Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Newbie Database Encryption Question

Re: Newbie Database Encryption Question

From: Rick Wessman <rwessman_at_us.oracle.com>
Date: 17 Feb 1999 10:22:16 -0800
Message-ID: <socr9rodh5z.fsf@rwessman.us.oracle.com> 





"Bill Buchan" <bbuchan_at_ossian.net> writes:



> Hi,


> 


> I have some questions about the concepts of encryption in Oracle.  Sorry if


> they are a bit basic:  I'm new to encryption - didn't used to care who could


> get at the data before! I'd really appreciate any advise people could give


> me with the following:


> 


> 1. I believe that there is no way to simply "switch on" encryption of the


> entire database although you can get 3rd party tools which will


> encrypt/decrypt data going into/out of the database.  Is this correct?


Yep.



> 


> 2. Given the ability to encrypt the database, what security advantage does


> this have over simply having long, hard to crack password security?  For


> example, if somebody physically steals the hard-drives containing the


> database files - but does not know the passwords, how easy would it be for


> them to get at the data with/without encryption.  Is encrypting the database


> worth the effort and processing overhead?


The ease of cracking depends on the algorithm. Some are easier than others.



I think, though, ensuring the physical safety of the machine should take
precedence over encrypting the data. Encryption itself won't save you if
someone can steal the machine.



On another note, make sure that if you decide to encrypt, that you store the
keys in a safe place (like a vault off-site) in case some disaster occurs and
you lose the keys.



> 


> 3. Where does Oracle Security Server fit into this picture?  My


> understanding of this is that it provides certification that servers and


> clients are who they say they are (to protect against spoofing).  However it


> does not provide any encryption of data either in the database on the


> network (the advanced networking option provides encryption for Net8 I


> believe).




This is right as well. The Oracle Security Server does not provide encryption
on the wire. ANO (now called the Oracle Advanced Security option) does,
however.



IMO, if I were you, I would sit down and think about exactly why you database
encryption. The benefits may not be worth the cost.



-- 

                                Thanks,
                                Rick
                                Rick Wessman
                                Security and Directory Technologies
                                Oracle Corporation
                                rwessman_at_us.oracle.com


Received on Wed Feb 17 1999 - 12:22:16 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US