!moran r. - oracle9i security overview (part no. a90148-01) (release 9.0.1) (2001)
TRANSCRIPT
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
1/188
Oracle9i
Security Overview
Release 1 (9.0.1)
June 2001
Part No. A90148-01
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
2/188
Oracle9i Security Overview , Release 1 (9.0.1)
Part No. A90148-01
Copyr ight 2001, Oracle Corporat ion. All rights reserved .
Primary Author : Rita Moran
Contributing Authors: Kristy Browder, Mary Ann Davidson, John H eimann, Paul Needham, David
Saslav, Uppili Srinivasa n
Contributors: Mike Cowan, Sud ha Iyer, Richard Smith, Deborah Steiner, Daniel Wong
The Programs (which include both the software and d ocumentation) contain p roprietary information ofOracle Corporation; they are p rovided u nder a license agreement containing restrictions on use an d
disclosure and are also protected by copyright, patent, and oth er intellectual and ind ustrial property
laws. Reverse engineering, disassembly, or decompilation of the Programs is prohibited.
The information contained in this docum ent is subject to change w ithout notice. If you find any p roblems
in the docum entation, please report them to us in wr iting. Oracle Corporation d oes not warran t that this
documen t is error free. Except as m ay be expressly permitted in your license agreement for these
Programs, no part of these Programs may be reprodu ced or transmitted in any form or by any m eans,
electronic or mechanical, for any p urp ose, without the express written p ermission of Oracle Corporation.
If the Programs are d elivered to th e U.S. Government or an yone licensing or u sing the program s onbehalf of the U.S. Governm ent, the following n otice is ap plicable:
Restricted Rights N otice Programs delivered subject to the DOD FAR Supplement are "commercial
compu ter software" and u se, du plication, and disclosure of the Programs, including d ocumentation,
shall be subject to the licensing restrictions set forth in the ap plicable Oracle license agreem ent.
Otherwise, Programs d elivered subject to the Federal Acquisition Regulations are "restricted compu ter
software" and u se, dup lication, and disclosure of the Program s shall be subject to the restrictions in FAR
52.227-19, Commercial Com pu ter Software - Restricted Rights (Jun e, 1987). Oracle Corp oration , 500
Oracle Park wa y, Redw ood City, CA 94065.
The Programs are n ot intend ed for u se in any nuclear, aviation, mass transit, medical, or other inherentlydangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup,
redu ndan cy, and other m easures to ensure the safe use of such app lications if the Programs are u sed for
such pu rposes, and Oracle Corporation d isclaims liability for any d amages caused by such u se of the
Programs.
Oracle is a registered tradem ark, and Oracle8i, Oracle9i, PL/ SQL, LogMiner, Oracle Call Interface, Oracle
Enterp rise Manage r, Oracle Label Security, and Oracle Wallet Mana ger are trad ema rks or registered
tradema rks of Oracle Corporation. Other nam es may be trad emarks of their respective owners.
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
3/188
iii
Contents
Send Us Your Comments .................................................................................................................. xiii
Preface........................................................................................................................................................... xv
Au dience ............................................................................................................................................... xvi
Or ganiza tion ........................................................................................................................................ xviiRelated Documentation ..................................................................................................................... xviii
Conventions.......................................................................................................................................... xix
Documentation Accessibility ............................................................................................................ xxii
Part I Security Challenges
1 Data Security Challenges in the Internet Age
Top Security Myths............................................................................................................................. 1-2
The Many D imensions of System Security ................................................................................... 1-3
Fundamental D ata Security Requirements .................................................................................... 1-5
Confidentiality .............................................................................................................................. 1-5
Pr ivacy of Com munications ................................................................................................ 1-5
Secure Storage of Sensitive Data ......................................................................................... 1-5Au thenticated Users.............................................................................................................. 1-6
Granular Access Con trol ...................................................................................................... 1-6
Integrity.......................................................................................................................................... 1-6
Availability .................................................................................................................................... 1-7
Security Requirements in the Internet Environment .................................................................. 1-8
Prom ises an d Problems of the Internet ..................................................................................... 1-8
http://comments_template.pdf/http://comments_template.pdf/ -
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
4/188
iv
Increased Data Access .................................................................................................................. 1-9
Mu ch More Valu able Data .......................................................................................................... 1-9Larger User Com munities ......................................................................................................... 1-10
Scalability .............................................................................................................................. 1-10
Manageability....................................................................................................................... 1-11
Interoperability .................................................................................................................... 1-11
Hosted System s and Exchanges ............................................................................................... 1-11
A World of D ata Security Risks ..................................................................................................... 1-12
Data Tam per ing .......................................................................................................................... 1-13
Eavesd ropping and Data Theft ................................................................................................. 1-13
Falsifying User Identit ies ........................................................................................................... 1-13
Passw ord-Related Threats ......................................................................................................... 1-14
Unauthorized Access to Tables and Columns........................................................................ 1-14
Unau thorized Access to Data Rows......................................................................................... 1-15
Lack of Accou ntability ............................................................................................................... 1-15
Complex User Management Requirements............................................................................ 1-15
Multitier Systems................................................................................................................. 1-15
Scaling the Security Administration of Mu ltip le Systems............................................. 1-16
A Matrix of Security Risks and Solutions .................................................................................... 1-17
The System Security Team .............................................................................................................. 1-19
Part II Technical Solutions to Security Risks
2 Protecting Data Within the Database
Introduction ......................................................................................................................................... 2-2
System and Object Privileges ........................................................................................................... 2-2
System Pr ivileges .......................................................................................................................... 2-2
Schema Object Privileges............................................................................................................. 2-3
Managing System and Object Privil eges ....................................................................................... 2-3
Using Roles to Manage Pr ivileges .............................................................................................. 2-4
Database Roles ....................................................................................................................... 2-4
Global Roles............................................................................................................................ 2-5
Enterp rise Roles ..................................................................................................................... 2-6
Secure Ap plication Roles ...................................................................................................... 2-6
Using Stored Proced ures to Manage Privileges ....................................................................... 2-7
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
5/188
v
Using Network Facilities to Manage Privileges....................................................................... 2-7
Using View s to Manage Priv ileges ............................................................................................ 2-8Row Level Security ............................................................................................................................. 2-9
Com plex and Dynamic View s .................................................................................................... 2-9
Ap plication Qu ery Rew rite: Virtu al Private Database (VPD) ............................................... 2-9
Label Based Access Con trol ...................................................................................................... 2-10
Encrypting Data on the Server ....................................................................................................... 2-11
Selective Encryption of Stored Data ........................................................................................ 2-11
Industry Standard Encryption Algorithms............................................................................. 2-11
Database Integrity Mechanisms .................................................................................................... 2-12
System Availability Factors ............................................................................................................ 2-13
Secure Configuration Practices ...................................................................................................... 2-14
3 Protecting Data in a Network Environment
Introduction ......................................................................................................................................... 3-2Protecting Data During Transmission ............................................................................................ 3-3
Con trollin g Access Within the Netw ork ................................................................................... 3-3
Middle-Tier Connection Management............................................................................... 3-3
Native N etw ork Cap abilities (Valid Node Ch ecking) ..................................................... 3-3
Database Enforced Network Access................................................................................... 3-4
Encryp ting Data for Network Transmission ............................................................................ 3-4
Encryp tion Algorith ms ......................................................................................................... 3-5Data Integrity Checkin g ....................................................................................................... 3-6
