Oracle Advanced Security
Oracle Advanced Security is an option for Oracle Database Enterprise Edition. Oracle Advanced Security provides three main features:
 |
Transparent Data Encryption |
|
Network encryption |
|
Strong authentication |
Oracle Advanced Security transparent data encryption (TDE) helps address existing and emerging privacy and compliance requirements around the globe, including PCI-DSS and the numerous breach notification laws. TDE greatly simplifies the process of encrypting personally identifiable information, intellectual property and other sensitive information. Oracle Advanced Security TDE has been validated with numerous applications, including Oracle E-Business Suite, Oracle Siebel and Oracle PeopleSoft Applications. Oracle Advanced Security TDE also works seamlessly on Oracle Exadata, taking full advantage of the Oracle Exadata hardware for extreme performance.
Transparent Data Encryption
Transparent Data Encryption is an easy and transparent solution for encrypting sensitive data in the Oracle database. The solution is transparent because it requires no changes to applications, encrypting data before it is written to storage and automatically decrypting when reading from storage. TDE supports standard encryption algorithms including AES (up to 256-bit keys) and Triple DES. It leverages the native performance optimizations of the Oracle database and supports hardware-based cryptographic acceleration (available in select Intel® Xeon® and Oracle SPARC processors). First introduced in Oracle Database 10g Release 2, TDE column encryption protects individual columns in specific application tables within the database. TDE tablespace encryption, introduced in Oracle Database 11g Release 1, protects entire tablespaces, eliminating the need to identify individual columns. Tablespace encryption is the default recommendation for the current database release due to its simplicity and the fact that it has no restrictions on data types, range scans or primary keys. In addition, TDE tablespace encryption is certified on Oracle Exadata.
TDE also provides robust encryption key management using a two-tier key architecture. The master encryption key, stored in an Oracle Wallet or a certified hardware security module, is used to protect the data encryption keys. The data encryption keys, which are used to encrypt the actual database data, are managed by TDE transparently.
Network Encryption
When data travels to and from the Oracle database, Oracle Advanced Security can encrypt the network connections using standard algorithms such as AES (up to 256-bit keys), Triple DES, and RC4. Oracle Advanced Security supports both Secure Sockets Layer (SSL) encryption and an Oracle native encryption capability. The support for SSL/TLS follows industry standards. The Oracle native encryption feature provides distinct benefits including the ability to begin encrypting database network connections immediately, without provisioning X.509 certificates. Click here to see how easy it is to setup.
Strong Authentication
Passwords often are not sufficient to meet stringent security requirements. Strong authentication techniques address this problem by introducing security concepts such as tickets, cards, PIN entry and tokens into the authentication process. Certain strong authentication techniques allow you to combine concepts for "multi-factor" user authentication. Oracle Advanced Security supports a range of strong authentication techniques. Database users can be authenticated using:
|
Kerberos |
|
PKI (certificate-based authentication and encryption) |
|
RADIUS (Remote Authentication Dial-In User Service) |
Database
Printer View