Re: encryption
From: Hans Forbrich <fuzzy.graybeard_at_gmail.com>
Date: Tue, 19 Mar 2013 11:06:18 -0600
Message-ID: <51489B0A.4040400_at_gmail.com>
On 19/03/2013 10:44 AM, Zelli, Brian wrote:
> Ok, our "security" team is telling us we have to encrypt the databases. If people have sqlplus or sqldev access or what sucks is MS Access front ends to databases it would not be encrypted?
> Or would they need something on their machine to de-crypt?
>
As others have pointed out, the security team needs to define what they mean by 'encryption'.
Date: Tue, 19 Mar 2013 11:06:18 -0600
Message-ID: <51489B0A.4040400_at_gmail.com>
On 19/03/2013 10:44 AM, Zelli, Brian wrote:
> Ok, our "security" team is telling us we have to encrypt the databases. If people have sqlplus or sqldev access or what sucks is MS Access front ends to databases it would not be encrypted?
> Or would they need something on their machine to de-crypt?
>
As others have pointed out, the security team needs to define what they mean by 'encryption'.
Typically they mean 'on disk, whether in tablespace or in backup' - in which case you generally need Advanced Security Option (ASO) to get TDE.
If they mean 'in memory', that is, the blocks in memory must also be encrypted, you typically need DBMS_CRYPTO and en/decrypt at the client.
If they mean 'in transport across network while using SQLNet', then you typically want ASO but can also use SSH tunneling.
In any case, ask them to describe the reason in detail (including the cost of not doing so), as you will need to generate a business case to get the budget.
/Hans
-- http://www.freelists.org/webpage/oracle-lReceived on Tue Mar 19 2013 - 18:06:18 CET