Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Advanced Security

Re: Advanced Security

From: Evan <eehrenh_at_emory.edu>
Date: Tue, 12 Sep 2006 17:39:51 -0400
Message-ID: <45072927.4070506@emory.edu> 





Brian Peasland wrote:

>> The applications (from vendors) don't allow for field encryption.




> 

> 

> Then you cannot and do not need DBMS_CRYPTO or DBMS_OBFUSCATION_TOOLKIT.

> 


>> Row restriction is not needed.




> 

> 

> Then you do not need Fine Grained Access Control (FGAC), also known as 

> Virtual Private Database (VPD).

> 


>> I feel that auditing allows us to look in the barn and see who took 
>> the horse. I want to keep anyone from looking in the barn. This is 
>> data which MUST be protected. It is enough to allow identity theft.




> 

> 

> If the data must be protected, then don't you want to know when/if 

> someone has accessed it? Yes, auditing allows you to "look in the barn", 

> but it gives you chance to see who is riding the horse!

> 


>> Web pages using HTTPS protect the contents between clients and 
>> webpages. ASO protects the content between the database and the web 
>> server.
>>
>> The issue is connection from
>> 1) application fat clients,
>> 2) ODBC clients,
>> 3) and SQLPlus clients.
>>
>> We have the DB server configured to use ASO with "request" and the web 
>> servers set to "required". They are ok.
>>
>> I have been told that ASO is not needed since to sniff the packets, 
>> you would need to tap into a box which receives the packets. Is this 
>> nonsense or is there another reason to use it?




> 

> 

> The security guys will tell you that anyone "on the network" can 

> potentially gain access to the packets to be sniffed. So you may want to 

> encrypt your network traffic. Please read this doc to show you how:

> 

> http://download-east.oracle.com/docs/cd/B19306_01/network.102/b14268/toc.htm 

> 

> 

> HTH,


> Brian

> 

> 



Brian (and company)



You win!!!



That is my point, but my security (and network) guys seem to think that 
it is not a big deal.



The referenced document you sent contains the following quote:



Over the Internet and in wide area network environments, both public 
carriers and private networks route portions of their network through 
insecure land lines, vulnerable microwave and satellite links, or a 
number of servers— exposing valuable data to interested third parties. 
In local area network environments within a building or campus, the 
potential exists for insiders with access to the physical wiring to view 
data not intended for them, and network sniffers can be installed to 
eavesdrop on network traffic.



How can a person in Washington intercept traffic between Atlanta and 
Augusta?






If I can answer this question, then I may get an appropriate response 
from the security guys.



Thanks,



Evan
Received on Tue Sep 12 2006 - 16:39:51 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US