Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Slide 1
Document related concepts
Entity–attribute–value model wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Extensible Storage Engine wikipedia , lookup
Relational model wikipedia , lookup
ContactPoint wikipedia , lookup
Clusterpoint wikipedia , lookup
Transcript
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. Encrypt Your Sensitive Data Transparently in 30 Minutes or Less Paul Youn Senior Member of Technical Staff Peter Wahl Senior Product Manager When in Doubt, Encrypt Encryption Recognized as Defensible Safeguard • Security Breach Notification Laws recognize encryption as a safeguard against data breaches • Encryption is now a de-facto solution for regulatory compliance with all data privacy and breach notification laws Oracle Advanced Security Feature Overview • Transparent Data Encryption Strong Authentication – Full tablespace encryption – Column-level – Encrypted backups (RMAN) and Data Pump Exports • Built-In Key Management – Managed by the database – Hardware Security Module (HSM) integration • Network Encryption • Strong Authentication Network Encryption 75,000 ^#^*>* Encrypted Tape Backups, Disk Backups, Exports Prepare Database for TDE Tablespace Encryption Configure External Security Module • Create directory to store Oracle Wallet or install and configure Hardware Security Module • Create Master Key: alter system set encryption key identified by “password”; Rolling out TDE Tablespace Encryption • Fresh Application Installation – Modify install scripts to create encrypted tablespaces – Install application using the modified script • Existing Application – Use Online Table Redefinition to transparently migrate an existing application – No downtime – Transparent to application and application users Fresh Installation Example: Peoplesoft Enterprise • Edit xxDDL.sql install scripts (e.g. epddl.sql) Replace: CREATE TABLESPACE AMAPP DATAFILE ‘/opt/oracle/oradata/amapp.dbf’ SIZE 90M EXTENT MANAGEMENT LOCAL AUTOEXTENT; With: CREATE TABLESPACE AMAPP DATAFILE ‘/opt/oracle/oradata/amapp.dbf’ SIZE 90M EXTENT MANAGEMENT LOCAL AUTOEXTENT ENCRYPTION using AES256 DEFAULT STORAGE(ENCRYPT); • Run script Existing Installation Step-by-Step: Preparation • SYS grants execution rights for Online Table Redefinition to SYSADM • Temporary additional storage: size of largest tablespace • Create new encrypted tablespaces containing all interim tables that correspond to the source tablespaces and tables Existing Installation Step-by-Step: Create Initial Encrypted Copies • Create a procedure that generates individual scripts to start redefining all tables in a tablespace at a time • Copy dependent objects using dbms_redefinition.copy_table_dependents (indexes, triggers, constraints, privileges, statistics, MVlogs) Existing Installation Step-by-Step: Synchronize and Finish • Create a procedure that generates individual scripts to synchronize interim with original tables • Create a procedure that generates individual scripts that automatically finishes the redefinition process: – Synchronize interim and original tables – Names of original tables and interim tables are switched – Original tables briefly locked • Rename the original tablespaces • Rename encrypted tablespaces to original tablespace name alter tablespace <TBS_NAME_ENC> rename to <TBS_NAME> For More Information search.oracle.com Transparent Data Encryption or http://www.oracle.com/database/security/index.html Oracle Database Security Learn More At These Oracle Sessions S311340 Classify, Label, and Protect: Data Classification and Security with Oracle Label Security Monday 14:30 - 15:30 Moscone South Room 307 S308113 Oracle Data Masking Pack: The Ultimate DBA Survival Tool in the Modern World Tuesday 11:30 - 12:30 Moscone South Room 102 S311338 All About Data Security and Privacy: An Industry Panel Tuesday 13:00 - 14:00 Moscone South Room 103 S311455 Tips/Tricks for Auditing PeopleSoft and Oracle EBusiness Suite Applications from the Database Tuesday 14:30 - 15:30 Moscone South Room 306 S311339 Meet the Database Security Development Managers: Ask Your Questions Tuesday 16:00 - 17:00 Moscone South Room 306 S311345 Database Auditing Demystified: The What, the How, and the Why Tuesday 17:30 - 18:30 Moscone South Room 306 S311342 Do You Have a Database Security Plan? Wednesday 11:45 - 12:45 Moscone South Room 102 S311332 Encrypt Your Sensitive Data Transparently in 30 Minutes or Less Wednesday 13:00 - 13:30 Moscone South Room 103 S311337 Secure Your Existing Application Transparently in 30 Minutes or Less Wednesday 13:45 - 14:15 Moscone South Room 103 S311344 Securing Your Oracle Database: The Top 10 List Wednesday 17:00 - 18:00 Moscone South Room 308 S311343 Building an Application? Think Data Security First Thursday 13:30 - 14:30 Moscone South Room 104