Secure Sockets Layer (SSL) Protocol .......................................................................................... 3-6
Firewalls......................................................................................................................................... 3-7
Ensuring Security in Three-Tier Systems ...................................................................................... 3-8
Proxy Au thentication to Ensu re Three-Tier Security .............................................................. 3-8
Java Database Con nectiv ity (JDBC) ........................................................................................... 3-8
JDBC-OCI Dr iver ................................................................................................................... 3-9
Thin JDBC Dr iver .................................................................................................................. 3-9
4 Authenticating Users to the Database
Introduction ......................................................................................................................................... 4-2
Passwords ............................................................................................................................... .............. 4-2
Strong Authentication........................................................................................................................ 4-3
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
6/188
vi
Kerberos an d CyberSafe .............................................................................................................. 4-4
RADIUS.......................................................................................................................................... 4-4Token Cards................................................................................................................................... 4-5
Smar t Card s ................................................................................................................................... 4-6
Distr ibu ted Computing Env ironm ent (DCE) ........................................................................... 4-7
Biometrics....................................................................................................................................... 4-7
PKI and Cert ificate-Based Authentication ................................................................................ 4-7
Proxy Authentication and Authorization ....................................................................................... 4-8
Single Sign-On .................................................................................................................................. 4-10
Server-Based Single Sign-On..................................................................................................... 4-10
Mid dle Tier Single Sign-On ....................................................................................................... 4-11
5 Using and Deploying a Secure Directory
Introduction ......................................................................................................................................... 5-2
Centralizing Shared Information w ith LDAP ............................................................................... 5-3Securing the Directory ....................................................................................................................... 5-5
Directory Au thentication of Users ............................................................................................. 5-5
Passw ord Protection in a Directory ........................................................................................... 5-6
Directory Access Con trols and Authorization ......................................................................... 5-7
Directory-Based Application Security ............................................................................................ 5-8
Au thorization of Users ................................................................................................................. 5-8
Au thorization of Administra tor s................................................................................................ 5-8Ad ministra tive Roles in the Directory ..................................................................................... 5-12
6 Administering Enterprise User Security
Introduction ......................................................................................................................................... 6-2
Enterprise Privi lege Adminis tration ............................................................................................... 6-3
Shared Schemas ................................................................................................................................... 6-4Password-Authenticated Enterprise Users ..................................................................................... 6-5
Enterprise Roles .................................................................................................................................. 6-5
Multitier Authentication and Authorization ................................................................................. 6-5
Single Sign-On .................................................................................................................................... 6-6
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
7/188
vii
7 Auditing to Monitor System Security
Introduction ......................................................................................................................................... 7-2
Fundamental Auditing Requirements ............................................................................................ 7-2
Robu st, Com prehensive Au ditin g ...................................................................................... 7-2
Efficient Au diting .................................................................................................................. 7-2
Cu stom izable Au ditin g ........................................................................................................ 7-3
Fine Grained, Extensible Auditing ................................................................................................. 7-3
Auditing in Multitier Application Environments ........................................................................ 7-4
8 The Public Key Infrastructure Approach to Security
Introduction ......................................................................................................................................... 8-2
Secur ity Featu res of PKI .............................................................................................................. 8-2
Componen ts of PKI ...................................................................................................................... 8-3
Ad vantages of the PKI Approach .............................................................................................. 8-3
Public Key Cryptography and the Public Key/Private Key Pair ............................................... 8-4
Secure Credentials: Certificate-Based Authentication in PKI ................................................... 8-5
Certificates and Certificate Authorities..................................................................................... 8-5
Cer tificate Au thorities .......................................................................................................... 8-5
Cert ificates .............................................................................................................................. 8-6
Authentication Methods Used with PKI................................................................................... 8-7
Secure Sockets Layer Au thent ication and X.509v3 Digital Certificates ........................ 8-7
Entru st/ PKI Authentication ................................................................................................ 8-8
Storing Secure Credentials w ith PKI.............................................................................................. 8-8
Single S ign-On Using PKI................................................................................................................ 8-9
Network Security Using PKI ............................................................................................................ 8-9
Part III Oracle9iSecurity Products
9 Oracle9iSecurity Products and Features
Oracle9i Standard Edition ................................................................................................................. 9-2
Integrity.......................................................................................................................................... 9-3
Data Integr ity ......................................................................................................................... 9-3
Ent ity Integr ity Enfor cement ............................................................................................... 9-3
Referent ial Integr ity .............................................................................................................. 9-3
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
8/188
viii
Authentication and Access Controls in Oracle9i ..................................................................... 9-4
Privileges........................................................................................................................................ 9-4Roles................................................................................................................................................ 9-5
Au diting ......................................................................................................................................... 9-5
Views, Stored Program Units, Triggers..................................................................................... 9-5
Data Encryption ............................................................................................................................ 9-6
High Av ailability .......................................................................................................................... 9-6
User Profiles ........................................................................................................................... 9-6
On line Backup and Recovery .............................................................................................. 9-7Ad vanced Replication ........................................................................................................... 9-7
Data Partitioning.................................................................................................................... 9-7
Very High Availab ility with Real Ap plication Cluster s .................................................. 9-8
Proxy Auth entication in Oracle9i ............................................................................................... 9-9
Introd uction ............................................................................................................................ 9-9
Support for Additional Protocols...................................................................................... 9-10
Expanded Cred ential Proxy ............................................................................................... 9-10
Ap plication User Proxy Au thentication ........................................................................... 9-11
Oracle9i Enterprise Edition ............................................................................................................. 9-12
Internet Scale Security Featu res ................................................................................................ 9-12
Deep Data Protection .......................................................................................................... 9-12
Internet-Scale Security ........................................................................................................ 9-13
Secure Hosting and Data Exchange.................................................................................. 9-13
Ap plication Secu rity ................................................................................................................... 9-13
Virtua l Private Database in Oracle9i........................................................................................ 9-14
Virtua l Private Database in Oracle8i and Oracle9i ......................................................... 9-14
How Vir tu al Private Database Works .............................................................................. 9-15
App lication Con text in Oracle9i ........................................................................................ 9-16
How Application Context Facilitates VPD ...................................................................... 9-17
