Friday, September 11, 2009

Oracle Advanced Security

Oracle introduced Advance Security option on 8.x onwards. It is only available with Enterprise Edition. Advance Security option will protect the network, if the hacker is using sniffer any other tools, ASO features will protect enterprise networks and securely extend corporate networks to the Internet. ASO formerly known as ANO.
Writing encryption/decryption on application side for each packet over the network is difficult task Using any sniffer the data can be captured via NIC, using oracle ASO will prevent the each packets routed NIC will be encrypted on server side and decrypted on client side.
Any oraganisation the biggest threat is hacking. As of now, most of the intruder within the organization only, since intruder knew the in and out of Infrastructure, it may be easy task to hack the informations. ASO can prevent some extend of the network hacking.

The ASO protects the the following area i.e
Data Privacy, Data Integriy,Authentication and Authorization.

What is data Privacy ?
Data Privacy to guarantee you that data is not disclosed during transmission of the packets via network.

What is data integrity?
The data should not be modified during the transmission of the packets.

What is Authorization?
It is the privileges to access the objects for a user.

What is Authentication?
It will be validated that users,hosts and clients identities are correctly known. It also ensure the Single Sign on.
ASO supports Connection Manager also.

The ASO supports the following authentication “SSL,RADIUS,Kerberos, Entrust,CyberSafe, SmartCards, TokenCards, Bull ISM, Biometric,etc”.
The ASO configured on sqlnet.ora of the client and as well as the Server.
The default list of algorithms is defined on a client is RC4_40, RC4_56
On server side RC4_40, RC4_56, RC4_128
The Installed Oracle Advanced Security option/Security products are:
DES40 40-bit encryption algorithm
DES 56-bit encryption algorithm
MD5 crypto-checksumming algorithm
How to configure the ASO:

On client machine sqlnet.ora or application server sqlnet.ora
sqlnet.encryption_client = required
sqlnet.encryption_types_client = (RC4_56)

On Server machine sqlnet.ora
sqlnet.encryption_server = required
sqlnet.encryption_types_server = (RC4_56)

One can find out the whether the encryptions are enabled or not setting the client or server sid sqlnet tracing.
Add on sqlnet.ora trace_level_client=16
Connect to sqlplus and execute this command select * from v$option.
ASO supported on 11g, the various encryptions are DES Encryption, RC4 Encryption , Triple-DES Encryption, Advanced Encryption Standard.
Oracle 11g supports now Secure Hash Algorithm (SHA-1)

License to be procured for ANO from Oracle.

No comments: