Oracle Database B10772-01 Manuale Utente Pagina 170
- Pagina / 518
- Indice
- RISOLUZIONE PROBLEMI
- SEGNALIBRI
Valutato. / 5. Basato su recensioni clienti
SSL and TLS in an Oracle Environment
7-4 Oracle Database Advanced Security Administrator's Guide
How SSL Works in an Oracle Environment: The SSL Handshake
When a network connection over SSL is initiated, the client and server perform an
SSL handshake that includes the following steps:
■ The client and server establish which cipher suites to use. This includes which
encryption algorithms are used for data transfers.
■ The server sends its certificate to the client, and the client verifies that the
server's certificate was signed by a trusted CA. This step verifies the identity of
the server.
■ Similarly, if client authentication is required, the client sends its own certificate
to the server, and the server verifies that the client's certificate was signed by a
trusted CA.
■ The client and server exchange key information using public key cryptography.
Based on this information, each generates a session key. All subsequent
communications between the client and the server is encrypted and decrypted
by using this set of session keys and the negotiated cipher suite.
The authentication process consists of the following steps:
1. On a client, the user initiates an Oracle Net connection to the server by using
SSL.
2. SSL performs the handshake between the client and the server.
3. If the handshake is successful, the server verifies that the user has the
appropriate authorization to access the database.
- Database 1
- Contents 5
- Advanced Security 10
- Part V Appendixes 13
- B Authentication Parameters 13
- E orapki Utility 14
- Glossary 16
- List of Figures 18
- List of Tables 21
- Send Us Your Comments 23
- ■ Organization 25
- ■ Related Documentation 25
- ■ Conventions 25
- ■ Documentation Accessibility 25
- ■ Audience 25
- Audience 26
- Organization 26
- Related Documentation 29
- Conventions 31
- Conventions in Code Examples 32
- Documentation Accessibility 36
- ■ Tool Changes 40
- ■ Common Security Threats 46
- Common Security Threats 47
- Password-Related Threats 48
- Data Encryption 49
- Data Integrity 51
- Strong Authentication 52
- ■ Entrust/PKI 54
- ■ Smart Cards 55
- ■ Token Cards 55
- ■ DCE Communication/Security 55
- Enterprise User Management 57
- Overview 63
- Oracle Net Manager 64
- ■ Other Params Property Sheet 66
- ■ Integrity Property Sheet 66
- ■ Encryption Property Sheet 66
- ■ SSL Property Sheet 66
- Oracle Wallet Manager 68
- ■ Members of the group 89
- ■ Edit history for the group 89
- User Migration Utility 95
- About Encryption 104
- Advanced Encryption Standard 104
- DES Algorithm Support 104
- Triple-DES Support 104
- DES40 Algorithm 105
- See Also: 106
- Authentication Key Fold-in 107
- ■ REJECTED 108
- ■ ACCEPTED 108
- REJECTED 109
- ACCEPTED 109
- REQUESTED 109
- REQUIRED 109
- ■ REQUESTED 112
- ■ REQUIRED 112
- ■ On the server: 113
- ■ On the client: 113
- About the Java Implementation 117
- Securing Thin JDBC 118
- Implementation Overview 119
- Obfuscation 119
- Configuration Parameters 120
- Configuration Parameters 121
- Part III 123
- RADIUS Overview 125
- RADIUS Authentication Modes 127
- ■ Change Default Settings 137
- ■ Configure Challenge-Response 137
- ■ Troubleshooting 149
- Task 1: Install Kerberos 150
- ■ Credential Cache File 155
- ■ Configuration File 155
- ■ Realm Translation File 155
- ■ Key Table 155
- ■ Clock Skew 155
- /krb5/krb.conf 157
- /etc/v5srvtab 157
- Domain Controller KDC 162
- Oracle Client 163
- Controller KDC 165
- Troubleshooting 166
- Authentication 167
- ■ About Using SSL 168
- About Using SSL 169
- About Public Key Cryptography 171
- Certificate Authority 172
- Certificates 172
- Certificate Revocation Lists 173
- Hardware security modules 174
- SSL and Firewalls 178
- SSL Usage Issues 180
- Enabling SSL 181
- Important: 182
- (Figure 7–3): 185
- TCP/IP with SSL on the Client 190
- Troubleshooting SSL 197
- What CRLs Should You Use? 201
- How CRL Checking Works 202
- Checking Selected 204
- Displaying orapki Help 207
- 1. File system 212
- 2. Oracle Internet Directory 212
- 3. CRL DP 212
- Security 214
- ■ (UNIX) /opt/nfast 216