Application Context Accessed Locally...................................................................... 9-17Application Context Initialized Externally............................................................... 9-17
Application Context Initialized Globally.................................................................. 9-18
Ap plicat ion Context Accessed Globally ................................................................... 9-18
How Partition ed Fine-Grained Access Control Facilitates VPD .................................. 9-19
User Mod els and Virtu al Private Database ..................................................................... 9-20
Oracle Policy Manager........................................................................................................ 9-20
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
9/188
ix
Secure Ap plication Role ............................................................................................................ 9-21
Fine-Gra ined Au ditin g .............................................................................................................. 9-21Oracle Auditin g for Three-Tier Ap plications ......................................................................... 9-23
Java Security Implementat ion in the Database ...................................................................... 9-23
Class Execu tion .................................................................................................................... 9-23
Secur ityManager Class ....................................................................................................... 9-23
Oracle Advanced Security ............................................................................................................... 9-24
Introduction to Oracle Ad vanced Security ............................................................................. 9-25
Netw ork Security Serv ices of Oracle Ad van ced Security .................................................... 9-27Oracle Net Services Native Encryption............................................................................ 9-27
Data In tegr ity Featu res of Oracle Ad van ced Security ................................................... 9-29
Secure Sockets Layer (SSL) Encryption Capabilities...................................................... 9-29
Oracle Advanced Security Support for SSL ............................................................. 9-29
Checksu mming in Oracle Advanced Security SSL ................................................. 9-29
Oracle9i Ap plicat ion Server Sup port for SSL .......................................................... 9-30
Java Encryption Featu res of Or acle Advanced Security ................................................ 9-30
JDBC-OCI Driver.......................................................................................................... 9-30
Thin JDBC...................................................................................................................... 9-31
Secure Connections for Virtually Any Client........................................................... 9-32
Oracle Java SSL............................................................................................................. 9-32
Strong Au thentication Method s Supported by Oracle Advan ced Security ............... 9-33
Oracle Pu blic Key Infrastru cture-Based Au thent ication ........................................ 9-34
Kerberos an d CyberSafe with Oracle Ad vanced Security ..................................... 9-36
RADIUS with Oracle Advanced Security................................................................. 9-36
Token Cards w ith Oracle Ad vanced Security.......................................................... 9-37
Smar t Cards with Oracle Ad vanced Secu rity .......................................................... 9-37
Biometric Authentication with Oracle Advanced Security.................................... 9-37
Distributed Comp uting Environm ent (DCE) with Oracle Advanced Security .. 9-38
Single Sign-On Imp lementation s in Oracle Ad vanced Secur ity .................................. 9-39Single Sign-On Configu ration with Third -Party Products .................................... 9-39
PKI-Based Single Sign-On Configuration................................................................. 9-39
Enterprise User Security Features of Oracle Advanced Secur ity ........................................ 9-40
Password-Authenticated Enterprise Users...................................................................... 9-41
Tools for Enterprise User Security .................................................................................... 9-41
Shared Schem as in Oracle Ad vanced Security ............................................................... 9-42
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
10/188
x
Current User Database Links............................................................................................. 9-42
Directory Integration........................................................................................................... 9-42PKI Im plementation in Oracle Ad vanced Security ............................................................... 9-43
Compon ents of Oracle Public Key Infrastru cture-Based Au then tication ................... 9-43
Secure Sockets Layer .................................................................................................... 9-43
Oracle Call Interface..................................................................................................... 9-43
Tru sted Cer tificates ...................................................................................................... 9-43
X.509 Version 3 Cer tificates ........................................................................................ 9-44
Oracle Wallets ............................................................................................................... 9-44Oracle Wallet Manager ................................................................................................ 9-44
Oracle Enterprise Login Assist an t ............................................................................. 9-44
Oracle Internet Directory ............................................................................................ 9-44
Oracle Enterprise Security Manager.......................................................................... 9-45
PKI Integ ra tion and Interop erability ................................................................................ 9-45
PKCS #12 Support ........................................................................................................ 9-46
Wallets Stored in Oracle Intern et Directory ............................................................. 9-46
Mu ltip le Cer tificate Sup port ....................................................................................... 9-46
Strong Wallet Encryp tion ............................................................................................ 9-46
Oracle PKI Implem entation Sum mary ............................................................................. 9-47
Oracle Label Security ....................................................................................................................... 9-48
Oracle Internet D irectory ................................................................................................................ 9-50
Int roduction to Oracle Internet Directory ............................................................................... 9-50
LDAP Compliance ...................................................................................................................... 9-52
How Oracle Internet Directory is Imp lemented .................................................................... 9-53
How Oracle Internet Directory Organ izes Enterp rise User Managem ent ......................... 9-55
Enterp rise User Ad min istration with Oracle Internet Directory .................................. 9-55
Shared Schem as with Oracle Internet Directory ............................................................. 9-55
Oracle Net Services ........................................................................................................................... 9-56
Com ponents of Oracle Net Services......................................................................................... 9-56Oracle Net on the Clien t ..................................................................................................... 9-56
Oracle N et on the Database Server ................................................................................... 9-56
Oracle Protocol Sup port ..................................................................................................... 9-57
Oracle Con nection Manager .............................................................................................. 9-57
Protocol Conversion..................................................................................................... 9-57
Access Control .............................................................................................................. 9-57
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
11/188
xi
Session Mu ltip lexing ................................................................................................... 9-58
Firewall Support with Oracle Net Services ............................................................................ 9-58Firewalls Using Oracle Connection Man ager in an Int ranet Environm ent ................ 9-58
Firewalls Using Oracle Net Firew all Proxy in an Internet Environ ment .................... 9-59
Valid Node Checking in Oracle Net Services......................................................................... 9-60
Database Enforced VPD Network Access............................................................................... 9-61
Oracle9i Application Server ........................................................................................................... 9-62
Oracle HTTP Server ................................................................................................................... 9-62
Oracle Portal................................................................................................................................ 9-63Single Sign-On in O racle9i Ap plicat ion Server ...................................................................... 9-63
Web SSO Technology.......................................................................................................... 9-63
Login Server ......................................................................................................................... 9-64
LDAP Integrat ion ................................................................................................................ 9-64
PKI Support .......................................................................................................................... 9-64
Mu ltit ier Integr ation ........................................................................................................... 9-65
Oracle Single Sign-On Sum mary ...................................................................................... 9-65
Index
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
12/188
xii
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
13/188
xiii
Send Us Your Comments
Oracle9i Security Overview, Release 1 (9.0.1)
Part No. A90148-01
Oracle Corporation w elcomes your comm ents and su ggestions on the quality and u sefulness of this
docum ent. Your inp ut is an imp ortant p art of the information u sed for revision.
s Did you find any errors?
s Is the information clearly presented ?
s Do you need m ore information? If so, where?
s Are the examples correct? Do you need more examp les?
s What features did you like most?
If you find any errors or have any other suggestions for improvement, please indicate the documen t
title and p art nu mber, and the chapter, section, and page n um ber (if available). You can send com-
ments to u s in the following ways:
s Electronic mail: infod ev_u [email protected]
s FAX: 1-650-506-7227 Attn: Inform ation Development
s Postal service:
Oracle Corporation
Information Development Documentation Manager
500 Oracle Parkway, Mailstop 4op11
Redw ood Shores, CA 94065U.S.A.
If you would like a reply, please give your name, add ress, telephone n um ber, and (optionally) elec-
tronic mail address.
If you have p roblems w ith the softw are, please contact your local Oracle Sup port Services.
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
14/188
xiv
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
15/188
xv
Preface
The Oracle9i Security Overview presents th e basic concepts of data security in the
Internet age. It outlines fundamental data security requirements and explains the
risks wh ich threaten th e integrity and p rivacy of your d ata. Several chap ters
introdu ce the rich array of technology that can contribute to system security. The
book concludes w ith a survey of the Oracle features and p rodu cts which implementthese technologies.
