!Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)

7/31/2019 !Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)

1/188

Oracle9i

Security Overview

Release 1 (9.0.1)

June 2001

Part No. A90148-01


2/188

Oracle9i Security Overview , Release 1 (9.0.1)

Part No. A90148-01

Copyr ight 2001, Oracle Corporat ion. All rights reserved .

Primary Author : Rita Moran

Contributing Authors: Kristy Browder, Mary Ann Davidson, John H eimann, Paul Needham, David

Saslav, Uppili Srinivasa n

Contributors: Mike Cowan, Sud ha Iyer, Richard Smith, Deborah Steiner, Daniel Wong

The Programs (which include both the software and d ocumentation) contain p roprietary information ofOracle Corporation; they are p rovided u nder a license agreement containing restrictions on use an d

disclosure and are also protected by copyright, patent, and oth er intellectual and ind ustrial property

laws. Reverse engineering, disassembly, or decompilation of the Programs is prohibited.

The information contained in this docum ent is subject to change w ithout notice. If you find any p roblems

in the docum entation, please report them to us in wr iting. Oracle Corporation d oes not warran t that this

documen t is error free. Except as m ay be expressly permitted in your license agreement for these

Programs, no part of these Programs may be reprodu ced or transmitted in any form or by any m eans,

electronic or mechanical, for any p urp ose, without the express written p ermission of Oracle Corporation.

If the Programs are d elivered to th e U.S. Government or an yone licensing or u sing the program s onbehalf of the U.S. Governm ent, the following n otice is ap plicable:

Restricted Rights N otice Programs delivered subject to the DOD FAR Supplement are "commercial

compu ter software" and u se, du plication, and disclosure of the Programs, including d ocumentation,

shall be subject to the licensing restrictions set forth in the ap plicable Oracle license agreem ent.

Otherwise, Programs d elivered subject to the Federal Acquisition Regulations are "restricted compu ter

software" and u se, dup lication, and disclosure of the Program s shall be subject to the restrictions in FAR

52.227-19, Commercial Com pu ter Software - Restricted Rights (Jun e, 1987). Oracle Corp oration , 500

Oracle Park wa y, Redw ood City, CA 94065.

The Programs are n ot intend ed for u se in any nuclear, aviation, mass transit, medical, or other inherentlydangerous applications. It shall be the licensee's responsibility to take all appropriate fail-safe, backup,

redu ndan cy, and other m easures to ensure the safe use of such app lications if the Programs are u sed for

such pu rposes, and Oracle Corporation d isclaims liability for any d amages caused by such u se of the

Programs.

Oracle is a registered tradem ark, and Oracle8i, Oracle9i, PL/ SQL, LogMiner, Oracle Call Interface, Oracle

Enterp rise Manage r, Oracle Label Security, and Oracle Wallet Mana ger are trad ema rks or registered

tradema rks of Oracle Corporation. Other nam es may be trad emarks of their respective owners.


3/188

iii

Contents

Send Us Your Comments .................................................................................................................. xiii

Preface........................................................................................................................................................... xv

Au dience ............................................................................................................................................... xvi

Or ganiza tion ........................................................................................................................................ xviiRelated Documentation ..................................................................................................................... xviii

Conventions.......................................................................................................................................... xix

Documentation Accessibility ............................................................................................................ xxii

Part I Security Challenges

1 Data Security Challenges in the Internet Age

Top Security Myths............................................................................................................................. 1-2

The Many D imensions of System Security ................................................................................... 1-3

Fundamental D ata Security Requirements .................................................................................... 1-5

Confidentiality .............................................................................................................................. 1-5

Pr ivacy of Com munications ................................................................................................ 1-5

Secure Storage of Sensitive Data ......................................................................................... 1-5Au thenticated Users.............................................................................................................. 1-6

Granular Access Con trol ...................................................................................................... 1-6

Integrity.......................................................................................................................................... 1-6

Availability .................................................................................................................................... 1-7

Security Requirements in the Internet Environment .................................................................. 1-8

Prom ises an d Problems of the Internet ..................................................................................... 1-8
http://comments_template.pdf/http://comments_template.pdf/


4/188

iv

Increased Data Access .................................................................................................................. 1-9

Mu ch More Valu able Data .......................................................................................................... 1-9Larger User Com munities ......................................................................................................... 1-10

Scalability .............................................................................................................................. 1-10

Manageability....................................................................................................................... 1-11

Interoperability .................................................................................................................... 1-11

Hosted System s and Exchanges ............................................................................................... 1-11

A World of D ata Security Risks ..................................................................................................... 1-12

Data Tam per ing .......................................................................................................................... 1-13

Eavesd ropping and Data Theft ................................................................................................. 1-13

Falsifying User Identit ies ........................................................................................................... 1-13

Passw ord-Related Threats ......................................................................................................... 1-14

Unauthorized Access to Tables and Columns........................................................................ 1-14

Unau thorized Access to Data Rows......................................................................................... 1-15

Lack of Accou ntability ............................................................................................................... 1-15

Complex User Management Requirements............................................................................ 1-15

Multitier Systems................................................................................................................. 1-15

Scaling the Security Administration of Mu ltip le Systems............................................. 1-16

A Matrix of Security Risks and Solutions .................................................................................... 1-17

The System Security Team .............................................................................................................. 1-19

Part II Technical Solutions to Security Risks

2 Protecting Data Within the Database

Introduction ......................................................................................................................................... 2-2

System and Object Privileges ........................................................................................................... 2-2

System Pr ivileges .......................................................................................................................... 2-2

Schema Object Privileges............................................................................................................. 2-3

Managing System and Object Privil eges ....................................................................................... 2-3

Using Roles to Manage Pr ivileges .............................................................................................. 2-4

Database Roles ....................................................................................................................... 2-4

Global Roles............................................................................................................................ 2-5

Enterp rise Roles ..................................................................................................................... 2-6

Secure Ap plication Roles ...................................................................................................... 2-6

Using Stored Proced ures to Manage Privileges ....................................................................... 2-7


5/188

v

Using Network Facilities to Manage Privileges....................................................................... 2-7

Using View s to Manage Priv ileges ............................................................................................ 2-8Row Level Security ............................................................................................................................. 2-9

Com plex and Dynamic View s .................................................................................................... 2-9

Ap plication Qu ery Rew rite: Virtu al Private Database (VPD) ............................................... 2-9

Label Based Access Con trol ...................................................................................................... 2-10

Encrypting Data on the Server ....................................................................................................... 2-11

Selective Encryption of Stored Data ........................................................................................ 2-11

Industry Standard Encryption Algorithms............................................................................. 2-11

Database Integrity Mechanisms .................................................................................................... 2-12

System Availability Factors ............................................................................................................ 2-13

Secure Configuration Practices ...................................................................................................... 2-14

3 Protecting Data in a Network Environment

Introduction ......................................................................................................................................... 3-2Protecting Data During Transmission ............................................................................................ 3-3

