steps for Creating a Database Environment 1. Install Oracle database binaries (Chapter 1) 2. Create.
5 Copyright © 2008, Oracle. All rights reserved. Using RMAN to Create Backups.
Cao Tiến Đức. Outline What is TDE How TDE works Basic TDE operations Tablespace encryption HSM Reference.
15 Copyright © 2005, Oracle. All rights reserved. Performing Database Backups.
9 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 4 Profiles, Password Policies, Privileges, and Roles.
Profiles, Password Policies, Privileges, and Roles
The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.
16 Copyright © Oracle Corporation, All rights reserved. Managing Privileges.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Transparent Data Encryption
17 Copyright © Oracle Corporation, All rights reserved. Recovery Catalog Creation and Maintenance.
Managing users and security Akhtar Ali. Aims Understand and manage profiles Understand and manage users Understand and manage privileges Understand and.
3 Copyright © 2009, Oracle. All rights reserved. Creating an Oracle Database Using DBCA.
File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 11: Managing Access to File System Resources.
Module 1: Implementing Active Directory ® Domain Services.
Database Role Activity. DB Role and Privileges Worksheet.
3 Copyright © 2004, Oracle. All rights reserved. Controlling Access to the Oracle Listener.
Database Security. Multi-user database systems like Oracle include security to control how the database is accessed and used for example security Mechanisms:
Module 7: Implementing Security Using Group Policy.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Module 10: Implementing Administrative Templates and Audit Policy.
Data Confidentiality Oracle Security Do Tri Tuc
SQL Server 2005 Implementation and Maintenance Chapter 6: Security and SQL Server 2005.
Oracle 11g: SQL Chapter 7 User Creation and Management.
2 Copyright © 2006, Oracle. All rights reserved. Configuring Recovery Manager.
7 Copyright © 2007, Oracle. All rights reserved. Administering User Security.
8 Copyright © 2007, Oracle. All rights reserved. Using RMAN to Duplicate a Database.
3 Copyright © 2007, Oracle. All rights reserved. Using the RMAN Recovery Catalog.
11 Copyright © 2007, Oracle. All rights reserved. Implementing Oracle Database Security.
Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group
10 Copyright © 2007, Oracle. All rights reserved. Using RMAN Enhancements.
20 Copyright © 2006, Oracle. All rights reserved. Best Practices and Operational Considerations.
8 Copyright © 2007, Oracle. All rights reserved. Implementing SecureFile LOBs.
9 Copyright © 2004, Oracle. All rights reserved. Getting Started with Oracle Migration Workbench.
SQL Server Encryption Ben Miller Blog:
15 Copyright © Oracle Corporation, All rights reserved. Managing Users.
ORACLE's Approach ORALCE uses a proprietary mechanism for security. They user OLS.... ORACLE Labeling Security. They do data confidentiality They do adjudication.
19 Copyright © 2008, Oracle. All rights reserved. Security.
6 Copyright © 2005, Oracle. All rights reserved. Administering User Security.
Managing Privileges.
Chapter 5 : Designing Windows Server-Level Security Processes
Mike Furgal Director – DB and Pro2 Services March 20th, 2017
Transparent Data Encryption (TDE)
Lesson 16-Windows NT Security Issues
Managing Privileges.
Presentation transcript:

C Copyright © 2007, Oracle. All rights reserved. Security New Features

Copyright © 2007, Oracle. All rights reserved. C - 2 Objectives After completing this lesson, you should be able to: Configure the password file to use case-sensitive passwords Encrypt a tablespace Configure fine-grained access to network services

Copyright © 2007, Oracle. All rights reserved. C - 3 Secure Password Support Passwords in Oracle Database 11g: –Are case-sensitive –Contain more characters –Use more secure hash algorithm –Use salt in the hash algorithm Usernames are still Oracle identifiers (up to 30 characters, non-case-sensitive)

Copyright © 2007, Oracle. All rights reserved. C - 4 Automatic Secure Configuration Default password profile Default auditing Built-in password complexity checking

Copyright © 2007, Oracle. All rights reserved. C - 5 Password Configuration By default: –Default password profile is enabled –Account is locked after 10 failed login attempts In upgrade: –Passwords are non-case-sensitive until changed –Passwords become case-sensitive when the ALTER USER command is used On creation: –Passwords are case-sensitive