Together, these p rodu cts have the potential to control access to all the vu lnerable
areas of your system, and help users and adm inistrators to perform their tasks
without jeopard izing the security plan you ha ve pu t in place.
This preface contains these topics:
s Audience
s Organization
s Related Docum entation
s Conventions
s Documentation Accessibility
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
16/188
xvi
AudienceThe Oracle9i Security Overview is intended for database ad ministrators (DBAs),
application programmers, security administrators, system operators, and other
Oracle users w ho perform the following tasks:
s Analyze app lication security requ irements
s Create security policies
s Implement security technologies
s Administer enterprise user security
To use this document, you need general familiarity with database and netw orking
concepts.
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
17/188
xvii
OrganizationThis document introduces the basic concepts of system security in the Internet Age.It outlines the data security risks wh ich are prevalent tod ay, and the
indu stry-standard technologies available to add ress them. It then presents the
carefully integrated su ite of Oracle produ cts you can u se to implemen t these
security technologies.
Part I: Security Challenges
This part explains the wide range of security risks to the integrity and privacy ofdata in the Internet Age.
Chapter 1, "Data Security Challenges in the Internet Age"
This chap ter introdu ces the fundamen tal concepts of data security, and ou tlines the
threats against wh ich d ata and systems m ust be defended.
Part II: Technical Solutions to Security Risks
This part introd uces the technology available to meet data secur ity challenges.
Chapter 2, "Protecting Data Within the Database"
This chap ter describes the fund amen tal elemen ts of database security.
Chapter 3, "Protecting Data in a Network Environment"
This chapter explains how d ata can be protected w hile being transmitted over a
network. It covers network access control, encryption, Secure Sockets Layer, and
firewalls, as well as security in a three-tier environm ent.
Chapter 4, "Authenticating Users to the Database"
This chap ter describes the w ide range of technology available to verify the id entity
of database, app lication, and n etwork u sers.
Chapter 5, "Using and Deploying a Secure Directory"It can be advantageou s to centralize storage and m anagem ent of user-related
information in a d irectory. This chap ter d escribes how to p rotect su ch a d irectory,
and how access can be controlled u sing a d irectory.
Chapter 6, "Administering Enterprise User Security"
This chapter describes the element s which make up a strong enterp rise u ser
management facility.
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
18/188
xviii
Chapter 7, "Auditing to Monitor System Security"
This chapter d escribes technology available to mon itor the effectiveness of yoursecurity policies.
Chapter 8, "The Public Key Infrastructure Approach to Security"
This chapter introdu ces the Pu blic Key Infrastructure (PKI) approach to security. It
describes the comp onents of PKI, and explains why th is has become an ind ustry
standard.
Part III: Oracle9i Security Products
This part presents the rich suite of Oracle security prod ucts which can meet your
data security requirements.
Chapter 9, "Oracle9i Security Products and Features"
This chap ter presents the major secur ity-related prod ucts available with Oracle9i,
and specifies the way in wh ich each of them implements the kinds of security
technologies d escribed in Part II of this book.
Related DocumentationFor more information, see these Oracle resources:
s Oracle installation and u sers guid e for your platform
s Oracle9i Concepts
s Oracle9i Application Developers Guide - Fundamentals
s Oracle9i Admin istrators Guide
s Oracle Advanced Security Administrators Guide
s Oracle Internet D irectory Administrators Guide
s Oracle Label Security Administrators Guide
s Oracle Net Services A dministrators Guide
s Single Sign-On Administrators Guide
s Oracle9i Java Developers Guide
s Oracle9i JDBC Developers Guide and Reference
s Oracle Enterprise Manager Concepts Guide
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
19/188
xix
In Nor th Am erica, printed docum entation is available for sale in the Oracle Store at
http://oraclestore.oracle.com/
Custom ers in Europe, the Midd le East, and Africa (EMEA) can p urchase
documentation from
http://www.oraclebookshop.com/
Other custom ers can contact their Oracle representative to purchase p rinted
documentation.
To down load free release notes, installation d ocumenta tion, white p apers, or other
collateral, please visit the Oracle Technology Network (OTN). You must register
online before using O TN; registration is free and can be don e at
http://technet.oracle.com/membership/index.htm
If you already have a u sername and password for OTN, then you can go directly to
the d ocumentation section of the OTN Web site at
http://technet.oracle.com/docs/index.htm
ConventionsThis section describes the conventions u sed in th e text and code examples of this
docum entation set. It describes:
s Convention s in Text
s Conventions in Code Examp les
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
20/188
xx
Conventions in Text
We use va rious conventions in text to help you m ore quickly iden tify special terms.The following table describes those conventions and provid es examples of their use.
Convention Meaning Example
Bold Bold typ eface indicates terms th at aredefined in the text or terms that app ear ina glossary, or both.
When you sp ecify this clause, you create anindex-organized table.
Italics Italic typeface indicates book titles oremphasis. Oracle9i ConceptsEnsure that th e recovery catalog and targetdatabase do notreside on the same d isk.
UPPERCASE
monospace
(fixed-width
font)
Upp ercase mon ospace typeface indicateselements sup plied by the system. Suchelements include parameters, privileges,datatypes, RMAN keywords, SQLkeywords, SQL*Plus or u tility command s,packages and m ethods, as well assystem-supp lied column names, databaseobjects and structu res, usernames, androles.
You can specify this clause only for a NUMBERcolumn.
You can back up the data base by using theBACKUP command.
Query the TABLE_NAME colum n in the USER_TABLES data dictionary view.
Use the DBMS_STATS.GENERATE_STATSprocedure.
lowercase
monospace
(fixed-width
font)
Lowercase monospace typeface ind icatesexecutab les, filenam es, directory names,and sample user-supplied elements. Suchelements include comp uter and databasenam es, net service names, and connect
identifiers, as well as user-supp lieddatabase objects and structures, colum nnam es, packages and classes, usernamesand roles, program un its, and param etervalues.
Note: Some programmatic elements use amixture of UPPERCASE and lowercase.Enter these elements as shown.
Enter sqlplus to open SQL*Plus.
The password is specified in the orapwd file.
Back up the d atafiles and control files in the/disk1/oracle/dbs directory.
The department_id, department_name,and location_id colum ns are in thehr.departments table.
Set the QUERY_REWRITE_ENABLEDinitialization parameter to true.
Connect as oe user.
The JRepUtil class implements these
methods.lowercase
monospace
(fixed-width
font) italic
Lowercase monospace italic fontrepresents placeholders or variables.
You can specify th eparallel_clause.
Run Uold_release.SQL where old_releaserefers to the release you installedprior to up grading.
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
21/188
xxi
Conventions in Code Examples
Code examples illustrate SQL, PL/ SQL, SQL*Plus, or other comm and -linestatements. They are displayed in a monosp ace (fixed-width) font and separated
from normal text as shown in this example:
SELECT username FROM dba_users WHERE username = MIGRATE;
The following table describes typograph ic conventions used in code examples and
provid es examples of their use.
