Oracle® Database Security Guide 11g Release 1 (11.1) Part Number B28531-01 |
|
|
View PDF |
The Oracle Database 11g Release 1 (11.1) security features and enhancements described in this section comprise the overall effort to provide superior access control, privacy, and accountability with this release of Oracle Database.
The following sections describe new security features of Oracle Database 11g Release 1 (11.1) and provide pointers to additional information:
When you create a new database, you can use Database Configuration Assistant (DBCA) to automatically create a more secure configuration than in previous releases of Oracle Database. You can enable the following secure configuration settings in one operation:
Password-specific settings in the default profile. This feature enables you to enforce password expiration and other password policies. See "Configuring Password Settings in the Default Profile" for more information.
Auditing. This feature enables auditing for specific events such as database connections. See "Using Default Auditing for Security-Relevant SQL Statements and Privileges" for more information.
To configure your database for greater security, follow the guidelines in Chapter 10, "Keeping Your Oracle Database Secure".
Oracle Database now includes the following new password protections:
Password complexity verification. Password complexity verification ensures that users set complex passwords when setting or resetting passwords. You can enforce password complexity by using the default settings provided by Oracle Database, or create custom requirements to further secure the password complexity requirements for your site.
"Enforcing Password Complexity Verification" describes built-in password verification.
Enforced case sensitivity. See "Enabling or Disabling Password Case Sensitivity" for more information.
Stronger password hashing algorithm. See "What Are the Oracle Database Built-in Password Protections?" for more information.
You can now use the Secure Sockets Layer (SSL) and Kerberos strong authentication methods to authenticate users who have the SYSDBA
and SYSOPER
privileges.
See "Strong Authentication and Centralized Management for Database Administrators" for more information.
The SYSASM
system privilege has been added to Oracle Database 11g Release 1 (11.1), to be used exclusively to administer Automatic Storage Management (ASM). Use the SYSASM
privilege instead of the SYSDBA
privilege to connect to and administer ASM instances.
See Oracle Database Storage Administrator's Guide for more information about the SYSASM
privilege.
This section describes the following enhancements in encryption:
Intelligent LOB Compression, Deduplication, and Encryption with SecureFiles
Transparent Data Encryption with Hardware Security Module Integration
Oracle Database supports a new, faster, and scalable Large Object (LOB) storage paradigm called SecureFiles. SecureFiles, in addition to performance, supports efficient compression, deduplication (that is, coalescing duplicate data), and encryption. LOB data can now be encrypted with Oracle Database, and is available for random reads and writes.
For more information about SecureFiles, see Oracle Database SecureFiles and Large Objects Developer's Guide. See also Oracle Database SQL Language Reference for updates in the CREATE TABLE
and ALTER TABLE
statements to support this feature.
In this release, you can use Oracle Data Pump to compress and encrypt an entire dump file set. You can optionally compress and encrypt the data, metadata, or complete dump file set during an Oracle Data Pump export.
For more information, see Oracle Database Utilities.
Transparent data encryption (TDE) stores the master key in an encrypted software wallet and uses this key to encrypt the column keys, which in turn encrypt column data. While this approach to key management is sufficient for many applications, it may not be sufficient for environments that require stronger security. Because the master key must reside in memory to perform cryptographic operations, an intruder could perform various types of logical attacks to dump the memory and then retrieve the key. To avoid the problem of insecure system memory, the transparent data encryption functionality is extended to use hardware security modules (HSMs). This enhancement offers far better physical and logical protection of the master keys.
This release focuses on storing the master key within the hardware security module at all times and limiting the hardware security module to the encryption and decryption of the column keys. The column keys are passed back to the database. Oracle recommends that you encrypt the traffic between HSM device and databases with Advanced Security Option Network Encryption. This new feature provides additional security for transparent data encryption, because the master key cannot leave the HSM device. Furthermore, it enables the sharing of the same key between multiple databases and instances in an Oracle Real Applications Clusters (RAC) environment.
To configure transparent data encryption with hardware security module integration, see Oracle Database Advanced Security Administrator's Guide.
Transparent tablespace encryption enables you to encrypt an entire tablespace. This encryption includes all the data within the tablespace. When an application accesses the tablespace, Oracle Database transparently decrypts the relevant data blocks for the application.
Tablespace encryption provides an alternative to transparent data encryption column encryption. This eliminates the need for granular analysis of applications to determine which columns to encrypt, especially for applications with a large number of columns containing personally identifiable information (PII) such as social security numbers or patient health care records. If your tables have small amounts of data to encrypt, you can continue to use the transparent data encryption column encryption solution.
For an introduction to transparent encryption, see Oracle Database 2 Day + Security Guide. For detailed information about transparent tablespace encryption, see Oracle Database Advanced Security Administrator's Guide.
Oracle Database provides a set of PL/SQL utility packages, such as UTL_TCP
, UTL_SMTP
, UTL_MAIL
, UTL_HTTP
, and UTL_INADDR
, that are designed to enable database users to access network services on the database. Oracle Database PL/SQL Packages and Types Reference describes the PL/SQL utility packages in detail.
In a default database installation, these packages are created with EXECUTE
privileges granted to PUBLIC
users. This release enhances the security of these packages by providing database administrators the ability to control access to applications in the database that use these packages.
See "Managing Fine-Grained Access to External Network Services" for more information.
This section describes the following Oracle XML DB security enhancements:
Security objects are now stored in the Oracle XML DB repository as XMLType objects. These security objects can contain strings that need to be translated to different languages so that they can be searched or displayed in those languages. Developers can store translated strings with the XMLType and retrieve and operate on these strings depending on the language settings of the user. The advantage of this feature is that it reduces the costs associated with developing applications that are independent of the target preferred language of the user.
To configure security for XMLType objects, see Oracle XML DB Developer's Guide.
You can now use the Oracle XML DB HTTP server for service-oriented architecture (SOA) operations. This allows the database to be treated as simply another service provider in an SOA environment. Security administrators can control user access to Oracle Database Web services and their associated database objects by using the XDB_WEBSERVICES
, XDB_WEBSERVICES_OVER_HTTP
, and XDB_WEBSERVICES_WITH_PUBLIC
predefined roles.
To configure Oracle Database Web services, see Oracle XML DB Developer's Guide.For information on this feature's predefined roles, see Table 4-3, "Oracle Database Predefined Roles".
In this release, administrators can now disallow anonymous access to database service information in a directory and require clients to authenticate when performing LDAP directory-based name look-ups. If you are using Microsoft Active Directory-based name lookups, then Oracle Database uses the native operating system-based authentication. If you are using Oracle Internet Directory (OID)-based name lookups, then Oracle Database performs authentication by using wallets.
To configure directory security, see Oracle Database Net Services Reference.
The following security enhancements are available for Oracle Call Interface (OCI):
Reporting bad packets that may come from malicious users or intruders
Terminating or resuming the client or server process on receiving a bad packet
Configuring the maximum number of authentication attempts
Controlling the display of the Oracle database version banner, to prevent intruders from finding information about the security vulnerabilities present in the database software based on the version
Adding banner information, such as "Unauthorized Access" and "User Actions Audited," to server connections so that clients can display this information
Database administrators can manage these security enhancements for Oracle Call Interface developers by configuring a set of new initialization parameters. See "Parameters for Enhanced Security of Database Communication" for more information. See also Oracle Call Interface Programmer's Guide for detailed information on Oracle Call Interface.