Copyright © 2007, Oracle. All rights reserved. C - 6 Enable Built-in Password Complexity Checker Execute the utlpwdmg.sql script to create the password verify function: Alter the default profile: ALTER PROFILE DEFAULT LIMIT PASSWORD_VERIFY_FUNCTION verify_function_11g; SQL> CONNECT / as SYSDBA

Copyright © 2007, Oracle. All rights reserved. C - 7 Managing Default Audits Review audit logs: –Default audit options cover important security privileges Archive audit records –Export –Copy to another table Remove archived audit records

Copyright © 2007, Oracle. All rights reserved. C - 8 Notes only

Copyright © 2007, Oracle. All rights reserved. C - 9 Adjust Security Settings Need Beta 5 Screenshot

Copyright © 2007, Oracle. All rights reserved. C - 10 Setting Security Parameters Use case-sensitive passwords SEC_SEC_CASE_SENSITIVE_LOGON Protect against DoS attacks SEC_PROTOCOL_ERROR_FURTHER_ACTION SEC_PROTOCOL_ERROR_TRACE_ACTION Protect against brute force attacks SEC_MAX_FAILED_LOGIN_ATTEMPTS

Copyright © 2007, Oracle. All rights reserved. C - 11 Notes only page

Copyright © 2007, Oracle. All rights reserved. C - 12 Setting Database Administrator Authentication Use password file with case-sensitive passwords. Enable strong authentication for administrator roles: –Grant the administrator role in OID. –Use Kerberos tickets. –Use certificates with SSL.

Copyright © 2007, Oracle. All rights reserved. C - 13 Set Up Directory Authentication for Administrative Users 1.Create the user in the directory. 2.Grant the SYSDBA or SYSOPER enterprise role to user. 3.Set the LDAP_DIRECTORY_SYSAUTH parameter in the database. 4.Check whether the LDAP_DIRECTORY_ACCESS parameter is set to PASSWORD or SSL. 5.Test the connection. $sqlplus AS SYSDBA

Copyright © 2007, Oracle. All rights reserved. C - 14 Set Up Kerberos Authentication for Administrative Users 1.Create the user in the Kerberos domain. 2.Configure OID for Kerberos authentication. 3.Grant the SYSDBA or SYSOPER enterprise role to the user in OID. 4.Set the LDAP_DIRECTORY_SYSAUTH parameter in the database. 5.Set the LDAP_DIRECTORY_ACCESS parameter. 6.Test the connection. $sqlplus AS SYSDBA

Copyright © 2007, Oracle. All rights reserved. C - 15 Set Up SSL Authentication for Administrative Users 1.Configure client to use SSL. 2.Configure server to use SSL. 3.Configure OID for SSL user authentication. 4.Grant SYSOPER or SYSDBA to the user. 5.Set the LDAP_DIRECTORY_SYSAUTH parameter in the database. 6.Test the connection. $sqlplus AS SYSDBA

Copyright © 2007, Oracle. All rights reserved. C - 16 Notes only page

Copyright © 2007, Oracle. All rights reserved. C - 17 Transparent Data Encryption New features in TDE include: Tablespace Encryption Support for LogMiner Support for Logical Standby Support for Streams Support for Asynchronous Change Data Capture Hardware-based master key protection

Copyright © 2007, Oracle. All rights reserved. C - 18 Using Tablespace Encryption Create an encrypted tablespace. 1.Create or open the encryption wallet: 2.Create a tablespace with the encryption keywords: SQL> ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY "welcome1"; SQL> CREATE TABLESPACE encrypt_ts 2> DATAFILE '$ORACLE_HOME/dbs/encrypt.dat' SIZE 100M 3> ENCRYPTION USING '3DES168' 4> DEFAULT STORAGE (ENCRYPT);

Copyright © 2007, Oracle. All rights reserved. C - 19 TDE and LogMiner LogMiner supports TDE-encrypted columns. Restrictions: –The wallet holding the TDE master keys must be open. –Hardware Security Modules are not supported. –User-held keys are not supported.

Copyright © 2007, Oracle. All rights reserved. C - 20 TDE and Logical Standby Logical standby database with TDE: Wallet on the standby is a copy of the wallet on the primary. Master key may be changed only on the primary. Wallet open and close commands are not replicated. Table key may be changed on the standby. Table encryption algorithm may be changed on the standby.