Convention Meaning Example
[ ] Brackets enclose one or more optionalitems. Do not enter the brackets.
DECIMAL (digits [ ,precision ])
{ } Braces enclose two or m ore items, one ofwh ich is required. Do not enter the braces.
{ENABLE | DISABLE}
| A vertical bar represents a choice of twoor more opt ions within brackets or braces.
Enter one of the options. Do not enter thevertical bar.
{ENABLE | DISABLE}
[COMPRESS | NOCOMPRESS]
... Hor izontal ellipsis points ind icate either:
s That we have omitted p arts of thecode that are not directly related tothe example
s That you can repeat a portion of thecode
CREATE TABLE ... AS subquery;
SELECT col1, col2, ... , coln FROM
employees;
.
.
.
Vertical ellipsis points indicate that w ehave om itted several lines of code notd irectly related to the examp le.
Other notation You must enter symbols other thanbrackets, braces, vertical bars, and ellipsispoints as shown.
acctbal NUMBER(11,2);
acct CONSTANT NUMBER(4) := 3;
Italics Italicized text ind icates placeholders orvariables for wh ich you mu st supp lyparticular values.
CONNECT SYSTEM/system_password
DB_NAME = database_name
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
22/188
xxii
Documentation AccessibilityThe goal of Oracle Corporation is to make our p rodu cts, services, and sup port ing
docum entation accessible to the disabled comm un ity with good u sability. To that
end , our d ocumen tation includ es features that m ake information available to users
of assistive technology. This docum entation is available in H TML format, andcontains markup to facilitate access by the d isabled commu nity. Stand ards will
continue to evolve over time, and Oracle is actively engaged w ith other
market-leading t echnology vendors to ad dress technical obstacles so that our
docum entation can be accessible to all of our customers. For add itional information,
visit the Oracle Accessibility Program Web site at
http:/ / ww w.oracle.com/ accessibility/ .
JAWS, a Wind ows screen reader, may not alw ays correctly read the code examples
in this docum ent. The conventions for w riting code require that closing braces
should app ear on an otherw ise emp ty line; how ever, JAWS may n ot always read a
line of text tha t consists solely of a bracket or brace.
UPPERCASE Upp ercase typeface ind icates elemen tssup plied by the system. We show theseterms in u pp ercase in order to distinguishthem from term s you define. Unless termsappear in brackets, enter them in theorder and with the spelling shown.How ever, because these terms are notcase sensitive, you can enter th em inlowercase.
SELECT last_name, employee_id FROM
employees;
SELECT * FROM USER_TABLES;
DROP TABLE hr.employees;
lowercase Lowercase typeface ind icatesprogramm atic elements that you su pp ly.For example, lowercase ind icates nam esof tables, columns, or files.
Note: Some programmatic elements use amixture of UPPERCASE and lowercase.Enter these elements as shown.
SELECT last_name, employee_id FROM
employees;
sqlplus hr/hr
CREATE USER mjones IDENTIFIED BY ty3MU9;
Convention Meaning Example
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
23/188
Part ISecurity Challenges
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
24/188
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
25/188
Data Security Challenges in the Internet Age 1-1
1Data Security Challenges in the Internet Age
This chap ter presents an overview of data security requiremen ts in the Internet Age,
and examines the full spectrum of da ta security risks that must be countered. It then
provid es a matrix relating security risks to the kinds of technology now available to
protect your d ata.
s
Top Security Mythss The Many Dimensions of System Secur ity
s Fundamental Data Security Requirements
s Secur ity Requiremen ts in the Internet Environmen t
s A World of Data Security Risks
s A Matrix of Security Risks and Solutions
s The System Security Team
Note: As far as possible, this overview of security technology
attemp ts to present issues independen t of the way the technology is
imp lemented . In som e instances, how ever, a technology m ay only
be provided by prod ucts from Oracle Corporation. In such cases,
the conceptual d iscussion is from the p oint of view of the Oraclesolution.
See Chap ter 9, "Oracle9i Security Produ cts and Features" for a
complete d iscussion of secur ity solutions ava ilable from Oracle
Corporation.
Top Security Myths
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
26/188
Top Security Myths
1-2 Oracle9i Security Overview
Top Security Myths
The field of da ta security is rife with m istaken beliefs which cause p eople to d esignineffective security solutions. Here are som e of the m ost prevalent secur ity myth s:
s Myth: Hackers cause most security breaches.
In fact, 80% of data loss is to in sider s.
s Myth: Encryption makes your data secure.
In fact, encryption is only one app roach to securing d ata. Security also requires
access control, data integrity, system availability, and auditing.
s Myth: Firewalls make your data secure.
In fact, 40% of Internet break -ins occur in sp ite of a firewall being in p lace.
To design a security solution that w ill tru ly protect your data, you mu st und erstand
the security requiremen ts relevant to you r site, and the scope of current threats to
your data.
The Many Dimensions of System Security
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
27/188
The Many Dimensions of System Security
Data Security Challenges in the Internet Age 1-3
The Many Dimensions of System SecurityIn the Internet age, the risks to valuable and sensitive data are greater than everbefore. Figure 11 presents a bird s eye view of the complex compu ting
environment wh ich your data security plan mu st encomp ass.
Figure 11 Scope of Data Security Needs
You m ust p rotect databases and the servers on wh ich they reside; you m ust
adm inister and protect the rights of internal database users; and you m ust
gua rantee the confidentiality of ecommerce custom ers as they access your d atabase.
With the Internet continually growing, the threat to data traveling over the netw ork
increases exponentially.
DatabaseServers
ClientsApplicationWeb Server
Clients
IntranetInternet
The Many Dimensions of System Security
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
28/188
y y y
1-4 Oracle9i Security Overview
To protect all the elements of comp lex compu ting systems, you m ust ad dress
security issues in many dimensions.
Think carefully about the specific security risks to your d ata, and make sure the
solutions you adopt actually fit the p roblems. In som e instances, a technical solution
may be inapp ropriate. For example, emp loyees must occasionally leave their desks.
A technical solution cannot solve this physical problem: the work env ironment
mu st be secure.
Table 11 Dimensions of Data Security
Dimension Security Issues
Physical Your computers must be physically inaccessible to
unau thorized users. This means that you m ust keep
them in a secure physical environment.
Personnel The people responsible for system administration and
data security at you r site mu st be reliable. You may needto perform background checks on DBAs before making
hiring d ecisions.
Procedural The procedures used in the operation of your system
mu st assure reliable data. For examp le, one person
might be resp onsible for database backups. Her on ly role
is to be sure the database is up and running. Another
person might be respon sible for generating app licationreports involving p ayroll or sales da ta. His role is to
examine the d ata and verify its integrity. It may be w ise
to separate ou t u sers functional roles in da ta
management.
Technical Storage, access, m anipu lation, and transmission of d ata
mu st be safeguard ed by technology that enforces your
part icular information control policies.