Con trollin g Access Within the Netw ork ................................................................................... 3-3

Middle-Tier Connection Management............................................................................... 3-3

Native N etw ork Cap abilities (Valid Node Ch ecking) ..................................................... 3-3

Database Enforced Network Access................................................................................... 3-4

Encryp ting Data for Network Transmission ............................................................................ 3-4

Encryp tion Algorith ms ......................................................................................................... 3-5Data Integrity Checkin g ....................................................................................................... 3-6

Secure Sockets Layer (SSL) Protocol .......................................................................................... 3-6

Firewalls......................................................................................................................................... 3-7

Ensuring Security in Three-Tier Systems ...................................................................................... 3-8

Proxy Au thentication to Ensu re Three-Tier Security .............................................................. 3-8

Java Database Con nectiv ity (JDBC) ........................................................................................... 3-8

JDBC-OCI Dr iver ................................................................................................................... 3-9

Thin JDBC Dr iver .................................................................................................................. 3-9

4 Authenticating Users to the Database

Introduction ......................................................................................................................................... 4-2

Passwords ............................................................................................................................... .............. 4-2

Strong Authentication........................................................................................................................ 4-3


6/188

vi

Kerberos an d CyberSafe .............................................................................................................. 4-4

RADIUS.......................................................................................................................................... 4-4Token Cards................................................................................................................................... 4-5

Smar t Card s ................................................................................................................................... 4-6

Distr ibu ted Computing Env ironm ent (DCE) ........................................................................... 4-7

Biometrics....................................................................................................................................... 4-7

PKI and Cert ificate-Based Authentication ................................................................................ 4-7

Proxy Authentication and Authorization ....................................................................................... 4-8

Single Sign-On .................................................................................................................................. 4-10

Server-Based Single Sign-On..................................................................................................... 4-10

Mid dle Tier Single Sign-On ....................................................................................................... 4-11

5 Using and Deploying a Secure Directory

Introduction ......................................................................................................................................... 5-2

Centralizing Shared Information w ith LDAP ............................................................................... 5-3Securing the Directory ....................................................................................................................... 5-5

Directory Au thentication of Users ............................................................................................. 5-5

Passw ord Protection in a Directory ........................................................................................... 5-6

Directory Access Con trols and Authorization ......................................................................... 5-7

Directory-Based Application Security ............................................................................................ 5-8

Au thorization of Users ................................................................................................................. 5-8

Au thorization of Administra tor s................................................................................................ 5-8Ad ministra tive Roles in the Directory ..................................................................................... 5-12

6 Administering Enterprise User Security

Introduction ......................................................................................................................................... 6-2

Enterprise Privi lege Adminis tration ............................................................................................... 6-3

Shared Schemas ................................................................................................................................... 6-4Password-Authenticated Enterprise Users ..................................................................................... 6-5

Enterprise Roles .................................................................................................................................. 6-5

Multitier Authentication and Authorization ................................................................................. 6-5

Single Sign-On .................................................................................................................................... 6-6


7/188

vii

7 Auditing to Monitor System Security

Introduction ......................................................................................................................................... 7-2

Fundamental Auditing Requirements ............................................................................................ 7-2

Robu st, Com prehensive Au ditin g ...................................................................................... 7-2

Efficient Au diting .................................................................................................................. 7-2

Cu stom izable Au ditin g ........................................................................................................ 7-3

Fine Grained, Extensible Auditing ................................................................................................. 7-3

Auditing in Multitier Application Environments ........................................................................ 7-4

8 The Public Key Infrastructure Approach to Security

Introduction ......................................................................................................................................... 8-2

Secur ity Featu res of PKI .............................................................................................................. 8-2

Componen ts of PKI ...................................................................................................................... 8-3

Ad vantages of the PKI Approach .............................................................................................. 8-3

Public Key Cryptography and the Public Key/Private Key Pair ............................................... 8-4

Secure Credentials: Certificate-Based Authentication in PKI ................................................... 8-5

Certificates and Certificate Authorities..................................................................................... 8-5

Cer tificate Au thorities .......................................................................................................... 8-5

Cert ificates .............................................................................................................................. 8-6

Authentication Methods Used with PKI................................................................................... 8-7

Secure Sockets Layer Au thent ication and X.509v3 Digital Certificates ........................ 8-7

Entru st/ PKI Authentication ................................................................................................ 8-8

Storing Secure Credentials w ith PKI.............................................................................................. 8-8

Single S ign-On Using PKI................................................................................................................ 8-9

Network Security Using PKI ............................................................................................................ 8-9

Part III Oracle9iSecurity Products

9 Oracle9iSecurity Products and Features

Oracle9i Standard Edition ................................................................................................................. 9-2

Integrity.......................................................................................................................................... 9-3

Data Integr ity ......................................................................................................................... 9-3

Ent ity Integr ity Enfor cement ............................................................................................... 9-3

Referent ial Integr ity .............................................................................................................. 9-3


8/188

viii

Authentication and Access Controls in Oracle9i ..................................................................... 9-4

Privileges........................................................................................................................................ 9-4Roles................................................................................................................................................ 9-5

Au diting ......................................................................................................................................... 9-5

Views, Stored Program Units, Triggers..................................................................................... 9-5

Data Encryption ............................................................................................................................ 9-6

High Av ailability .......................................................................................................................... 9-6

User Profiles ........................................................................................................................... 9-6

On line Backup and Recovery .............................................................................................. 9-7Ad vanced Replication ........................................................................................................... 9-7

Data Partitioning.................................................................................................................... 9-7

Very High Availab ility with Real Ap plication Cluster s .................................................. 9-8

Proxy Auth entication in Oracle9i ............................................................................................... 9-9

Introd uction ............................................................................................................................ 9-9

Support for Additional Protocols...................................................................................... 9-10

Expanded Cred ential Proxy ............................................................................................... 9-10

Ap plication User Proxy Au thentication ........................................................................... 9-11

Oracle9i Enterprise Edition ............................................................................................................. 9-12

Internet Scale Security Featu res ................................................................................................ 9-12

Deep Data Protection .......................................................................................................... 9-12

Internet-Scale Security ........................................................................................................ 9-13

Secure Hosting and Data Exchange.................................................................................. 9-13

Ap plication Secu rity ................................................................................................................... 9-13

Virtua l Private Database in Oracle9i........................................................................................ 9-14

Virtua l Private Database in Oracle8i and Oracle9i ......................................................... 9-14

How Vir tu al Private Database Works .............................................................................. 9-15

App lication Con text in Oracle9i ........................................................................................ 9-16

How Application Context Facilitates VPD ...................................................................... 9-17

Application Context Accessed Locally...................................................................... 9-17Application Context Initialized Externally............................................................... 9-17

Application Context Initialized Globally.................................................................. 9-18

Ap plicat ion Context Accessed Globally ................................................................... 9-18

How Partition ed Fine-Grained Access Control Facilitates VPD .................................. 9-19

