Home -> Mailing Lists -> Oracle-L -> Re: Oracle Advanced Security and Redaction

Re: Oracle Advanced Security and Redaction

From: <rob_at_oraclewizard.com>
Date: Thu, 10 Mar 2016 14:50:36 +0000
Message-ID: <W212956263248791457621436_at_atl4webmail08> 





Tim, not it's not enough. redaction is to protect pii going across the network, but it is easily cracked with just connect privs. SQL Net encryption is a must, along with secure coding practices to protect against sql injection. If you are going to be a collaborate16, come to my holistic database security presentation, we go through attack surface, attack vectors and mitigations. -Rob





Robert P. LockardOracle ACEWinner of the 2015 Oracle Developers Choice Award for Database DesignPresident Oraclewizard.com, Inc.
"When given the choice between two evils, I always take the one I have not tried." Mae West


(cell) 571.276.4790 

(office) 410.766.6960 

(fax) 410.766.0332



twitter _at_navonpilot


youtube https://www.youtube.com/user/n4281k
blog: http://www.oraclewizard.com 


-----Original Message-----


From: Tim Gorman [mailto:tim_at_evdbt.com]
Sent: Thursday, March 10, 2016 09:38 AM


To: rob_at_oraclewizard.com, oracle-l_at_freelists.org
Subject: Re: Oracle Advanced Security and Redaction



 Are encryption and redaction enough to protect the full life-cycle of environments (i.e. prod, dev, test, train, patch, etc), or just production environments?



 In other words, once mechanisms for encryption (data at-rest and data-inflight) and/or redaction are implemented, is personally-identifiable information ("PII") protected across the board?






On 3/10/16 06:51, rob_at_oraclewizard.com wrote:



And from my Reading, it appears you need OAS to use redaction. -Rob




Oracle Advanced SecurityOracle Advanced Security helps you protect sensitive information and comply with various privacy and compliance regulations including breach notification laws and the Payment Card Industry Data Security Standard (PCI-DSS) by enabling encryption inside the database that is transparent to applications and enabling redaction of sensitive data before it leaves the database.
Oracle Advanced Security provides two primary security features: Transparent Data Encryption and Data Redaction. Data Redaction is new in Oracle Advanced Security with the release of Oracle Database 12c and provides the ability to redact sensitive information such as credit card data and social security numbers before the information leaves the database and is displayed by applications. Transparent Data Encryption provides encryption of data stored in the database, exported from the database using DataPump, or disk-based backups using Oracle RMAN. 








 Robert P. Lockard Oracle ACEWinner of the 2015 Oracle Developers Choice Award for Database Design President Oraclewizard.com, Inc. 
 "When given the choice between two evils, I always take the one I have not tried." Mae West 

 (cell) 571.276.4790 
 (office) 410.766.6960 
 (fax) 410.766.0332 




 twitter _at_navonpilot 


 youtube https://www.youtube.com/user/n4281k
 blog: http://www.oraclewizard.com/


-----Original Message-----


From: Hans Forbrich [mailto:fuzzy.graybeard_at_gmail.com]
Sent: Thursday, March 10, 2016 08:41 AM


To:oracle-l_at_freelists.org


Subject: Re: The issue about using wireshark to dissect Oracle TNS protocol packet



Side note: do you know that Encrypted SQL*Net does not require an extra license?



 From http://docs.oracle.com/database/121/DBLIC/options.htm#DBLIC143 we read "Network encryption (native network encryption and SSL/TLS) and strong authentication services (Kerberos, PKI, and RADIUS) are no longer part of Oracle Advanced Security and are available in all licensed editions of all supported releases of the Oracle database."



 A discuiion on how to accomlish this is at https://docs.oracle.com/cd/B28359_01/server.111/b28337/tdpsg_network_secure.htm#CHDHFHIE




 /Hans








--
http://www.freelists.org/webpage/oracle-l


Received on Thu Mar 10 2016 - 15:50:36 CET












Original text of this message