Fundamental Data Security Requirements
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
29/188
Data Security Challenges in the Internet Age 1-5
Fundamental Data Security RequirementsThis section d escribes the basic security standards w hich technology must ensure.
s Confidentiality
s Integrity
s Availability
ConfidentialityA secure system ensu res the confiden tiality of data. This means th at it allows
individuals to see only the data which they are supp osed to see. Confiden tiality has
several different aspects:
s Privacy of Comm unications
s Secure Storage of Sensitive Data
s Authenticated Users
s Granu lar Access Control
Privacy of Communications
Privacy is a very broad concept. For the ind ividual, it involves the ability to control
the spread of confidential informat ion such as health, emp loyment, and credit
records. It also concerns the ind ividua ls control over the d issemination of personal
data. In the bu siness world, privacy may involve trade secrets, proprietary
information about p rodu cts and p rocesses, competitive analyses, as well as
marketing and sales plans. For governm ents, privacy involves such issues as the
ability to collect and an alyze dem ographic information, while protecting th e
confidentiality of millions of individual citizens. It also involves the ability to keep
secrets that affect the countrys interests.
Secure Storage of Sensitive Data
How can you ensure tha t data remains p rivate, once it has been collected? Onceconfidential data h as been entered, its integrity and p rivacy must be protected on
the databases and servers wherein it resides.
Fundamental Data Security Requirements
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
30/188
1-6 Oracle9i Security Overview
Authenticated Users
How can you d esignate the persons and organizations w ho have the right to seedata? Au thentication is a way of imp lementing decisions about w hom to tru st.
Authentication methods seek to guaran tee the iden tity of system users: that a
person is wh o he says he is, and n ot an imp ostor.
Granular Access Control
How mu ch data should a par ticular u ser see? Access control is the ability to cordon
off portions of the database, so that access to the d ata d oes not become an
all-or-nothing p roposition. A clerk in the Hu man Relations dep artm ent might n eedsome access to the EMP tablebut he shou ld not be perm itted to access salary
information for the entire comp any! The gran ularity of access control is the d egree
to w hich data access can be differentiated for particular tables, views, rows, and
colum ns of a database.
Note th e distinction betw een authentication, authorization, and access control.
Authentication is the process by w hich a user s identity is checked. When a user is
auth enticated, he is verified as an au thorized u ser of an ap plication. Author izationis the p rocess by w hich the user s p rivileges are ascertained. Access control is the
process by wh ich the user s access to physical data in the app lication is limited ,
based on his pr ivileges. These are critical issues in d istribu ted systems. For examp le,
if JAUSTEN is trying to access the d atabase, authen tication w ould identify her as a
a valid user. Au thorization wou ld verify her right to connect to the database w ith
Produ ct Manager p rivileges. Access control would enforce the Produ ct Manager
privileges upon her user session.
IntegrityA secure system ensu res that the d ata it contains is valid. Data integrity means that
data is protected from deletion and corru ption, both wh ile it resides within the
database, and while it is being transmitted over the netw ork. Integrity has several
aspects:
s System and object privileges control access to ap plication t ables and system
comm ands, so that only authorized u sers can change d ata.
s Referential integrity is the ability to m aintain valid relationships betw een valu es
in the database, according to rules that hav e been defined.
s A d atabase must be p rotected against viruses designed to corrup t the d ata.
s The network t raffic mu st be protected from deletion, corruption, and
eavesdropping.
Fundamental Data Security Requirements
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
31/188
Data Security Challenges in the Internet Age 1-7
Availability
A secure system makes d ata available to authorized u sers, withou t delay.Denial-of-service attacks are attem pts to block auth orized u sers ability to access
and use the system w hen needed . System availability has a nu mber of aspects:
Resistance A secu re system must be designed to fend off situa tions, or
deliberate attacks, which might pu t it out of commission. For
example, there mu st be facilities within the da tabase to
prohibit run away queries. User profiles must be in place todefine and limit the resources any given user may consum e.
In this way the system can be protected against u sers
consum ing too much memory or too many processes
(whether maliciously or inn ocently), lest others be p revented
from d oing their w ork.
Scalability System performance must remain adequa te rega rd less of the
nu mber of users or processes demanding service.
Flexibility Ad m in istrators m u st h ave ad equ ate m ean s of m an agin g th e
user p opu lation. They might d o this by using a d irectory, for
example.
Ease of Use The secu rity imp lemen ta tion itself must not d imin ish the
ability of valid u sers to get their w ork don e.
Security Requirements in the Internet Environment
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
32/188
1-8 Oracle9i Security Overview
Security Requirements in the Internet Environment
The Internet environm ent expand s the realm of data security in several ways:
s Promises and Problems of the Internet
s Increased Data Access
s Much More Valuable Data
s Larger User Commun ities
s
Hosted Systems and Exchanges
Promises and Problems of the InternetInformation is the cornerstone of eBusiness. The Internet allows bu sinesses to use
information m ore effectively, by allowing customers, su pp liers, emp loyees, and
partners to get access to the business information they need, wh en they need it.
Custom ers can use the w eb to place orders w hich can be fulfilled m ore quickly and
with less error, sup pliers and fulfillmen t hou ses can be engaged as orders areplaced, reducing or eliminating the n eed for inventory, and em ployees can obtain
timely information abou t business operations. The Internet also makes possible
new, innova tive pricing m echanisms, such as online comp etitive bidd ing for
sup pliers, and online auctions for customers. These Internet-enabled services all
translate to redu ced cost: there is less overhead , greater economies of scale, and
increased efficiency. eBusiness greatest promise is m ore timely, more v aluable
information accessible to m ore people, at redu ced cost of informat ion access.
The prom ise of eBusiness is offset by the security challenges associated with the
disintermed iation of data access. "Cutting ou t the midd leman" too often cuts out the
information security the m idd leman provid es. Likewise, the user commun ity
expand s from a small group of know n, vetted users accessing d ata from th e
intranet, to thousand s of users accessing d ata from the Internet. App lication hosting
providers and exchanges offer especially stringentand som etimes
contradictoryrequiremen ts of security by user and by customer, wh ile allowing
secure data sharing am ong commun ities of interest.
While pu tting business systems on the Internet offers potentially un limited
opportunities for increasing efficiency and reducing cost, it also offers potentially
un limited risk. The Internet p rovides mu ch greater access to data, and to m ore
valuable data, not only to legitima te users, but also to hackers, disgruntled
emp loyees, criminals, and corporate sp ies.
Security Requirements in the Internet Environment
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
33/188
Data Security Challenges in the Internet Age 1-9
Increased Data Access
One of the chief eBusiness benefits of the Internet is disinterm ediation. Theintermed iate information p rocessing steps w hich employees typically perform in
brick-and -mortar businesses, such as typ ing in an order received over th e phone or
by mail, are removed from the eBusiness p rocess. Users who are not em ployees and
are thus outside the traditional corporate bound ary (including customers, sup pliers,
and partners) can have direct and imm ediate online access to business information
wh ich p ertains to them.
In a trad itional office environment, an y access to sensitive business information is
throu gh emp loyees. Althou gh emp loyees are not always reliable, at least they are
know n, their access to sensitive data is limited by their job function, and access is
enforced by p hysical and procedu ral controls. Emp loyees wh o pass sensitive
information outsid e the compan y contrary to policy may be subject to disciplinary
action. The threat of pu nishm ent thus helps prevent unau thorized access.