User Mod els and Virtu al Private Database ..................................................................... 9-20

Oracle Policy Manager........................................................................................................ 9-20


9/188

ix

Secure Ap plication Role ............................................................................................................ 9-21

Fine-Gra ined Au ditin g .............................................................................................................. 9-21Oracle Auditin g for Three-Tier Ap plications ......................................................................... 9-23

Java Security Implementat ion in the Database ...................................................................... 9-23

Class Execu tion .................................................................................................................... 9-23

Secur ityManager Class ....................................................................................................... 9-23

Oracle Advanced Security ............................................................................................................... 9-24

Introduction to Oracle Ad vanced Security ............................................................................. 9-25

Netw ork Security Serv ices of Oracle Ad van ced Security .................................................... 9-27Oracle Net Services Native Encryption............................................................................ 9-27

Data In tegr ity Featu res of Oracle Ad van ced Security ................................................... 9-29

Secure Sockets Layer (SSL) Encryption Capabilities...................................................... 9-29

Oracle Advanced Security Support for SSL ............................................................. 9-29

Checksu mming in Oracle Advanced Security SSL ................................................. 9-29

Oracle9i Ap plicat ion Server Sup port for SSL .......................................................... 9-30

Java Encryption Featu res of Or acle Advanced Security ................................................ 9-30

JDBC-OCI Driver.......................................................................................................... 9-30

Thin JDBC...................................................................................................................... 9-31

Secure Connections for Virtually Any Client........................................................... 9-32

Oracle Java SSL............................................................................................................. 9-32

Strong Au thentication Method s Supported by Oracle Advan ced Security ............... 9-33

Oracle Pu blic Key Infrastru cture-Based Au thent ication ........................................ 9-34

Kerberos an d CyberSafe with Oracle Ad vanced Security ..................................... 9-36

RADIUS with Oracle Advanced Security................................................................. 9-36

Token Cards w ith Oracle Ad vanced Security.......................................................... 9-37

Smar t Cards with Oracle Ad vanced Secu rity .......................................................... 9-37

Biometric Authentication with Oracle Advanced Security.................................... 9-37

Distributed Comp uting Environm ent (DCE) with Oracle Advanced Security .. 9-38

Single Sign-On Imp lementation s in Oracle Ad vanced Secur ity .................................. 9-39Single Sign-On Configu ration with Third -Party Products .................................... 9-39

PKI-Based Single Sign-On Configuration................................................................. 9-39

Enterprise User Security Features of Oracle Advanced Secur ity ........................................ 9-40

Password-Authenticated Enterprise Users...................................................................... 9-41

Tools for Enterprise User Security .................................................................................... 9-41

Shared Schem as in Oracle Ad vanced Security ............................................................... 9-42


10/188

x

Current User Database Links............................................................................................. 9-42

Directory Integration........................................................................................................... 9-42PKI Im plementation in Oracle Ad vanced Security ............................................................... 9-43

Compon ents of Oracle Public Key Infrastru cture-Based Au then tication ................... 9-43

Secure Sockets Layer .................................................................................................... 9-43

Oracle Call Interface..................................................................................................... 9-43

Tru sted Cer tificates ...................................................................................................... 9-43

X.509 Version 3 Cer tificates ........................................................................................ 9-44

Oracle Wallets ............................................................................................................... 9-44Oracle Wallet Manager ................................................................................................ 9-44

Oracle Enterprise Login Assist an t ............................................................................. 9-44

Oracle Internet Directory ............................................................................................ 9-44

Oracle Enterprise Security Manager.......................................................................... 9-45

PKI Integ ra tion and Interop erability ................................................................................ 9-45

PKCS #12 Support ........................................................................................................ 9-46

Wallets Stored in Oracle Intern et Directory ............................................................. 9-46

Mu ltip le Cer tificate Sup port ....................................................................................... 9-46

Strong Wallet Encryp tion ............................................................................................ 9-46

Oracle PKI Implem entation Sum mary ............................................................................. 9-47

Oracle Label Security ....................................................................................................................... 9-48

Oracle Internet D irectory ................................................................................................................ 9-50

Int roduction to Oracle Internet Directory ............................................................................... 9-50

LDAP Compliance ...................................................................................................................... 9-52

How Oracle Internet Directory is Imp lemented .................................................................... 9-53

How Oracle Internet Directory Organ izes Enterp rise User Managem ent ......................... 9-55

Enterp rise User Ad min istration with Oracle Internet Directory .................................. 9-55

Shared Schem as with Oracle Internet Directory ............................................................. 9-55

Oracle Net Services ........................................................................................................................... 9-56

Com ponents of Oracle Net Services......................................................................................... 9-56Oracle Net on the Clien t ..................................................................................................... 9-56

Oracle N et on the Database Server ................................................................................... 9-56

Oracle Protocol Sup port ..................................................................................................... 9-57

Oracle Con nection Manager .............................................................................................. 9-57

Protocol Conversion..................................................................................................... 9-57

Access Control .............................................................................................................. 9-57


11/188

xi

Session Mu ltip lexing ................................................................................................... 9-58

Firewall Support with Oracle Net Services ............................................................................ 9-58Firewalls Using Oracle Connection Man ager in an Int ranet Environm ent ................ 9-58

Firewalls Using Oracle Net Firew all Proxy in an Internet Environ ment .................... 9-59

Valid Node Checking in Oracle Net Services......................................................................... 9-60

Database Enforced VPD Network Access............................................................................... 9-61

Oracle9i Application Server ........................................................................................................... 9-62

Oracle HTTP Server ................................................................................................................... 9-62

Oracle Portal................................................................................................................................ 9-63Single Sign-On in O racle9i Ap plicat ion Server ...................................................................... 9-63

Web SSO Technology.......................................................................................................... 9-63

Login Server ......................................................................................................................... 9-64

LDAP Integrat ion ................................................................................................................ 9-64

PKI Support .......................................................................................................................... 9-64

Mu ltit ier Integr ation ........................................................................................................... 9-65

Oracle Single Sign-On Sum mary ...................................................................................... 9-65

Index


12/188

xii


13/188

xiii

Send Us Your Comments

Oracle9i Security Overview, Release 1 (9.0.1)

Part No. A90148-01

Oracle Corporation w elcomes your comm ents and su ggestions on the quality and u sefulness of this

docum ent. Your inp ut is an imp ortant p art of the information u sed for revision.

s Did you find any errors?

s Is the information clearly presented ?

s Do you need m ore information? If so, where?

s Are the examples correct? Do you need more examp les?

s What features did you like most?

If you find any errors or have any other suggestions for improvement, please indicate the documen t

title and p art nu mber, and the chapter, section, and page n um ber (if available). You can send com-

ments to u s in the following ways:

s Electronic mail: infod ev_u [email protected]

s FAX: 1-650-506-7227 Attn: Inform ation Development

s Postal service:

Oracle Corporation

Information Development Documentation Manager

500 Oracle Parkway, Mailstop 4op11

Redw ood Shores, CA 94065U.S.A.

