Skip Headers

Oracle® Security Overview
10g Release 1 (10.1)

Part Number B10777-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Feedback

Go to next page
Next
View PDF

Contents

Title and Copyright Information

Send Us Your Comments

Preface

Audience
Documentation Accessibility
Organization
Related Documentation
Conventions

Part I Security Challenges

1 Data Security Challenges

Top Security Myths
Understanding the Many Dimensions of System Security
Fundamental Data Security Requirements
Confidentiality
Privacy of Communications
Secure Storage of Sensitive Data
Authenticated Users
Granular Access Control
Integrity
Availability
Security Requirements in the Internet Environment
Promises and Problems of the Internet
Increased Data Access
Much More Valuable Data
Larger User Communities
Scalability
Manageability
Interoperability
Hosted Systems and Exchanges
A World of Data Security Risks
Data Tampering
Eavesdropping and Data Theft
Falsifying User Identities
Password-Related Threats
Unauthorized Access to Tables and Columns
Unauthorized Access to Data Rows
Lack of Accountability
Complex User Management Requirements
Multitier Systems
Scaling the Security Administration of Multiple Systems
A Matrix of Security Risks and Solutions
The System Security Team

Part II Technical Solutions to Security Risks

2 Protecting Data Within the Database

Introduction to Database Security Concepts
System and Object Privileges
System Privileges
Schema Object Privileges
Managing System and Object Privileges
Using Roles to Manage Privileges
Database Roles
Global Roles
Enterprise Roles
Secure Application Roles
Using Stored Procedures to Manage Privileges
Using Network Facilities to Manage Privileges
Using Views to Manage Privileges
Row Level Security
Complex and Dynamic Views
Application Query Rewrite: Virtual Private Database
Label-Based Access Control
Encrypting Data on the Server
Selective Encryption of Stored Data
Industry Standard Encryption Algorithms
Database Integrity Mechanisms
System Availability Factors
Secure Configuration Practices

3 Protecting Data in a Network Environment

Introduction to Data Protection in a Network Environment
Protecting Data During Transmission
Controlling Access Within the Network
Middle-Tier Connection Management
Native Network Capabilities (Valid Node Checking)
Database Enforced Network Access
Encrypting Data for Network Transmission
Encryption Algorithms
Data Integrity Checking
Secure Sockets Layer (SSL) Protocol
Firewalls
Ensuring Security in Three-Tier Systems
Proxy Authentication to Ensure Three-Tier Security
Java Database Connectivity (JDBC)
JDBC-Oracle Call Interface Driver
JDBC Thin Driver

4 Authenticating Users to the Database

Introduction to User Authentication
Passwords for Authentication
Strong Authentication
Kerberos and CyberSafe
RADIUS
Token Cards
Smart Cards
Distributed Computing Environment (DCE)
Biometrics
PKI and Certificate-Based Authentication
Proxy Authentication and Authorization
Single sign-on
Server-Based Single sign-on
Middle Tier Single Sign-On

5 Using and Deploying a Secure Directory

Introduction
Centralizing Shared Information with LDAP
Securing the Directory
Directory Authentication of Users
Password Protection in a Directory
Directory Access Controls and Authorization
Directory-Based Application Security
Authorization of Users
Authorization of Administrators
Administrative Roles in the Directory

6 Administering Enterprise User Security

Introduction
Enterprise Privilege Administration
Shared Schemas
Password-Authenticated Enterprise Users
Enterprise Roles
Multitier Authentication and Authorization
Single Sign-On

7 Auditing to Monitor System Security

Introduction
Fundamental Auditing Requirements
Robust, Comprehensive Auditing
Efficient Auditing
Customizable Auditing
Fine Grained, Extensible Auditing
Auditing in Multitier Application Environments

8 The Public Key Infrastructure Approach to Security

Introduction
Security Features of PKI
Components of PKI
Advantages of the PKI Approach
Public Key Cryptography and the Public Key/Private Key Pair
Secure Credentials: Certificate-Based Authentication in PKI
Certificates and Certificate Authorities
Certificate Authorities
Certificates
Authentication Methods Used with PKI
Secure Sockets Layer Authentication and X.509v3 Digital Certificates
Entrust/PKI Authentication
Storing Secure Credentials with PKI
Single Sign-On Using PKI
Network Security Using PKI