Making bu siness information accessible by means of the Internet vast ly increases
the nu mber of users wh o may be able to access that information. When business is
moved to the Internet, the environment is drastically changed. Companies mayknow little or nothing about th e users (including, in man y cases, emp loyees) wh o
are accessing their systems. Even if they know wh o their users are, it may be very
difficult for comp anies to d eter u sers from accessing information contrary to
company p olicy. It is therefore imp ortant that compan ies manage access to sensitive
information, and p revent unau thorized access to that information before it occurs.
Much More Valuable DataEBusiness relies not only on making bu siness information accessible outside the
trad itional compan y, it also depend s on mak ing the best, most u p-to-date
information available to users w hen they need it. For example, compan ies can
streamline their operations and reduce overhead by allowing su pp liers to have
direct access to consolidated order informat ion. This allows companies to redu ce
inventory by obtaining exactly what they need from supp liers wh en they need it.
Comp anies can also take advantage of new pricing technology, such as online
competitive bidd ing by means of exchanges, to obtain the best p rice from su pp liers,or offer the best price to consum ers.
Streamlining information flow th rough th e business system allows users to obtain
better information from the system . In the past, data from external par tners,
sup pliers, or customers was often entered into th e system throu gh inefficient
mechan isms that w ere prone to error and d elay. For examp le, ma ny compan ies
accepted the bu lk of their orders by phone, letter, or fax, and this information w as
Security Requirements in the Internet Environment
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
34/188
1-10 Oracle9i Security Overview
typed in by clerks or sales peop le. Even wh en electronic data interchange
mechan isms existed, they w ere typically prop rietary and difficult to integrate w ith
compan ies internal data infrastructure. Now, businesses that allow otherbusinesses and consum ers to submit and receive business information d irectly
throu gh the Internet can expect to get more timely, accurate, and valuable
information, at less expense than if traditional data chann els were used.
Formerly, when information w as entered into a business system, it w as often
compar tmen talized. Information maintained by each interna l dep artment, such as
sales, manu factur ing, distribution, and finance, was kept separate, and w as often
processed by p hysically separate and incomp atible databases andapplicationsso-called "islands of information". This prevented businesses from
taking full advantage of the information th ey already had , since it was d ifficult for
different departm ents to exchange information when it was needed , or for
executives to get the latest and most accura te "big p icture" of the business.
Comp anies have found that linking islands of information and consolidating them
wh ere possible, allows users to obtain better information, and to get more benefit
from that information. This makes the informa tion more valuable.
Improving the value of data available to legitimate users generally imp roves its
value to intru ders as w ell. This increases the poten tial rewards to be gained from
unau thorized access to that data, and the p otential damage that can be done to the
business if the d ata w ere corrupted . In other words, the more effective an eBusiness
system is, the greater the need to p rotect it against unauthorized access.
Larger User CommunitiesThe sheer size of the user comm un ities wh ich can access business systems by w ay
of the Internet not only increases the risk to th ose systems, it also constrains the
solutions which can be dep loyed to add ress that risk. The Internet creates
challenges in t erms of scalability of security m echan isms, manag ement of those
mechanisms, and the need to m ake them stand ard and interoperable.
Scalability
Secur ity mechanisms for Internet-enabled systems must sup port m uch largercommu nities of users than systems w hich are not Internet-enabled. Whereas the
largest trad itional enterp rise systems typically supp orted thou sands of users, many
Internet-enabled systems have millions of users.
Security Requirements in the Internet Environment
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
35/188
Data Security Challenges in the Internet Age 1-11
Manageability
Trad itional mechanisms for identifying users an d m anaging th eir access, such asgranting each user an accoun t and p assword on each system she accesses, may not
be practical in an Internet environm ent. It rapidly becomes too d ifficult and
expensive for system ad ministrators to m anage separate accoun ts for each user on
every system.
Interoperability
Unlike traditional enterp rise systems, where a comp any owns and controls all
compon ents of the system, Internet-enabled eBusiness systems m ust exchange da tawith systems owned and controlled by others: by customers, suppliers, partners,
and so on. Secur ity mechanisms d eployed in eBusiness systems m ust therefore be
stand ards-based, flexible, and interoperable, to ensure that they w ork w ith others
systems. They mu st supp ort thin clients, and work in mu ltitier architectures.
Hosted Systems and ExchangesThe principal security challenge of hosting is keeping d ata from d ifferent h osted
user comm un ities separate. The simp lest way of doing this is to create physically
separate systems for each hosted comm unity. The d isadvantage of this app roach is
that it requires a separa te comp uter, with separately installed, man aged, and
configured software, for each hosted user commu nity. This provid es little in the
way of econom ies of scale to a h osting compan y.
Several factors can greatly red uce costs to hosting service provider s. These factors
includ e mechanisms which allow m ultiple user commu nities to share a singlehard ware and software instance; mechanisms wh ich separa te data for different user
commu nities; and w ays to provide a single administrative interface for the hosting
provider.
Exchanges have requirements for both data separation and d ata sharing. For
example, an exchange may ensure that a sup pliers bid remains un viewable by
other sup pliers, yet allow all bids to be evalua ted by th e entity requesting the bid.
Furtherm ore, exchanges may also sup port "comm unities of interest" in which
group s of organizations can share d ata selectively, or work together to p rovide such
things as joint bid s.
A World of Data Security Risks
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
36/188
1-12 Oracle9i Security Overview
A World of Data Security Risks
The integrity and privacy of data are at risk from u nau thorized u sers, externalsources listening in on the network , and interna l users giving away the store. This
section explains the risky situations and p otential attacks that could comprom ise
your data.
s Data Tamp ering
s Eavesdropping and Data Theft
s Falsifying User Identities
s Password-Related Threats
s Unau thorized Access to Tables and Colum ns
s Unau thorized Access to Data Rows
s Lack of Accountability
s Complex User Management Requirements
A World of Data Security Risks
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
37/188
Data Security Challenges in the Internet Age 1-13
Data Tampering
Privacy of commu nications is essential to ensure th at data cannot be modified orviewed in tran sit. Distributed environm ents bring with them the possibility that a
malicious third p arty can perpetrate a compu ter crime by tampering w ith data as it
moves between sites.
In a d ata mod ification attack, an unau thorized party on the network intercepts d ata
in transit and changes par ts of that data before retransmitting it. An examp le of this
is changing the dollar amount of a banking tran saction from $100 to $10,000.
In a replay attack, an entire set of valid da ta is repeated ly interjected onto thenetw ork. An example would be to repeat, one thousand times, a valid $100 bank
accoun t transfer transaction.
Eavesdropping and Data TheftData must be stored and transm itted securely, so that information su ch as credit
card num bers cannot be stolen.
Over the Internet and in Wide Area Netw ork (WAN) environments, both public
carriers and p rivate network ow ners often route portions of their network th rough
insecure land lines, extremely vulnerable microwave an d satellite links, or a num ber
of servers. This situation leaves valuable data op en to view by any interested p arty.
