Oracle Database B10772-01 Manuale Utente Pagina 108
- Pagina / 518
- Indice
- RISOLUZIONE PROBLEMI
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
How To Configure Data Encryption and Integrity
3-6 Oracle Database Advanced Security Administrator's Guide
About Activating Encryption and Integrity
In any network connection, it is possible for both the client and server to each
support more than one encryption algorithm and more than one integrity
algorithm. When a connection is made, the server selects which algorithm to use, if
any, from those algorithms speciļ¬ed in the sqlnet.ora ļ¬les.
The server searches for a match between the algorithms available on both the client
and the server, and picks the ļ¬rst algorithm in its own list that also appears in the
client list. If one side of the connection does not specify an algorithm list, all the
algorithms installed on that side are acceptable. The connection fails with error
message ORA-12650 if either side speciļ¬es an algorithm that is not installed.
Encryption and integrity parameters are deļ¬ned by modifying a sqlnet.ora ļ¬le on
the clients and the servers on the network.
You can choose to conļ¬gure any or all of the available Oracle Advanced Security
encryption algorithms (Table 3ā2), and either or both of the available integrity
algorithms (Table 3ā3). Only one encryption algorithm and one integrity algorithm
are used for each connect session.
About Negotiating Encryption and Integrity
To negotiate whether to turn on encryption or integrity, you can specify four
possible values for the Oracle Advanced Security encryption and integrity
conļ¬guration parameters. The four values are listed in the order of increasing
security. The value REJECTED provides the minimum amount of security between
client and server communications, and the value REQUIRED provides the maximum
amount of network security:
ā REJECTED
ā ACCEPTED
Note: Oracle Advanced Security selects the ļ¬rst encryption
algorithm andthe ļ¬rst integrity algorithm enabledon the client and
the server. Oracle Corporation recommends that you select
algorithms and key lengths in the order in which you prefer
negotiation, choosing the strongest key length ļ¬rst.
See Also: Appendix A, "Data Encryption and Integrity
Parameters"
- Database 1
- Contents 5
- Advanced Security 10
- Part V Appendixes 13
- B Authentication Parameters 13
- E orapki Utility 14
- Glossary 16
- List of Figures 18
- List of Tables 21
- Send Us Your Comments 23
- ā Organization 25
- ā Related Documentation 25
- ā Conventions 25
- ā Documentation Accessibility 25
- ā Audience 25
- Audience 26
- Organization 26
- Related Documentation 29
- Conventions 31
- Conventions in Code Examples 32
- Documentation Accessibility 36
- ā Tool Changes 40
- ā Common Security Threats 46
- Common Security Threats 47
- Password-Related Threats 48
- Data Encryption 49
- Data Integrity 51
- Strong Authentication 52
- ā Entrust/PKI 54
- ā Smart Cards 55
- ā Token Cards 55
- ā DCE Communication/Security 55
- Enterprise User Management 57
- Overview 63
- Oracle Net Manager 64
- ā Other Params Property Sheet 66
- ā Integrity Property Sheet 66
- ā Encryption Property Sheet 66
- ā SSL Property Sheet 66
- Oracle Wallet Manager 68
- ā Members of the group 89
- ā Edit history for the group 89
- User Migration Utility 95
- About Encryption 104
- Advanced Encryption Standard 104
- DES Algorithm Support 104
- Triple-DES Support 104
- DES40 Algorithm 105
- See Also: 106
- Authentication Key Fold-in 107
- ā REJECTED 108
- ā ACCEPTED 108
- REJECTED 109
- ACCEPTED 109
- REQUESTED 109
- REQUIRED 109
- ā REQUESTED 112
- ā REQUIRED 112
- ā On the server: 113
- ā On the client: 113
- About the Java Implementation 117
- Securing Thin JDBC 118
- Implementation Overview 119
- Obfuscation 119
- Conļ¬guration Parameters 120
- Configuration Parameters 121
- Part III 123
- RADIUS Overview 125
- RADIUS Authentication Modes 127
- ā Change Default Settings 137
- ā Conļ¬gure Challenge-Response 137
- ā Troubleshooting 149
- Task 1: Install Kerberos 150
- ā Credential Cache File 155
- ā Conļ¬guration File 155
- ā Realm Translation File 155
- ā Key Table 155
- ā Clock Skew 155
- /krb5/krb.conf 157
- /etc/v5srvtab 157
- Domain Controller KDC 162
- Oracle Client 163
- Controller KDC 165
- Troubleshooting 166
- Authentication 167
- ā About Using SSL 168
- About Using SSL 169
- About Public Key Cryptography 171
- Certificate Authority 172
- Certificates 172
- Certificate Revocation Lists 173
- Hardware security modules 174
- SSL and Firewalls 178
