les.ppt

les_15 Copyright ? 2006, Oracle. All rights reserved. Database Security 15- 2 Copyright ? 2006, Oracle. All rights reserved. Objectives pleting this lesson, you should be able to do the following: ? Implement Transparent Data Encryption (TDE) ? Use TDE with encrypted columns ? Describe Data Pump (DP) encryption ? ponents of Recovery Manager (RMAN) – encrypted backups ? Define basic concepts of a Virtual Private Database (VPD) ? Apply a column-level VPD policy TDE DP RMAN VPD 15- 3 Copyright ? 2006, Oracle. All rights reserved. Oracle Transparent Data Encryption (TDE): Overview ? Need for secure information ? Automatic encryption of sensitive information: – Embedded in the Oracle database – No need to change application logic – Encrypts data and index values ? Using an encryption key: – Master key for the entire database – Stored in Oracle Wallet Encryption/Decryption Column and index data Wallet 15- 4 Copyright ? 2006, Oracle. All rights reserved. Oracle Transparent Data Encryption (TDE) Full Notes Page 15- 5 Copyright ? 2006, Oracle. All rights reserved. TDE Process External Security Module Wallet Name Sal Card Address JFV 10000 A0023 Rognes 20000 B1524 10000 C2568 30000 D1483 20000 E0732 40000 F3456 Clear data Encrypted data Name Sal Card Address JFV é&à{+”~é[ Rognes ])° =# § !?&} &( è `$ }{|\ ?{@”#|} #{[| è`μ￡*°{ }|_@} ~{([ ?^“&2#è ALTER TABLE Master key SELECT|INSERT|UPDATE| CREATE TABLE Column keys 15- 6 Copyright ? 2006, Oracle. All rights reserved. Implementing Transparent Data Encryption 1. Create a wallet: automatically or by using Oracle Wallet Manager. ENCRYPTION_WALLET_LOCATION= (SOURCE=(METHOD=FILE)(METHOD_DATA= (DIRECTORY=/opt/oracle/product//))) Example .ora entry: 15- 7 Copyright ? 2006, Oracle. All rights reserved. Implementing Transparent Data Encryption 2. Set the master key from within your instance: 3. Open the wallet from within your instance (future): 4. Create tables that contain encrypted columns: CREATE T