If you would like a reply, please give your name, add ress, telephone n um ber, and (optionally) elec-

tronic mail address.

If you have p roblems w ith the softw are, please contact your local Oracle Sup port Services.


14/188

xiv


15/188

xv

Preface

The Oracle9i Security Overview presents th e basic concepts of data security in the

Internet age. It outlines fundamental data security requirements and explains the

risks wh ich threaten th e integrity and p rivacy of your d ata. Several chap ters

introdu ce the rich array of technology that can contribute to system security. The

book concludes w ith a survey of the Oracle features and p rodu cts which implementthese technologies.

Together, these p rodu cts have the potential to control access to all the vu lnerable

areas of your system, and help users and adm inistrators to perform their tasks

without jeopard izing the security plan you ha ve pu t in place.

This preface contains these topics:

s Audience

s Organization

s Related Docum entation

s Conventions

s Documentation Accessibility


16/188

xvi

AudienceThe Oracle9i Security Overview is intended for database ad ministrators (DBAs),

application programmers, security administrators, system operators, and other

Oracle users w ho perform the following tasks:

s Analyze app lication security requ irements

s Create security policies

s Implement security technologies

s Administer enterprise user security

To use this document, you need general familiarity with database and netw orking

concepts.


17/188

xvii

OrganizationThis document introduces the basic concepts of system security in the Internet Age.It outlines the data security risks wh ich are prevalent tod ay, and the

indu stry-standard technologies available to add ress them. It then presents the

carefully integrated su ite of Oracle produ cts you can u se to implemen t these

security technologies.

Part I: Security Challenges

This part explains the wide range of security risks to the integrity and privacy ofdata in the Internet Age.

Chapter 1, "Data Security Challenges in the Internet Age"

This chap ter introdu ces the fundamen tal concepts of data security, and ou tlines the

threats against wh ich d ata and systems m ust be defended.

Part II: Technical Solutions to Security Risks

This part introd uces the technology available to meet data secur ity challenges.

Chapter 2, "Protecting Data Within the Database"

This chap ter describes the fund amen tal elemen ts of database security.

Chapter 3, "Protecting Data in a Network Environment"

This chapter explains how d ata can be protected w hile being transmitted over a

network. It covers network access control, encryption, Secure Sockets Layer, and

firewalls, as well as security in a three-tier environm ent.

Chapter 4, "Authenticating Users to the Database"

This chap ter describes the w ide range of technology available to verify the id entity

of database, app lication, and n etwork u sers.

Chapter 5, "Using and Deploying a Secure Directory"It can be advantageou s to centralize storage and m anagem ent of user-related

information in a d irectory. This chap ter d escribes how to p rotect su ch a d irectory,

and how access can be controlled u sing a d irectory.

Chapter 6, "Administering Enterprise User Security"

This chapter describes the element s which make up a strong enterp rise u ser

management facility.


18/188

xviii

Chapter 7, "Auditing to Monitor System Security"

This chapter d escribes technology available to mon itor the effectiveness of yoursecurity policies.

Chapter 8, "The Public Key Infrastructure Approach to Security"

This chapter introdu ces the Pu blic Key Infrastructure (PKI) approach to security. It

describes the comp onents of PKI, and explains why th is has become an ind ustry

standard.

Part III: Oracle9i Security Products

This part presents the rich suite of Oracle security prod ucts which can meet your

data security requirements.

Chapter 9, "Oracle9i Security Products and Features"

This chap ter presents the major secur ity-related prod ucts available with Oracle9i,

and specifies the way in wh ich each of them implements the kinds of security

technologies d escribed in Part II of this book.

Related DocumentationFor more information, see these Oracle resources:

s Oracle installation and u sers guid e for your platform

s Oracle9i Concepts

s Oracle9i Application Developers Guide - Fundamentals

s Oracle9i Admin istrators Guide

s Oracle Advanced Security Administrators Guide

s Oracle Internet D irectory Administrators Guide

s Oracle Label Security Administrators Guide

s Oracle Net Services A dministrators Guide

s Single Sign-On Administrators Guide

s Oracle9i Java Developers Guide

s Oracle9i JDBC Developers Guide and Reference

s Oracle Enterprise Manager Concepts Guide


19/188

xix

In Nor th Am erica, printed docum entation is available for sale in the Oracle Store at

http://oraclestore.oracle.com/

Custom ers in Europe, the Midd le East, and Africa (EMEA) can p urchase

documentation from

http://www.oraclebookshop.com/

Other custom ers can contact their Oracle representative to purchase p rinted

documentation.

To down load free release notes, installation d ocumenta tion, white p apers, or other

collateral, please visit the Oracle Technology Network (OTN). You must register

online before using O TN; registration is free and can be don e at

http://technet.oracle.com/membership/index.htm

If you already have a u sername and password for OTN, then you can go directly to

the d ocumentation section of the OTN Web site at

http://technet.oracle.com/docs/index.htm

ConventionsThis section describes the conventions u sed in th e text and code examples of this

docum entation set. It describes:

s Convention s in Text

s Conventions in Code Examp les


20/188

xx

Conventions in Text

We use va rious conventions in text to help you m ore quickly iden tify special terms.The following table describes those conventions and provid es examples of their use.

Convention Meaning Example

Bold Bold typ eface indicates terms th at aredefined in the text or terms that app ear ina glossary, or both.

When you sp ecify this clause, you create anindex-organized table.

Italics Italic typeface indicates book titles oremphasis. Oracle9i ConceptsEnsure that th e recovery catalog and targetdatabase do notreside on the same d isk.

UPPERCASE

monospace

(fixed-width

font)

Upp ercase mon ospace typeface indicateselements sup plied by the system. Suchelements include parameters, privileges,datatypes, RMAN keywords, SQLkeywords, SQL*Plus or u tility command s,packages and m ethods, as well assystem-supp lied column names, databaseobjects and structu res, usernames, androles.

You can specify this clause only for a NUMBERcolumn.

You can back up the data base by using theBACKUP command.

Query the TABLE_NAME colum n in the USER_TABLES data dictionary view.

Use the DBMS_STATS.GENERATE_STATSprocedure.

lowercase

monospace

(fixed-width

font)

Lowercase monospace typeface ind icatesexecutab les, filenam es, directory names,and sample user-supplied elements. Suchelements include comp uter and databasenam es, net service names, and connect

identifiers, as well as user-supp lieddatabase objects and structures, colum nnam es, packages and classes, usernamesand roles, program un its, and param etervalues.

Note: Some programmatic elements use amixture of UPPERCASE and lowercase.Enter these elements as shown.

Enter sqlplus to open SQL*Plus.

The password is specified in the orapwd file.

Back up the d atafiles and control files in the/disk1/oracle/dbs directory.

The department_id, department_name,and location_id colum ns are in thehr.departments table.

Set the QUERY_REWRITE_ENABLEDinitialization parameter to true.