Copyright © 2007, Oracle. All rights reserved. C - 21 TDE and Streams Oracle Streams now provides the ability to transparently: Decrypt values protected by TDE for filtering and processing Reencrypt values so that they are never in clear text while on disk Apply StagingCapture

Copyright © 2007, Oracle. All rights reserved. C - 22 Hardware Security Module Hardware Security Module Database server Client Encrypt and decrypt operations are performed on the hardware security module. Encrypted data

Copyright © 2007, Oracle. All rights reserved. C - 23 Using a Hardware Security Module with TDE 1.Configure sqlnet.ora : 2.Copy the PKCS#11 library to the correct path. 3.Set up the HSM. 4.Generate a master encryption key for HSM-based encryption: 5.Ensure that the HSM is accessible. 6.Encrypt and decrypt data. ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=HSM) (METHOD_DATA= (DIRECTORY=/app/oracle/admin/SID1/wallet))) ALTER SYSTEM SET ENCRYPTION KEY IDENTIFIED BY user_Id:password

Copyright © 2007, Oracle. All rights reserved. C - 24 Encryption for LOB Columns LOB encryption is allowed only for SECUREFILE LOBs. All LOBs in the LOB column are encrypted. LOBs can be encrypted on per-column or per-partition basis. –Allows for the coexistence of SECUREFILE and BASICFILE LOBs CREATE TABLE test1 (doc CLOB ENCRYPT USING 'AES128') LOB(doc) STORE AS SECUREFILE (CACHE NOLOGGING );

Copyright © 2007, Oracle. All rights reserved. C - 25 Using Kerberos Enhancements Use stronger encryption algorithms (no action required). Interoperability between MS KDC and MIT KDC (no action required) Longer principal name: Convert a DB user to Kerberos user: CREATE USER KRBUSER IDENTIFIED EXTERNALLY AS ALTER USER DBUSER IDENTIFIED EXTERNALLY AS

Copyright © 2007, Oracle. All rights reserved. C - 26 Enterprise Manager Security Management Manage security through EM. Policy Manager replaced for: –Virtual Private Database –Application Context –Oracle Label Security Enterprise User Security pages added TDE pages added

Copyright © 2007, Oracle. All rights reserved. C - 27 Managing TDE with Enterprise Manager

Copyright © 2007, Oracle. All rights reserved. C - 28 Managing Tablespace Encryption with Enterprise Manager

Copyright © 2007, Oracle. All rights reserved. C - 29 Managing Virtual Private Database

Copyright © 2007, Oracle. All rights reserved. C - 30 Managing Label Security with Enterprise Manager

Copyright © 2007, Oracle. All rights reserved. C - 31 Managing Label Security with Oracle Internet Directory

Copyright © 2007, Oracle. All rights reserved. C - 32 Managing Enterprise Users with Enterprise Manager

Copyright © 2007, Oracle. All rights reserved. C - 33 Enterprise Manager Policy Trend

Copyright © 2007, Oracle. All rights reserved. C - 34 Managing Enterprise Users with Enterprise Manager

Copyright © 2007, Oracle. All rights reserved. C - 35 Oracle Audit Vault Enhancements Audit Vault enhancements to Streams: Harden Streams configuration DML/DDL capture on SYS and SYSTEM schemas Capture changes to SYS.AUD$ and SYS.FGA_LOG$

Copyright © 2007, Oracle. All rights reserved. C - 36 Using RMAN Security Enhancements Configure backup shredding: Using backup shredding: RMAN> CONFIGURE ENCRYPTION EXTERNAL KEY STORAGE ON; RMAN> DELETE FORCE;

Copyright © 2007, Oracle. All rights reserved. C - 37 Managing Fine-Grained Access to External Network Services 1.Create an ACL and its privileges: BEGIN DBMS_NETWORK_ACL_ADMIN.CREATE_ACL ( acl => 'us-oracle-com-permissions.xml', description => ‘Permissions for oracle network', principal => ‘SCOTT', is_grant => TRUE, privilege => 'connect'); END;

Copyright © 2007, Oracle. All rights reserved. C - 38 Managing Fine-Grained Access to External Network Services 2.Assign an ACL to one or more network hosts: BEGIN DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL ( acl => ‘us-oracle-com-permissions.xml', host => ‘*.us.oracle.com', lower_port => 80, upper_port => null); END

Copyright © 2007, Oracle. All rights reserved. C - 39 Summary In this lesson, you should have learned how to: Configure the password file to use case-sensitive passwords Encrypt a tablespace Configure fine-grained access to network services

Copyright © 2007, Oracle. All rights reserved. C - 40 Practice 14: Overview This practice covers the following topics: Changing the use of case-sensitive passwords Implementing a password complexity function Encrypting a tablespace

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.