Содержание
- 2. Introduction This presentation describes introduction of data encryption into Oracle databases and how “Transparent Data Encryption”
- 3. Content Identification of threats Basic framework of Oracle security PCI requirements What is Encryption ? Encryption
- 4. Identification of Threats What are the Common Security Threats ? Eavesdropping and Data Theft Data Tampering
- 5. Basic Framework of Oracle Security Securing database during installation Securing user accounts Managing user privileges Auditing
- 6. PCI Requirements What is Payment Card Industry Data Security Standard (PCI DSS) ? Founded by American
- 7. The Core Elements of DSS Build and Maintain a Secure Network Protect Cardholder Data (encryption) Maintain
- 8. What is encryption ? Transformation of information using “encryption algorithm” into a form that can not
- 9. Two types of encryption: Symmetric key encryption Public-key (asymmetric key) encryption
- 10. Symmetric Key Encryption Method in which both the sender and receiver share the same key
- 12. Public Key Encryption The public key is freely distributed, while its paired private key remains secret
- 15. Encryption Algorithms Supported by Oracle RC4 DES (Oracle 8 and 9) 3DES (Oracle 10) AES (Oracle
- 16. DBMS_OBFUSCATION_TOOLKIT Introduced in Oracle 8i Uses DES algorithm
- 17. Syntax DBMS_OBFUSCATION_TOOLKIT.DES3Encrypt( input_string IN VARCHAR2, key_string IN VARCHAR2, which IN PLS_INTEGER DEFAULT TwoKeyMode iv_string IN VARCHAR2
- 18. Key Management Store the key in the database Store the key in the operating system Have
- 19. DBMS_CRYPTO Released in Oracle 10.1 Supports AES Provides automatic padding Different options for block chaining Support
- 20. Real Life Both packages are complicated to use Key management represents a problem Encryption / decryption
- 21. Transparent Data Encryption (TDE) Introduced in Oracle 10.2 – column encryption Enhanced in Oracle 11.1 -
- 22. How is TDE Implemented? 1 Setup Wallet and Master Key 2 Identify columns with sensitive data
- 23. Wallet Default wallet location $ORACLE_BASE/admin/$ORACLE_SID/wallet Alternative location specified in sqlnet.ora wallet_location encryption_wallet_location ewallet.p12 Created by creating
- 25. Wallet Maintenance To disable all encryption columns in database: alter system set encryption wallet close; Wallet
- 26. Wallet Backups Back up the wallet to a secure location (HSM), separately from the tape backups.
- 27. Column Encryption CREATE TABLE employee (name VARCHAR2(128), salary NUMBER(6) ENCRYPT); ALTER TABLE employee ADD (ssn VARCHAR2(11)
- 28. Salt CREATE TABLE employee (name VARCHAR2(128), empID NUMBER ENCRYPT NO SALT, salary NUMBER(6) ENCRYPT USING '3DES168');
- 29. Export / Import Must use Datapump expdp hr TABLES=emp DIRECTORY=dpump_dir DUMPFILE=dumpemp.dmp ENCRYPTION=ENCRYPTED_COLUMNS_ONLY ENCRYPTION_PASSWORD=pw2encrypt impdp hr TABLES=employee_data
- 30. Overheads 5 % – 35 % performance overhead Indexes are using encrypted values Each encrypted value
- 31. Incompatible Features Index types other than B-tree Range scan search through an index External large objects
- 32. TDE - Advantages Simple - can be done in four easy steps! Automatically encrypts database column
- 33. TDE - Disadvantages Will not use indexes where the search criteria requires a range scan “where
- 34. Data Dictionary Views DBA_ENCRYPTED_COLUMNS USER_ENCRYPTED_COLUMNS ALL_ENCRYPTED_COLUMNS V$RMAN_ENCRYPTION_ALGORITHMS V$ENCRYPTED_TABLESPACES V$ENCRYPTION_WALLET
- 35. Tablespace Encryption Compatibility = 11.0.0 or higher CREATE TABLESPACE encryptblspc DATAFILE '/u01/oradata/encryptblspc01.dbf‘ SIZE 200M ENCRYPTION USING
- 36. Considerations Great for encrypting whole tables Objects automatically created encrypted All data encrypted including data in
- 37. Transparent Data Encryption cont. Example
- 38. Encryption in Practice Not a solution to all security problems Represents only one layer of Oracle
- 39. This presentation explained: What is data encryption Why sensitive data should be secured using encryption Demonstrated
- 41. Скачать презентацию