02-01-2013, 12:09 PM
Oracle Data Encryption
1Oracle Data.ppt (Size: 195 KB / Downloads: 125)
Introduction
This presentation describes introduction of data encryption into Oracle databases and how “Transparent Data Encryption” in Oracle 11g can benefit DBAs in achieving compliancy with Payment Card Industry Data Security Standard.
Identification of Threats
What are the Common Security Threats ?
Eavesdropping and Data Theft
Data Tampering
Falsifying User Identities
Password Related Threats
Basic Framework of Oracle Security
Securing database during installation
Securing user accounts
Managing user privileges
Auditing database activity
Securing network
Securing data (encryption, VPD, Database Vault)
PCI Requirements
What is Payment Card Industry Data Security Standard (PCI DSS) ?
Founded by American Express, Visa, MasterCard, Discover Financial Services, and JCB
The standards apply to all organizations that store, process or transmit cardholder data
Any company processing, storing, or transmitting cardholder data must be PCI DSS compliant
The Core Elements of DSS
Build and Maintain a Secure Network
Protect Cardholder Data (encryption)
Maintain a Vulnerability Management Program
Implement Strong Access Control Measures
Regularly Monitor and Test Networks
Maintain an Information Security Policy
What is encryption ?
Transformation of information using “encryption algorithm” into a form that can not be deciphered without a decryption key
Public Key Encryption
The public key is freely distributed, while its paired private key remains secret
The public key is typically used for encryption, while the private or secret key is used for decryption
Encryption in Practice
Not a solution to all security problems
Represents only one layer of Oracle security model
Should be implemented in combination with Data Pump, RMAN, VPD and Data Masking
PCI’s requirement to change regularly the encryption key is difficult to achieve
Only as safe as your wallet
With TDE there is no reason why your datafiles should stay unsecured