Database security and Oracle Database 11g
Database security and Oracle Database 11g
Oracle made following two changes in database security.
Transparent Data Encryption enhancement:
You can find lot of security incident thru Google where data lost from missing backup taps. Oracle is exactly trying to solve the same problem. Now they provided transparent encryption at tablespace level addition to column level. It means once you declare your tablespace for TDE, you don’t need to worry about disk level data encryption. Oracle will automatically take care.
Also Oracle started providing support for Hardware Security Module. HSM provide much more strong protection to encryption keys then Wallet store.
Administrators can now disallow anonymous access to database service information in a directory and require clients to authenticate when performing LDAP directory-based name look-ups. If you are using Microsoft Active Directory-based name lookups, then Oracle Database uses the native operating system-based authentication. If you are using Oracle Internet Directory (OID)-based name lookups, then Oracle Database performs authentication by using wallets.
I don't see any major reason to protect service name through ldap authentication. This makes Naming Service configuration more difficult than before. Certainly this is not a risk based approach of oracle.
In conclusion, Oracle is going in good direction in terms of security but we need to see more in future.
Reference:
posted by Nishidhdha @ 12:44 PM
0 Comments:
Post a Comment
<< Home