Connect as oe user.

The JRepUtil class implements these

methods.lowercase

monospace

(fixed-width

font) italic

Lowercase monospace italic fontrepresents placeholders or variables.

You can specify th eparallel_clause.

Run Uold_release.SQL where old_releaserefers to the release you installedprior to up grading.


21/188

xxi

Conventions in Code Examples

Code examples illustrate SQL, PL/ SQL, SQL*Plus, or other comm and -linestatements. They are displayed in a monosp ace (fixed-width) font and separated

from normal text as shown in this example:

SELECT username FROM dba_users WHERE username = MIGRATE;

The following table describes typograph ic conventions used in code examples and

provid es examples of their use.


[ ] Brackets enclose one or more optionalitems. Do not enter the brackets.

DECIMAL (digits [ ,precision ])

{ } Braces enclose two or m ore items, one ofwh ich is required. Do not enter the braces.

{ENABLE | DISABLE}

| A vertical bar represents a choice of twoor more opt ions within brackets or braces.

Enter one of the options. Do not enter thevertical bar.

{ENABLE | DISABLE}

[COMPRESS | NOCOMPRESS]

... Hor izontal ellipsis points ind icate either:

s That we have omitted p arts of thecode that are not directly related tothe example

s That you can repeat a portion of thecode

CREATE TABLE ... AS subquery;

SELECT col1, col2, ... , coln FROM

employees;

.

.

.

Vertical ellipsis points indicate that w ehave om itted several lines of code notd irectly related to the examp le.

Other notation You must enter symbols other thanbrackets, braces, vertical bars, and ellipsispoints as shown.

acctbal NUMBER(11,2);

acct CONSTANT NUMBER(4) := 3;

Italics Italicized text ind icates placeholders orvariables for wh ich you mu st supp lyparticular values.

CONNECT SYSTEM/system_password

DB_NAME = database_name


22/188

xxii

Documentation AccessibilityThe goal of Oracle Corporation is to make our p rodu cts, services, and sup port ing

docum entation accessible to the disabled comm un ity with good u sability. To that

end , our d ocumen tation includ es features that m ake information available to users

of assistive technology. This docum entation is available in H TML format, andcontains markup to facilitate access by the d isabled commu nity. Stand ards will

continue to evolve over time, and Oracle is actively engaged w ith other

market-leading t echnology vendors to ad dress technical obstacles so that our

docum entation can be accessible to all of our customers. For add itional information,

visit the Oracle Accessibility Program Web site at

http:/ / ww w.oracle.com/ accessibility/ .

JAWS, a Wind ows screen reader, may not alw ays correctly read the code examples

in this docum ent. The conventions for w riting code require that closing braces

should app ear on an otherw ise emp ty line; how ever, JAWS may n ot always read a

line of text tha t consists solely of a bracket or brace.

UPPERCASE Upp ercase typeface ind icates elemen tssup plied by the system. We show theseterms in u pp ercase in order to distinguishthem from term s you define. Unless termsappear in brackets, enter them in theorder and with the spelling shown.How ever, because these terms are notcase sensitive, you can enter th em inlowercase.

SELECT last_name, employee_id FROM

employees;

SELECT * FROM USER_TABLES;

DROP TABLE hr.employees;

lowercase Lowercase typeface ind icatesprogramm atic elements that you su pp ly.For example, lowercase ind icates nam esof tables, columns, or files.

Note: Some programmatic elements use amixture of UPPERCASE and lowercase.Enter these elements as shown.

SELECT last_name, employee_id FROM

employees;

sqlplus hr/hr

CREATE USER mjones IDENTIFIED BY ty3MU9;



23/188

Part ISecurity Challenges


24/188


25/188

Data Security Challenges in the Internet Age 1-1

1Data Security Challenges in the Internet Age

This chap ter presents an overview of data security requiremen ts in the Internet Age,

and examines the full spectrum of da ta security risks that must be countered. It then

provid es a matrix relating security risks to the kinds of technology now available to

protect your d ata.

s

Top Security Mythss The Many Dimensions of System Secur ity

s Fundamental Data Security Requirements

s Secur ity Requiremen ts in the Internet Environmen t

s A World of Data Security Risks

s A Matrix of Security Risks and Solutions

s The System Security Team

Note: As far as possible, this overview of security technology

attemp ts to present issues independen t of the way the technology is

imp lemented . In som e instances, how ever, a technology m ay only

be provided by prod ucts from Oracle Corporation. In such cases,

the conceptual d iscussion is from the p oint of view of the Oraclesolution.

See Chap ter 9, "Oracle9i Security Produ cts and Features" for a

complete d iscussion of secur ity solutions ava ilable from Oracle

Corporation.

Top Security Myths


26/188

Top Security Myths

1-2 Oracle9i Security Overview

Top Security Myths

The field of da ta security is rife with m istaken beliefs which cause p eople to d esignineffective security solutions. Here are som e of the m ost prevalent secur ity myth s:

s Myth: Hackers cause most security breaches.

In fact, 80% of data loss is to in sider s.

s Myth: Encryption makes your data secure.

In fact, encryption is only one app roach to securing d ata. Security also requires

access control, data integrity, system availability, and auditing.

s Myth: Firewalls make your data secure.

In fact, 40% of Internet break -ins occur in sp ite of a firewall being in p lace.

To design a security solution that w ill tru ly protect your data, you mu st und erstand

the security requiremen ts relevant to you r site, and the scope of current threats to

your data.

The Many Dimensions of System Security


27/188



The Many Dimensions of System SecurityIn the Internet age, the risks to valuable and sensitive data are greater than everbefore. Figure 11 presents a bird s eye view of the complex compu ting

environment wh ich your data security plan mu st encomp ass.

Figure 11 Scope of Data Security Needs

You m ust p rotect databases and the servers on wh ich they reside; you m ust

adm inister and protect the rights of internal database users; and you m ust

gua rantee the confidentiality of ecommerce custom ers as they access your d atabase.

With the Internet continually growing, the threat to data traveling over the netw ork

increases exponentially.

DatabaseServers

ClientsApplicationWeb Server

Clients

IntranetInternet



28/188

y y y


To protect all the elements of comp lex compu ting systems, you m ust ad dress

security issues in many dimensions.

Think carefully about the specific security risks to your d ata, and make sure the

solutions you adopt actually fit the p roblems. In som e instances, a technical solution

may be inapp ropriate. For example, emp loyees must occasionally leave their desks.

A technical solution cannot solve this physical problem: the work env ironment

mu st be secure.

Table 11 Dimensions of Data Security

Dimension Security Issues

Physical Your computers must be physically inaccessible to

unau thorized users. This means that you m ust keep

them in a secure physical environment.

Personnel The people responsible for system administration and

data security at you r site mu st be reliable. You may needto perform background checks on DBAs before making

hiring d ecisions.

