By default, communication between the database and a remote client is accomplished without any encryption method, ie all instructions executed and the data can be intercepted by someone listening on the network using a 'sniffer'. In businesses which handle confidential information leakage risk is very high so someone with skills in pattern recognition could easily be made of this information.
Oracle has a feature called "Oracle Advanced Security 'which is necessary to configure both the server and client. This configuration is done in the sqlnet.ora file so no need to alter the applications or restart the instance. Remote connections made after the settings are already using the method of encryption that is defined but not existing connections.
In the scheme I have SCOTT CUSTOMER table with the following definition and data:
juan Using IP Tools tool as 'sniffer' and applying the above query we get the following.
Definition:
and outcome:
addition to many other characters both familiar and strange, we see that it fails to distinguish at a glance the names 'sergio', 'pedro', 'john' accompanied by their credit card numbers . In a production environment this course is not acceptable.
This is where security comes into play through encryption.
Using the tool "Oracle Net Manager 'expand node' Local 'and select' Profile '. In the upper right pane open the 'combo box' and select 'Oracle Advanced Security. "
If 'Oracle Advanced Security "appears not deployed, you must do the following. Edit the NetProperties directory $ ORACLE_HOME / network / tools , adding "ASO " at the end of the line that begins with " INSTALLEDCOMPONENTS ."
'Oracle Net Manager "and run again, the' Oracle Advanced Security" and should appear.
Select the tab 'Integrity' in the item 'Integrity' select "SERVER" in "Checksum Level" select "requested" and the list 'Available Methods' select "MD5" and press the button '>'
Then select the tab 'Encryption' in the item 'Encryption' select "SERVER" in "Encryption Type" select "requested" in 'Encryption Seed' write a string long enough to serve for the encryption and the list 'Available Methods' select' 3DES168 "and press the button '>'
The settings in each a customer is basically the same, just change the value of the items 'Integrity' and 'Encryption' of "SERVER" to "CLIENT" and specify in 'Encryption Seed' a completely different string to the server.
not forget to save the settings made in "Oracle Net Manager" (File -> Save Network Configuration), then when we forget to wonder why it does not work and even comes to seeking a solution beyond the problem, usually happens:).
Finally, to prove that everything is working correctly is to close the SQL * Plus, opening a new one, enable the 'sniffer' and run the query on the table scott.customer again.
We now see that only shows a set of meaningless characters and can not see the definition:
nor can already see the data:
All encryption methods shown in ' Oracle Net Manager "are industry standards, which will depend almost the level of encryption that is required to elect any of them.
"Changes in applications? None. Suspension of service "database? None. Extent of reliability? Complete.
Note: Like most "extra parts" that come with database, this functionality may have an extra license cost for what I would recommend check before deploying in a production environment.
Oracle has a feature called "Oracle Advanced Security 'which is necessary to configure both the server and client. This configuration is done in the sqlnet.ora file so no need to alter the applications or restart the instance. Remote connections made after the settings are already using the method of encryption that is defined but not existing connections.
In the scheme I have SCOTT CUSTOMER table with the following definition and data:
SQL> select name, credit_card from scott.customer;
CREDIT_CARD
-------- -------------------- NAME pedro sergio
1234-1234-1234-1234 1234-1234-1234-1235 1234-1234-1234-1236
CREDIT_CARD
-------- -------------------- NAME pedro sergio
1234-1234-1234-1234 1234-1234-1234-1235 1234-1234-1234-1236
juan Using IP Tools tool as 'sniffer' and applying the above query we get the following.
Definition:
and outcome:
addition to many other characters both familiar and strange, we see that it fails to distinguish at a glance the names 'sergio', 'pedro', 'john' accompanied by their credit card numbers . In a production environment this course is not acceptable.
This is where security comes into play through encryption.
Using the tool "Oracle Net Manager 'expand node' Local 'and select' Profile '. In the upper right pane open the 'combo box' and select 'Oracle Advanced Security. "
If 'Oracle Advanced Security "appears not deployed, you must do the following. Edit the NetProperties directory $ ORACLE_HOME / network / tools , adding "ASO " at the end of the line that begins with " INSTALLEDCOMPONENTS ."
INSTALLEDCOMPONENTS = CLIENT, ORACLENET, ANO, ASO Closes
'Oracle Net Manager "and run again, the' Oracle Advanced Security" and should appear.
Select the tab 'Integrity' in the item 'Integrity' select "SERVER" in "Checksum Level" select "requested" and the list 'Available Methods' select "MD5" and press the button '>'
Then select the tab 'Encryption' in the item 'Encryption' select "SERVER" in "Encryption Type" select "requested" in 'Encryption Seed' write a string long enough to serve for the encryption and the list 'Available Methods' select' 3DES168 "and press the button '>'
The settings in each a customer is basically the same, just change the value of the items 'Integrity' and 'Encryption' of "SERVER" to "CLIENT" and specify in 'Encryption Seed' a completely different string to the server.
not forget to save the settings made in "Oracle Net Manager" (File -> Save Network Configuration), then when we forget to wonder why it does not work and even comes to seeking a solution beyond the problem, usually happens:).
Finally, to prove that everything is working correctly is to close the SQL * Plus, opening a new one, enable the 'sniffer' and run the query on the table scott.customer again.
We now see that only shows a set of meaningless characters and can not see the definition:
nor can already see the data:
All encryption methods shown in ' Oracle Net Manager "are industry standards, which will depend almost the level of encryption that is required to elect any of them.
"Changes in applications? None. Suspension of service "database? None. Extent of reliability? Complete.
Note: Like most "extra parts" that come with database, this functionality may have an extra license cost for what I would recommend check before deploying in a production environment.
0 comments:
Post a Comment