- SSL Usage Issues 180
- Enabling SSL 181
- Important: 182
- (Figure 7ā3): 185
- TCP/IP with SSL on the Client 190
- Troubleshooting SSL 197
- What CRLs Should You Use? 201
- How CRL Checking Works 202
- Checking Selected 204
- Displaying orapki Help 207
- 1. File system 212
- 2. Oracle Internet Directory 212
- 3. CRL DP 212
- Security 214
- ā (UNIX) /opt/nfast 216
- ā (Windows) C:\nfast 216
- /log/logfile 218
- Using Oracle Wallet Manager 219
- Wallet Password Management 220
- Strong Wallet Encryption 221
- Backward Compatibility 221
- Multiple Certiļ¬cate Support 222
- LDAP Directory Support 225
- Managing Wallets 227
- Creating a New Wallet 228
- Opening an Existing Wallet 231
- Closing a Wallet 231
- Importing Third-Party Wallets 231
- Saving Changes 235
- Saving in System Default 235
- Deleting the Wallet 236
- Changing the Password 236
- Using Auto Login 237
- Managing Certiļ¬cates 238
- Adding a Certificate Request 239
- Managing Certificates 240
- Exporting a User Certificate 242
- Managing Trusted Certiļ¬cates 243
- % sqlplus scott/tiger@emp 248
- System Requirements 256
- DCE Communication/Security 257
- Flexible DCE Deployment 258
- Release Limitations 258
- Integration 262
- Task 1: Conļ¬gure the Server 263
- Task 5: Conļ¬gure the Client 270
- Parameters in protocol.ora 271
- DCE.AUTHENTICATION 271
- DCE.PROTECTION 271
- DCE.TNS_ADDRESS_OID 272
- DCE.LOCAL_CELL_USERNAMES 272
- Starting the Listener 277
- Sample Parameter Files 279
- The listener.ora File 280
- The tnsnames.ora File 281
- Enterprise User Security 283
- About Enterprise User Schemas 292
- Enterprise Users 295
- Enterprise Roles 296
- Enterprise Domains 298
- Database Server Entries 299
- OracleDBCreators 300
- OracleContextAdmins 300
- OracleDBSecurityAdmins 300
- OracleUserSecurityAdmins 300
- Administrative Groups 301
- ā By a password 307
- ā GLOBALLY 307
- ā EXTERNALLY 307
- Typical Configurations 312
- Tasks and Troubleshooting 313
- ā Register databases 318
- Directory 323
- 3. Click Apply 332
- SQL> /@connect_identifier 336
- NO-GLOBAL-ROLES Checklist 345
- USER-SCHEMA ERROR Checklist 346
- DOMAIN-READ-ERROR Checklist 347
- ā Enterprise domains 352
- ā Enterprise roles 352
- ā Enterprise users 352
- Management Realm 356
- Creating New Enterprise Users 359
- ā Directory logon 361
- ā All (the default setting) 369
- ā Password 369
- ā SSL (PKI certiļ¬cates) 369
- ā Kerberos 369
- Dialog Box 374
- Appendixes 383
- Sample sqlnet.ora File 385
- Kerberos 386
- SQLNET.ENCRYPTION_SERVER 388
- SQLNET.ENCRYPTION_CLIENT 388
- SQLNET.CRYPTO_CHECKSUM_SERVER 389
- SQLNET.CRYPTO_CHECKSUM_CLIENT 389
- ā MD5: Message Digest 5 392
- Authentication Parameters 395
- SQLNET.RADIUS_AUTHENTICATION 396
- SQLNET.RADIUS_SEND_ACCOUNTING 397
- SQLNET.RADIUS_SECRET 398
- SQLNET.RADIUS_ALTERNATE 398
- SQLNET.RADIUS_ALTERNATE_PORT 398
- Minimum RADIUS Parameters 400
- SSL Authentication Parameters 401
- Cipher Suite Parameters 402
- SSL Version Parameters 403
- Wallet Location 406
- Settings 409
- Cryptographic Seed Value 411
- FIPS Parameter 411
- Post Installation Checks 412
- Status Information 412
- Physical Security 413
- ā orapki Utility Overview 415
- /private/lhale/cert.txt 416
- To view a certiļ¬cate: 417
- <certificate_filename> 420
- Prerequisites 422
- [-summary 423
- Creating Entrust Proļ¬les 434
- User-Created Entrust Profiles 435
- Phase Two? 452
- Migration Process 453
- Required Database Privileges 454
- Required Directory Privileges 455
- Keyword: HELP 458
- Keyword: PHASE 458
- Keyword: DBLOCATION 458
- Keyword: DIRLOCATION 459
- Keyword: DBADMIN 459
- Keyword: ENTADMIN 460
- Keyword: USERS 460
- Keyword: USERSLIST 461
- Keyword: USERSFILE 461
- Keyword: MAPSCHEMA 462
- Keyword: MAPTYPE 463
- Keyword: CASCADE 464
- Keyword: CONTEXT 464
- Keyword: LOGFILE 465
- Keyword: PARFILE 465
- DBADMIN=system:manager 469
- DIRLOCATION=machine2:636 469
- Glossary-2 484
- Glossary-3 485
- Glossary-4 486
- Glossary-5 487
- Glossary-6 488
- Glossary-7 489
- Glossary-8 490
- Glossary-9 491
- Glossary-10 492
- Glossary-11 493
- Glossary-12 494
- Glossary-13 495
- Glossary-14 496
- Glossary-15 497
- Glossary-16 498
- Glossary-17 499
- Glossary-18 500
- Glossary-19 501
- Glossary-20 502
- Glossary-21 503
- Glossary-22 504
- Glossary-23 505
- Glossary-24 506
- Glossary-25 507
- Glossary-26 508
- Index-10 518
Prodotti e manuali riguardandi Software di database Oracle Database B10772-01
(94 pagine)Ā© 2020, manymanuals.it. Tutti i diritti riservati | 0.056 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale