Oracle Technology Network
 
 
   

Configuring Network Data Encryption

< Do not delete this text because it is a placeholder for the generated list of "main" topics when run in a browser>

Purpose

This tutorial demonstrates the simplicity and effectiveness of network encryption. To encrypt network traffic between the Oracle Database server and potentially hundreds or thousands of Oracle clients, you only need to enable encryption on the server.

The purpose of a secure cryptosystem is to convert plaintext data into unintelligible ciphertext based on a key, in such a way that it is very hard (computationally infeasible) to convert ciphertext back into its corresponding plaintext without knowledge of the correct key.

Time to Complete

Approximately 30 minutes.

Overview

In this tutorial, you perform the following tasks:

  • Establish a connection between an Oracle client and a remote Oracle database
  • '"Sniff" network traffic to see clear text
  • Enable network encryption only on the Oracle Database server
  • "Sniff" network traffic to see ciphertext

Software and Hardware Requirements

The following is a list of software requirements:

  • Oracle Database 11g
  • Oracle Advanced Security Database option

Prerequisites

Before starting this tutorial, you should:

.

Install Oracle Database 11g

.

Install the Oracle Advanced Security Database option

Configuring the Client to Connect to a Remote Database

To configure your PC client to connect to a remote database, perform the following steps:

.

On your PC client, click Start and then All Programs. Expand your Oracle Home. Expand Configuration and Migration Tools. Invoke Net Manager.

 

.

Expand Local. Select Service Naming and click the green + (plus) sign to create a new service name.

 

.

In the Net Service Name field, enter a name for the net service name you wish to create. In this example, the name "remote_db" is used. Click Next.

 

.

Select "TCP/IP (Internet Protocol)" and click Next.

 

.

Enter the host name or the IP address of the server for your database. Accept the default port number of 1521 or enter the port number that is appropriate for your database listener. Click Next.

 

.

Select "(Oracle8i or later) Service Name" and provide the service name of your database. Click Next.

 

.

Click Test to test your connection configuration. Note: By default the connection is tested using the username of SCOTT with a password of TIGER.

 

.

You can change the user for the connection test by clicking Change Login.

 

.

Enter the username and password. Click OK.

 

.

Click Test again.

 

.

After your connection test succeeds, click Close.

 

.

Select your new service name and verify that the information is correct.

 

.

Select Save Network Configuration in the File menu to save your configuration.

 

.

Select Exit in the File menu to exit Oracle Net Manager.

 

OPTIONAL: Monitoring Network Traffic


To monitor the network traffic, perform the following steps:

.

On your PC client, invoke SQL*Plus. Connect as the HR user with the appropriate password. Issue the following SQL statement to retrieve a row from the HR.EMPLOYEES table:

SELECT last_name, salary FROM employees WHERE employee_id=100;

 

.

On your database server, use a tool such as Wireshark to view the network traffic, including your SQL statement executed in Step 1. As shown in this example, you should be able to see the value of " King" and the salary value in the row selected from the EMPLOYEES table.

 

Configuring Network Data Encryption on the Server

To configure network data encryption on the Oracle Database server, perform the following steps:

.

Enter netmgr at the operating system prompt.

 

.

The Oracle Net Manager Welcome page is displayed. Expand Local.

 

.

Select Profile. Select Oracle Advanced Security in the Naming menu.

 

.

Click the Encryption tab.

 

.

Verify that the Encryption field is set to SERVER. Select required in the Encryption Type menu. Enter fewer than 70 random characters in the Encryption Seed field. Select the encryption method by highlighting it in the Available Methods list and clicking > to move it to the Selected Methods list.

 

.

Select File -> Save Network Configuration to save your changes.

 

.

Select Exit to exit Oracle Net Manager.

 

OPTIONAL: Monitoring Network Traffic

To monitor network traffic and verify network data encryption, perform the following steps:

.

On your PC client, once again invoke SQL*Plus. Connect as the HR user with the appropriate password. Issue the following SQL statement to retrieve a row from the HR.EMPLOYEES table:

SELECT last_name, salary FROM employees WHERE employee_id=100;

 

.

On your database server, once again use a tool such as Wireshark to view the network traffic, including your SQL statement executed in Step 1. As shown in this example, now that the data is encrypted you can no longer see the value of "King" or the salary value in the row selected from the EMPLOYEES table.

 

Summary

In this tutorial you learned that encryption needs to be enabled only on the server, greatly simplify the deployment of native network encryption for any number of Oracle clients.

In this tutorial, you have learned how to:

  • Configure a client to connect to a remote database
  • Configure network data encryption on the Oracle Database server

Resources

  • Oracle Database Advanced Security Administrator’s Guide 11g Release 2 (11.2)

Credits

  • Lead Curriculum Developer: Donna Keesling
  • Author: Peter Wahl

 
Oracle Is The Information Company About Oracle | Oracle RSS Feeds | Careers | Contact Us | Site Maps | Legal Notices | Terms of Use | Your Privacy Rights
 
false ,,,,,,,,,,,,,,,,