Part III Oracle Security Products

9 Oracle Security Products and Features

Oracle Standard Edition
Oracle Identity Management
Integrity
Data Integrity
Entity Integrity Enforcement
Referential Integrity
Authentication and Access Controls in Oracle
Privileges
Roles
Auditing
Views, Stored Program Units, Triggers
Data Encryption
High Availability
User Profiles
Online Backup and Recovery
Advanced Replication
Data Partitioning
Very High Availability with Real Application Clusters
Proxy Authentication in Oracle
Introduction
Support for Additional Protocols
Expanded Credential Proxy
Application User Proxy Authentication
Application Context in Oracle
How Application Context Facilitates Secure Fine-Grained Access Control
Application Context Accessed Locally
Application Context Initialized Externally
Application Context Initialized Globally
Application Context Accessed Globally
Oracle Enterprise Edition
Internet Scale Security Features
Deep Data Protection
Internet-Scale Security
Secure Hosting and Data Exchange
Application Security
Virtual Private Database in Oracle
Virtual Private Database
How Virtual Private Database Works
How Partitioned Fine-Grained Access Control Facilitates VPD
User Models and Virtual Private Database
Oracle Policy Manager
Secure Application Role
Fine-Grained Auditing
Oracle Auditing for Three-Tier Applications
Java Security Implementation in the Database
Class Execution
SecurityManager Class
Oracle Advanced Security
Introduction to Oracle Advanced Security
Network Security Services of Oracle Advanced Security
Oracle Net Services Native Encryption
Data Integrity Features of Oracle Advanced Security
Secure Sockets Layer (SSL) Encryption Capabilities
Oracle Advanced Security Support for SSL
Checksumming in Oracle Advanced Security SSL
Oracle Application Server Support for SSL
Java Encryption Features of Oracle Advanced Security
JDBC-OCI Driver
Thin JDBC
Secure Connections for Virtually Any Client
Oracle Java SSL
Strong Authentication Methods Supported by Oracle Advanced Security
Oracle Public Key Infrastructure-Based Authentication
Kerberos and CyberSafe with Oracle Advanced Security
RADIUS with Oracle Advanced Security
Token Cards with Oracle Advanced Security
Smart Cards with Oracle Advanced Security
Biometric Authentication with Oracle Advanced Security
Distributed Computing Environment (DCE) with Oracle Advanced Security
Single Sign-On Implementations in Oracle Advanced Security
Single Sign-On Configuration with Third-Party Products
PKI-Based Single Sign-On Configuration
Enterprise User Security Features of Oracle Advanced Security
Password-Authenticated Enterprise Users
Tools for Enterprise User Security
Shared Schemas in Oracle Advanced Security
Current User Database Links
Directory Integration
PKI Implementation in Oracle Advanced Security
Components of Oracle Public Key Infrastructure-Based Authentication
Secure Sockets Layer
Oracle Call Interface
Trusted Certificates
X.509 Version 3 Certificates
Oracle Wallets
Oracle Wallet Manager
Oracle Enterprise Login Assistant
Oracle Internet Directory
Oracle Enterprise Security Manager
PKI Integration and Interoperability
PKCS #12 Support
Wallets Stored in Oracle Internet Directory
Multiple Certificate Support
Strong Wallet Encryption
Oracle PKI Implementation Summary
Oracle Label Security
Oracle Internet Directory
Introduction to Oracle Internet Directory
LDAP Compliance
How Oracle Internet Directory is Implemented
How Oracle Internet Directory Organizes Enterprise User Management
Enterprise User Administration with Oracle Internet Directory
Shared Schemas with Oracle Internet Directory
Oracle Net Services
Components of Oracle Net Services
Oracle Net on the Client
Oracle Net on the Database Server
Oracle Protocol Support
Oracle Connection Manager
Protocol Conversion
Access Control
Session Multiplexing
Firewall Support with Oracle Net Services
Firewalls Using Oracle Connection Manager in an Intranet Environment
Firewalls Using Oracle Net Firewall Proxy in an Internet Environment
Valid Node Checking in Oracle Net Services
Database-Enforced VPD Network Access
Oracle Application Server
Oracle HTTP Server
Oracle Portal
Single Sign-On in Oracle Application Server
Web SSO Technology
Login Server
LDAP Integration
PKI Support
Multitier Integration
Oracle Single Sign-On Summary

Index