Procedural The procedures used in the operation of your system

mu st assure reliable data. For examp le, one person

might be resp onsible for database backups. Her on ly role

is to be sure the database is up and running. Another

person might be respon sible for generating app licationreports involving p ayroll or sales da ta. His role is to

examine the d ata and verify its integrity. It may be w ise

to separate ou t u sers functional roles in da ta

management.

Technical Storage, access, m anipu lation, and transmission of d ata

mu st be safeguard ed by technology that enforces your

part icular information control policies.

Fundamental Data Security Requirements


29/188


Fundamental Data Security RequirementsThis section d escribes the basic security standards w hich technology must ensure.

s Confidentiality

s Integrity

s Availability

ConfidentialityA secure system ensu res the confiden tiality of data. This means th at it allows

individuals to see only the data which they are supp osed to see. Confiden tiality has

several different aspects:

s Privacy of Comm unications

s Secure Storage of Sensitive Data

s Authenticated Users

s Granu lar Access Control

Privacy of Communications

Privacy is a very broad concept. For the ind ividual, it involves the ability to control

the spread of confidential informat ion such as health, emp loyment, and credit

records. It also concerns the ind ividua ls control over the d issemination of personal

data. In the bu siness world, privacy may involve trade secrets, proprietary

information about p rodu cts and p rocesses, competitive analyses, as well as

marketing and sales plans. For governm ents, privacy involves such issues as the

ability to collect and an alyze dem ographic information, while protecting th e

confidentiality of millions of individual citizens. It also involves the ability to keep

secrets that affect the countrys interests.

Secure Storage of Sensitive Data

How can you ensure tha t data remains p rivate, once it has been collected? Onceconfidential data h as been entered, its integrity and p rivacy must be protected on

the databases and servers wherein it resides.



30/188


Authenticated Users

How can you d esignate the persons and organizations w ho have the right to seedata? Au thentication is a way of imp lementing decisions about w hom to tru st.

Authentication methods seek to guaran tee the iden tity of system users: that a

person is wh o he says he is, and n ot an imp ostor.

Granular Access Control

How mu ch data should a par ticular u ser see? Access control is the ability to cordon

off portions of the database, so that access to the d ata d oes not become an

all-or-nothing p roposition. A clerk in the Hu man Relations dep artm ent might n eedsome access to the EMP tablebut he shou ld not be perm itted to access salary

information for the entire comp any! The gran ularity of access control is the d egree

to w hich data access can be differentiated for particular tables, views, rows, and

colum ns of a database.

Note th e distinction betw een authentication, authorization, and access control.

Authentication is the process by w hich a user s identity is checked. When a user is

auth enticated, he is verified as an au thorized u ser of an ap plication. Author izationis the p rocess by w hich the user s p rivileges are ascertained. Access control is the

process by wh ich the user s access to physical data in the app lication is limited ,

based on his pr ivileges. These are critical issues in d istribu ted systems. For examp le,

if JAUSTEN is trying to access the d atabase, authen tication w ould identify her as a

a valid user. Au thorization wou ld verify her right to connect to the database w ith

Produ ct Manager p rivileges. Access control would enforce the Produ ct Manager

privileges upon her user session.

IntegrityA secure system ensu res that the d ata it contains is valid. Data integrity means that

data is protected from deletion and corru ption, both wh ile it resides within the

database, and while it is being transmitted over the netw ork. Integrity has several

aspects:

s System and object privileges control access to ap plication t ables and system

comm ands, so that only authorized u sers can change d ata.

s Referential integrity is the ability to m aintain valid relationships betw een valu es

in the database, according to rules that hav e been defined.

s A d atabase must be p rotected against viruses designed to corrup t the d ata.

s The network t raffic mu st be protected from deletion, corruption, and

eavesdropping.



31/188


Availability

A secure system makes d ata available to authorized u sers, withou t delay.Denial-of-service attacks are attem pts to block auth orized u sers ability to access

and use the system w hen needed . System availability has a nu mber of aspects:

Resistance A secu re system must be designed to fend off situa tions, or

deliberate attacks, which might pu t it out of commission. For

example, there mu st be facilities within the da tabase to

prohibit run away queries. User profiles must be in place todefine and limit the resources any given user may consum e.

In this way the system can be protected against u sers

consum ing too much memory or too many processes

(whether maliciously or inn ocently), lest others be p revented

from d oing their w ork.

Scalability System performance must remain adequa te rega rd less of the

nu mber of users or processes demanding service.

Flexibility Ad m in istrators m u st h ave ad equ ate m ean s of m an agin g th e

user p opu lation. They might d o this by using a d irectory, for

example.

Ease of Use The secu rity imp lemen ta tion itself must not d imin ish the

ability of valid u sers to get their w ork don e.

Security Requirements in the Internet Environment


32/188



The Internet environm ent expand s the realm of data security in several ways:

s Promises and Problems of the Internet

s Increased Data Access

s Much More Valuable Data

s Larger User Commun ities

s

Hosted Systems and Exchanges

Promises and Problems of the InternetInformation is the cornerstone of eBusiness. The Internet allows bu sinesses to use

information m ore effectively, by allowing customers, su pp liers, emp loyees, and

partners to get access to the business information they need, wh en they need it.

Custom ers can use the w eb to place orders w hich can be fulfilled m ore quickly and

with less error, sup pliers and fulfillmen t hou ses can be engaged as orders areplaced, reducing or eliminating the n eed for inventory, and em ployees can obtain

timely information abou t business operations. The Internet also makes possible

new, innova tive pricing m echanisms, such as online comp etitive bidd ing for

sup pliers, and online auctions for customers. These Internet-enabled services all

translate to redu ced cost: there is less overhead , greater economies of scale, and

increased efficiency. eBusiness greatest promise is m ore timely, more v aluable

information accessible to m ore people, at redu ced cost of informat ion access.

The prom ise of eBusiness is offset by the security challenges associated with the

disintermed iation of data access. "Cutting ou t the midd leman" too often cuts out the

information security the m idd leman provid es. Likewise, the user commun ity

expand s from a small group of know n, vetted users accessing d ata from th e

intranet, to thousand s of users accessing d ata from the Internet. App lication hosting

providers and exchanges offer especially stringentand som etimes

contradictoryrequiremen ts of security by user and by customer, wh ile allowing

secure data sharing am ong commun ities of interest.

While pu tting business systems on the Internet offers potentially un limited

opportunities for increasing efficiency and reducing cost, it also offers potentially

un limited risk. The Internet p rovides mu ch greater access to data, and to m ore

valuable data, not only to legitima te users, but also to hackers, disgruntled

emp loyees, criminals, and corporate sp ies.



33/188


Increased Data Access

One of the chief eBusiness benefits of the Internet is disinterm ediation. Theintermed iate information p rocessing steps w hich employees typically perform in

brick-and -mortar businesses, such as typ ing in an order received over th e phone or

by mail, are removed from the eBusiness p rocess. Users who are not em ployees and

are thus outside the traditional corporate bound ary (including customers, sup pliers,

and partners) can have direct and imm ediate online access to business information

wh ich p ertains to them.