- ■ (Windows) C:\nfast 216
- /log/logfile 218
- Using Oracle Wallet Manager 219
- Wallet Password Management 220
- Strong Wallet Encryption 221
- Backward Compatibility 221
- Multiple Certificate Support 222
- LDAP Directory Support 225
- Managing Wallets 227
- Creating a New Wallet 228
- Opening an Existing Wallet 231
- Closing a Wallet 231
- Importing Third-Party Wallets 231
- Saving Changes 235
- Saving in System Default 235
- Deleting the Wallet 236
- Changing the Password 236
- Using Auto Login 237
- Managing Certificates 238
- Adding a Certificate Request 239
- Managing Certificates 240
- Exporting a User Certificate 242
- Managing Trusted Certificates 243
- % sqlplus scott/tiger@emp 248
- System Requirements 256
- DCE Communication/Security 257
- Flexible DCE Deployment 258
- Release Limitations 258
- Integration 262
- Task 1: Configure the Server 263
- Task 5: Configure the Client 270
- Parameters in protocol.ora 271
- DCE.AUTHENTICATION 271
- DCE.PROTECTION 271
- DCE.TNS_ADDRESS_OID 272
- DCE.LOCAL_CELL_USERNAMES 272
- Starting the Listener 277
- Sample Parameter Files 279
- The listener.ora File 280
- The tnsnames.ora File 281
- Enterprise User Security 283
- About Enterprise User Schemas 292
- Enterprise Users 295
- Enterprise Roles 296
- Enterprise Domains 298
- Database Server Entries 299
- OracleDBCreators 300
- OracleContextAdmins 300
- OracleDBSecurityAdmins 300
- OracleUserSecurityAdmins 300
- Administrative Groups 301
- ■ By a password 307
- ■ GLOBALLY 307
- ■ EXTERNALLY 307
- Typical Configurations 312
- Tasks and Troubleshooting 313
- ■ Register databases 318
- Directory 323
- 3. Click Apply 332
- SQL> /@connect_identifier 336
- NO-GLOBAL-ROLES Checklist 345
- USER-SCHEMA ERROR Checklist 346
- DOMAIN-READ-ERROR Checklist 347
- ■ Enterprise domains 352
- ■ Enterprise roles 352
- ■ Enterprise users 352
- Management Realm 356
- Creating New Enterprise Users 359
- ■ Directory logon 361
- ■ All (the default setting) 369
- ■ Password 369
- ■ SSL (PKI certificates) 369
- ■ Kerberos 369
- Dialog Box 374
- Appendixes 383
- Sample sqlnet.ora File 385
- Kerberos 386
- SQLNET.ENCRYPTION_SERVER 388
- SQLNET.ENCRYPTION_CLIENT 388
- SQLNET.CRYPTO_CHECKSUM_SERVER 389
- SQLNET.CRYPTO_CHECKSUM_CLIENT 389
- ■ MD5: Message Digest 5 392
- Authentication Parameters 395
- SQLNET.RADIUS_AUTHENTICATION 396
- SQLNET.RADIUS_SEND_ACCOUNTING 397
- SQLNET.RADIUS_SECRET 398
- SQLNET.RADIUS_ALTERNATE 398
- SQLNET.RADIUS_ALTERNATE_PORT 398
- Minimum RADIUS Parameters 400
- SSL Authentication Parameters 401
- Cipher Suite Parameters 402
- SSL Version Parameters 403
- Wallet Location 406
- Settings 409
- Cryptographic Seed Value 411
- FIPS Parameter 411
- Post Installation Checks 412
- Status Information 412
- Physical Security 413
- ■ orapki Utility Overview 415
- /private/lhale/cert.txt 416
- To view a certificate: 417
- <certificate_filename> 420
- Prerequisites 422
- [-summary 423
- Creating Entrust Profiles 434
- User-Created Entrust Profiles 435
- Phase Two? 452
- Migration Process 453
- Required Database Privileges 454
- Required Directory Privileges 455
- Keyword: HELP 458
- Keyword: PHASE 458
- Keyword: DBLOCATION 458
- Keyword: DIRLOCATION 459
- Keyword: DBADMIN 459
- Keyword: ENTADMIN 460
- Keyword: USERS 460
- Keyword: USERSLIST 461
- Keyword: USERSFILE 461
- Keyword: MAPSCHEMA 462
- Keyword: MAPTYPE 463
- Keyword: CASCADE 464
- Keyword: CONTEXT 464
- Keyword: LOGFILE 465
- Keyword: PARFILE 465
- DBADMIN=system:manager 469
- DIRLOCATION=machine2:636 469
- Glossary-2 484
- Glossary-3 485
- Glossary-4 486
- Glossary-5 487
- Glossary-6 488
- Glossary-7 489
- Glossary-8 490
- Glossary-9 491
- Glossary-10 492
- Glossary-11 493
- Glossary-12 494
- Glossary-13 495
- Glossary-14 496
- Glossary-15 497
- Glossary-16 498
- Glossary-17 499
- Glossary-18 500
- Glossary-19 501
- Glossary-20 502
- Glossary-21 503
- Glossary-22 504
- Glossary-23 505
- Glossary-24 506
- Glossary-25 507
- Glossary-26 508
- Index-10 518
Prodotti e manuali riguardandi Software di database Oracle Database B10772-01
(94 pagine)© 2020, manymanuals.it. Tutti i diritti riservati | 0.024 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commenti su questo manuale