In Local Area Netw ork (LAN) environm ents within a building or campus, insiders
with access to the physical wiring can potentially view d ata not intend ed for them.
Netw ork sniffers can easily be installed to eavesd rop on netw ork traffic. Packet
sniffers can be designed to find and steal user names and password s.
Falsifying User IdentitiesYou need to know your u sers. In a distributed environmen t, it becomes more
feasible for a u ser to falsify an identity to gain access to sensitive and imp ortant
information. How can you be su re that u ser Pat connecting to Server A from Client
B really is user Pat?
In add ition, malefactors can hijack connections. How can you be sure that Client Band Server A are what they claim to be? A transaction that should go from th e
Personnel system on Server A to the Pay roll system on Server B could be
intercepted in transit and rou ted instead to a terminal masquerad ing as Server B.
Identity theft is becoming one of the greatest threats to ind ividua ls in the Internet
environment. Criminals attemp t to steal users credit card numbers, and then make
pu rchases against the accoun ts. Or they steal other personal data, such as checking
A World of Data Security Risks
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
38/188
1-14 Oracle9i Security Overview
accoun t num bers and d river s license nu mbers, and set up bogus credit accoun ts in
someone elses nam e.
Non -repu diation is another identity concern: how can a per sons digital signatu re
be protected? If hackers steal someones digital signatu re, that person may be held
responsible for any actions perform ed u sing their pr ivate signing key.
Password-Related ThreatsIn large systems, users mu st remember m ultiple passwords for the different
app lications and services that they use. For examp le, a developer can have access toa developm ent application on a w orkstation, a PC for send ing email, and several
compu ters or intranet sites for testing, reporting bugs, and m anaging
configurations.
Users typically respond to the problem of managing mu ltiple passw ords in several
ways:
s They m ay select easy-to-guess passw ordssuch as a n ame, fictional character,
or a w ord found in a d ictionary. All of these passwords are vu lnerable todictionary attacks.
s They may also choose to standard ize password s so that they are the same on all
machines or web sites. This results in a p otentially large exposure in the event
of a comprom ised p assword . They can also use password s with slight
variations that can be easily derived from know n passw ords.
s Users with complex passwords may write them d own where an attacker can
easily find them , or they may just forget themrequiring costly adm inistrationand support efforts.
All of these strategies comprom ise password secrecy and service ava ilability.
Moreover, administration of multiple user accoun ts and p assword s is complex,
time-consum ing, and expensive.
Unauthorized Access to Tables and ColumnsThe database may contain confidential tables, or confidential colum ns in a table,
wh ich shou ld not be ava ilable indiscriminately to all users authorized to access the
database. It should be possible to protect data on a colum n level.
A World of Data Security Risks
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
39/188
Data Security Challenges in the Internet Age 1-15
Unauthorized Access to Data Rows
Certain data row s may contain confidential information wh ich shou ld not beavailable ind iscriminately to u sers auth orized to access the table.
You need granu lar access controla way to enforce confident iality on the d ata
itself. For example, in a shared environmen t bu sinesses should only have access to
their own data ; customers shou ld only be able to see their own ord ers. If the
necessary compartm entalization is enforced up on the data, rather than add ed by
the application, then it cannot be bypassed by users.
System s mu st therefore be flexible: able to sup por t different security policiesdep ending on whether you are d ealing with customers or emp loyees. For example,
you m ay require stronger authentication for emp loyees (who can see more d ata)
than you d o for customers. Or, you m ay allow employees to see all custom er
records, wh ile customers can only see their own records.
Lack of Accountability
If the system adm inistrator is unable to tr ack users activities, then users cannot beheld respon sible for their actions. There must be some reliable way to monitor wh o
is performing w hat operations on the d ata.
Complex User Management RequirementsSystems m ust often supp ort thousand sor hu ndreds of thousandsof users: thus
they m ust be scalable. In such large-scale environments, the burd en of managing
user accounts and passwords m akes your system vulnerable to error and attack.You need to know wh o the u ser really isacross all tiers of the ap plicationto have
reliable security.
Multitier Systems
This problem becomes particularly complex in mu ltitier systems. Hereand in
most p ackaged ap plicationsthe typical secur ity mod el is that of One Big
App lication User. The u ser connects to the application, and the ap plication (orapp lication server) logs on and provid es comp lete access for everyone, with no
auditing and un limited privileges. This model places your data at riskespecially
in the Internet, wh ere your w eb server or ap plication server dep ends u pon a
firewall. Firewalls are commonly vu lnerable to break-ins.
A World of Data Security Risks
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
40/188
1-16 Oracle9i Security Overview
Scaling the Security Administration of Multiple Systems
Adm inistration of thousand s, or hund reds of thousand s of users, is difficult enou gh
on a single system. This burden is compound ed w hen security mu st be
adm inistered on mu ltiple systems.
To meet the challenges of scale in security administration, you should be able to
centrally man age users and p rivileges across multiple app lications and d atabases,
using a d irectory based on ind ustry stand ards. This can redu ce system man agement
costs and increase business efficiency.
Further, creating and building sep arate databases for mu ltiple app lication
subscribers is not a cost-efficient model for an application service provider. While
technically possible, the separate database mod el would quickly become
unmanageable. To be su ccessful, a single ap plication installation shou ld be able to
host multiple compan iesand be ad ministered centrally.
A Matrix of Security Risks and Solutions
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
41/188
Data Security Challenges in the Internet Age 1-17
A Matrix of Security Risks and Solutions
The following table relates security risks to the technologies which add ress them,and to the corresponding Oracle products.
Table 12 Matrix of Security Risks and Solutions
Problem Solution Security Technology Oracle Products & Features
Unauthorized users Know your users Authentication Oracle9i Standard Edition, &Oracle9i Enterprise Edition:Passwords, Password man agement
Oracle Advanced Secur ity: Tokens,smar t cards, Kerberos, and so on.
PKI: X.509 Certificates
Unauthorized accessto data
Limit access to data Access Control Oracle9i Standard Edition
Oracle9i Enterpr ise Edition: VirtualPrivate Database
Dynamic querymodification
Fine Grained Access Control Oracle9i Enterpr ise Edition: VirtualPrivate Database
Limit access to d atarows and colum ns
Label Based Access Control Oracle Label Security
Encrypt data Data Encryption Oracle9i Standard Edition, &Oracle9i Enterpr ise Edition
Limit privileges Privilege Management Oracle9i Stand ard Edition: Roles,Privileges
Oracle9i Enterpr ise Edition: SecureApp lication Roles
Oracle Advanced Security:Enterpr ise Roles
Eavesdropp ing oncommunications
Protect th e n etw ork N etw ork En cryp tion Oracle Ad van ced Secu rity:Encryption
Secure Sockets Layer
Corruption of data Protect the network Data Integrity Oracle Advanced Security:Checksumming
PKI: Checksumming (as par t ofSSL)
A Matrix of Security Risks and Solutions
-
7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)
42/188
1-18 Oracle9i Security Overview
Denial of service Cont rol access toresources
Availability Oracle9i Standard Edition &Oracle