In a trad itional office environment, an y access to sensitive business information is

throu gh emp loyees. Althou gh emp loyees are not always reliable, at least they are

know n, their access to sensitive data is limited by their job function, and access is

enforced by p hysical and procedu ral controls. Emp loyees wh o pass sensitive

information outsid e the compan y contrary to policy may be subject to disciplinary

action. The threat of pu nishm ent thus helps prevent unau thorized access.

Making bu siness information accessible by means of the Internet vast ly increases

the nu mber of users wh o may be able to access that information. When business is

moved to the Internet, the environment is drastically changed. Companies mayknow little or nothing about th e users (including, in man y cases, emp loyees) wh o

are accessing their systems. Even if they know wh o their users are, it may be very

difficult for comp anies to d eter u sers from accessing information contrary to

company p olicy. It is therefore imp ortant that compan ies manage access to sensitive

information, and p revent unau thorized access to that information before it occurs.

Much More Valuable DataEBusiness relies not only on making bu siness information accessible outside the

trad itional compan y, it also depend s on mak ing the best, most u p-to-date

information available to users w hen they need it. For example, compan ies can

streamline their operations and reduce overhead by allowing su pp liers to have

direct access to consolidated order informat ion. This allows companies to redu ce

inventory by obtaining exactly what they need from supp liers wh en they need it.

Comp anies can also take advantage of new pricing technology, such as online

competitive bidd ing by means of exchanges, to obtain the best p rice from su pp liers,or offer the best price to consum ers.

Streamlining information flow th rough th e business system allows users to obtain

better information from the system . In the past, data from external par tners,

sup pliers, or customers was often entered into th e system throu gh inefficient

mechan isms that w ere prone to error and d elay. For examp le, ma ny compan ies

accepted the bu lk of their orders by phone, letter, or fax, and this information w as



34/188


typed in by clerks or sales peop le. Even wh en electronic data interchange

mechan isms existed, they w ere typically prop rietary and difficult to integrate w ith

compan ies internal data infrastructure. Now, businesses that allow otherbusinesses and consum ers to submit and receive business information d irectly

throu gh the Internet can expect to get more timely, accurate, and valuable

information, at less expense than if traditional data chann els were used.

Formerly, when information w as entered into a business system, it w as often

compar tmen talized. Information maintained by each interna l dep artment, such as

sales, manu factur ing, distribution, and finance, was kept separate, and w as often

processed by p hysically separate and incomp atible databases andapplicationsso-called "islands of information". This prevented businesses from

taking full advantage of the information th ey already had , since it was d ifficult for

different departm ents to exchange information when it was needed , or for

executives to get the latest and most accura te "big p icture" of the business.

Comp anies have found that linking islands of information and consolidating them

wh ere possible, allows users to obtain better information, and to get more benefit

from that information. This makes the informa tion more valuable.

Improving the value of data available to legitimate users generally imp roves its

value to intru ders as w ell. This increases the poten tial rewards to be gained from

unau thorized access to that data, and the p otential damage that can be done to the

business if the d ata w ere corrupted . In other words, the more effective an eBusiness

system is, the greater the need to p rotect it against unauthorized access.

Larger User CommunitiesThe sheer size of the user comm un ities wh ich can access business systems by w ay

of the Internet not only increases the risk to th ose systems, it also constrains the

solutions which can be dep loyed to add ress that risk. The Internet creates

challenges in t erms of scalability of security m echan isms, manag ement of those

mechanisms, and the need to m ake them stand ard and interoperable.

Scalability

Secur ity mechanisms for Internet-enabled systems must sup port m uch largercommu nities of users than systems w hich are not Internet-enabled. Whereas the

largest trad itional enterp rise systems typically supp orted thou sands of users, many

Internet-enabled systems have millions of users.



35/188


Manageability

Trad itional mechanisms for identifying users an d m anaging th eir access, such asgranting each user an accoun t and p assword on each system she accesses, may not

be practical in an Internet environm ent. It rapidly becomes too d ifficult and

expensive for system ad ministrators to m anage separate accoun ts for each user on

every system.

Interoperability

Unlike traditional enterp rise systems, where a comp any owns and controls all

compon ents of the system, Internet-enabled eBusiness systems m ust exchange da tawith systems owned and controlled by others: by customers, suppliers, partners,

and so on. Secur ity mechanisms d eployed in eBusiness systems m ust therefore be

stand ards-based, flexible, and interoperable, to ensure that they w ork w ith others

systems. They mu st supp ort thin clients, and work in mu ltitier architectures.

Hosted Systems and ExchangesThe principal security challenge of hosting is keeping d ata from d ifferent h osted

user comm un ities separate. The simp lest way of doing this is to create physically

separate systems for each hosted comm unity. The d isadvantage of this app roach is

that it requires a separa te comp uter, with separately installed, man aged, and

configured software, for each hosted user commu nity. This provid es little in the

way of econom ies of scale to a h osting compan y.

Several factors can greatly red uce costs to hosting service provider s. These factors

includ e mechanisms which allow m ultiple user commu nities to share a singlehard ware and software instance; mechanisms wh ich separa te data for different user

commu nities; and w ays to provide a single administrative interface for the hosting

provider.

Exchanges have requirements for both data separation and d ata sharing. For

example, an exchange may ensure that a sup pliers bid remains un viewable by

other sup pliers, yet allow all bids to be evalua ted by th e entity requesting the bid.

Furtherm ore, exchanges may also sup port "comm unities of interest" in which

group s of organizations can share d ata selectively, or work together to p rovide such

things as joint bid s.

A World of Data Security Risks


36/188



The integrity and privacy of data are at risk from u nau thorized u sers, externalsources listening in on the network , and interna l users giving away the store. This

section explains the risky situations and p otential attacks that could comprom ise

your data.

s Data Tamp ering

s Eavesdropping and Data Theft

s Falsifying User Identities

s Password-Related Threats

s Unau thorized Access to Tables and Colum ns

s Unau thorized Access to Data Rows

s Lack of Accountability

s Complex User Management Requirements



37/188


Data Tampering

Privacy of commu nications is essential to ensure th at data cannot be modified orviewed in tran sit. Distributed environm ents bring with them the possibility that a

malicious third p arty can perpetrate a compu ter crime by tampering w ith data as it

moves between sites.

In a d ata mod ification attack, an unau thorized party on the network intercepts d ata

in transit and changes par ts of that data before retransmitting it. An examp le of this

is changing the dollar amount of a banking tran saction from $100 to $10,000.

In a replay attack, an entire set of valid da ta is repeated ly interjected onto thenetw ork. An example would be to repeat, one thousand times, a valid $100 bank

accoun t transfer transaction.

Eavesdropping and Data TheftData must be stored and transm itted securely, so that information su ch as credit

card num bers cannot be stolen.

Over the Internet and in Wide Area Netw ork (WAN) environments, both public

carriers and p rivate network ow ners often route portions of their network th rough

insecure land lines, extremely vulnerable microwave an d satellite links, or a num ber

of servers. This situation leaves valuable data op en to view by any interested p arty.

In Local Area Netw ork (LAN) environm ents within a building or campus, insiders

with access to the physical wiring can potentially view d ata not intend ed for them.

Netw ork sniffers can easily be installed to eavesd rop on netw ork traffic. Packet

sniffers can be designed to find and steal user names and password s.

Falsifying User IdentitiesYou need to know your u sers. In a distributed environmen t, it becomes more

feasible for a u ser to falsify an identity to gain access to sensitive and imp ortant

information. How can you be su re that u ser Pat connecting to Server A from Client

B really is user Pat?

In add ition, malefactors can hijack connections. How can you be sure that Client Band Server A are what they claim to be? A transaction that should go from th e

Personnel system on Server A to the Pay roll system on Server B could be

intercepted in transit and rou ted instead to a terminal masquerad ing as Server B.

Identity theft is becoming one of the greatest threats to ind ividua ls in the Internet

environment. Criminals attemp t to steal users credit card numbers, and then make

pu rchases against the accoun ts. Or they steal other personal data, such as checking



38/188


accoun t num bers and d river s license nu mbers, and set up bogus credit accoun ts in

someone elses nam e.

Non -repu diation is another identity concern: how can a per sons digital signatu re

be protected? If hackers steal someones digital signatu re, that person may be held

responsible for any actions perform ed u sing their pr ivate signing key.

Password-Related ThreatsIn large systems, users mu st remember m ultiple passwords for the different

app lications and services that they use. For examp le, a developer can have access toa developm ent application on a w orkstation, a PC for send ing email, and several

compu ters or intranet sites for testing, reporting bugs, and m anaging

configurations.

Users typically respond to the problem of managing mu ltiple passw ords in several

ways:

s They m ay select easy-to-guess passw ordssuch as a n ame, fictional character,

or a w ord found in a d ictionary. All of these passwords are vu lnerable todictionary attacks.

s They may also choose to standard ize password s so that they are the same on all

machines or web sites. This results in a p otentially large exposure in the event

of a comprom ised p assword . They can also use password s with slight

variations that can be easily derived from know n passw ords.

s Users with complex passwords may write them d own where an attacker can

easily find them , or they may just forget themrequiring costly adm inistrationand support efforts.

All of these strategies comprom ise password secrecy and service ava ilability.

Moreover, administration of multiple user accoun ts and p assword s is complex,

time-consum ing, and expensive.

Unauthorized Access to Tables and ColumnsThe database may contain confidential tables, or confidential colum ns in a table,

wh ich shou ld not be ava ilable indiscriminately to all users authorized to access the

database. It should be possible to protect data on a colum n level.



39/188


Unauthorized Access to Data Rows

Certain data row s may contain confidential information wh ich shou ld not beavailable ind iscriminately to u sers auth orized to access the table.

You need granu lar access controla way to enforce confident iality on the d ata

itself. For example, in a shared environmen t bu sinesses should only have access to

their own data ; customers shou ld only be able to see their own ord ers. If the

necessary compartm entalization is enforced up on the data, rather than add ed by

the application, then it cannot be bypassed by users.

System s mu st therefore be flexible: able to sup por t different security policiesdep ending on whether you are d ealing with customers or emp loyees. For example,

you m ay require stronger authentication for emp loyees (who can see more d ata)

than you d o for customers. Or, you m ay allow employees to see all custom er

records, wh ile customers can only see their own records.

Lack of Accountability

If the system adm inistrator is unable to tr ack users activities, then users cannot beheld respon sible for their actions. There must be some reliable way to monitor wh o

is performing w hat operations on the d ata.

Complex User Management RequirementsSystems m ust often supp ort thousand sor hu ndreds of thousandsof users: thus

they m ust be scalable. In such large-scale environments, the burd en of managing

user accounts and passwords m akes your system vulnerable to error and attack.You need to know wh o the u ser really isacross all tiers of the ap plicationto have

reliable security.

Multitier Systems

This problem becomes particularly complex in mu ltitier systems. Hereand in

most p ackaged ap plicationsthe typical secur ity mod el is that of One Big

App lication User. The u ser connects to the application, and the ap plication (orapp lication server) logs on and provid es comp lete access for everyone, with no

auditing and un limited privileges. This model places your data at riskespecially

in the Internet, wh ere your w eb server or ap plication server dep ends u pon a

firewall. Firewalls are commonly vu lnerable to break-ins.



40/188


Scaling the Security Administration of Multiple Systems

Adm inistration of thousand s, or hund reds of thousand s of users, is difficult enou gh

on a single system. This burden is compound ed w hen security mu st be

adm inistered on mu ltiple systems.

To meet the challenges of scale in security administration, you should be able to

centrally man age users and p rivileges across multiple app lications and d atabases,

using a d irectory based on ind ustry stand ards. This can redu ce system man agement

costs and increase business efficiency.

Further, creating and building sep arate databases for mu ltiple app lication

subscribers is not a cost-efficient model for an application service provider. While

technically possible, the separate database mod el would quickly become

unmanageable. To be su ccessful, a single ap plication installation shou ld be able to

host multiple compan iesand be ad ministered centrally.

A Matrix of Security Risks and Solutions


41/188



The following table relates security risks to the technologies which add ress them,and to the corresponding Oracle products.

Table 12 Matrix of Security Risks and Solutions

Problem Solution Security Technology Oracle Products & Features

Unauthorized users Know your users Authentication Oracle9i Standard Edition, &Oracle9i Enterprise Edition:Passwords, Password man agement

Oracle Advanced Secur ity: Tokens,smar t cards, Kerberos, and so on.

PKI: X.509 Certificates

Unauthorized accessto data

Limit access to data Access Control Oracle9i Standard Edition

Oracle9i Enterpr ise Edition: VirtualPrivate Database

Dynamic querymodification

Fine Grained Access Control Oracle9i Enterpr ise Edition: VirtualPrivate Database

Limit access to d atarows and colum ns

Label Based Access Control Oracle Label Security

Encrypt data Data Encryption Oracle9i Standard Edition, &Oracle9i Enterpr ise Edition

Limit privileges Privilege Management Oracle9i Stand ard Edition: Roles,Privileges

Oracle9i Enterpr ise Edition: SecureApp lication Roles

Oracle Advanced Security:Enterpr ise Roles

Eavesdropp ing oncommunications

Protect th e n etw ork N etw ork En cryp tion Oracle Ad van ced Secu rity:Encryption

Secure Sockets Layer

Corruption of data Protect the network Data Integrity Oracle Advanced Security:Checksumming

PKI: Checksumming (as par t ofSSL)



42/188


Denial of service Cont rol access toresources

Availability Oracle9i Standard Edition &Oracle

Documents

!Moran R. - Oracle9i Security Overview (Part No. A90148-01) (Release 9.0.1) (2001)