Oracle Data Encryption - презентация, доклад, проект скачать

Нажмите для полного просмотра!

Содержание ▲

Вы можете ознакомиться и скачать презентацию на тему Oracle Data Encryption. Доклад-сообщение содержит 40 слайдов. Презентации для любого класса можно скачать бесплатно. Если материал и наш сайт презентаций Mypresentation Вам понравились – поделитесь им с друзьями с помощью социальных кнопок и добавьте в закладки в своем браузере.

Слайды и текст этой презентации

Слайд 1

Описание слайда:

Слайд 2

Описание слайда:

Introduction This presentation describes introduction of data encryption into Oracle databases and how “Transparent Data Encryption” in Oracle 11g can benefit DBAs in achieving compliancy with Payment Card Industry Data Security Standard.

Слайд 3

Описание слайда:

Content Identification of threats Basic framework of Oracle security PCI requirements What is Encryption ? Encryption in Oracle: DBMS_OBFUSCATION_TOOLKIT, DBMS_CRYPTO, TDE Demo of Transparent Data Encryption

Слайд 4

Описание слайда:

Identification of Threats What are the Common Security Threats ? Eavesdropping and Data Theft Data Tampering Falsifying User Identities Password Related Threats

Слайд 5

Описание слайда:

Basic Framework of Oracle Security Securing database during installation Securing user accounts Managing user privileges Auditing database activity Securing network Securing data (encryption, VPD, Database Vault)

Слайд 6

Описание слайда:

PCI Requirements What is Payment Card Industry Data Security Standard (PCI DSS) ? Founded by American Express, Visa, MasterCard, Discover Financial Services, and JCB The standards apply to all organizations that store, process or transmit cardholder data Any company processing, storing, or transmitting cardholder data must be PCI DSS compliant https://www.pcisecuritystandards.org/

Слайд 7

Описание слайда:

The Core Elements of DSS Build and Maintain a Secure Network Protect Cardholder Data (encryption) Maintain a Vulnerability Management Program Implement Strong Access Control Measures Regularly Monitor and Test Networks Maintain an Information Security Policy

Слайд 8

Описание слайда:

What is encryption ? Transformation of information using “encryption algorithm” into a form that can not be deciphered without a decryption key

Слайд 9

Описание слайда:

Two types of encryption: Symmetric key encryption Public-key (asymmetric key) encryption

Слайд 10

Описание слайда:

Symmetric Key Encryption Method in which both the sender and receiver share the same key

Слайд 11

Описание слайда:

Слайд 12

Описание слайда:

Public Key Encryption The public key is freely distributed, while its paired private key remains secret The public key is typically used for encryption, while the private or secret key is used for decryption

Слайд 13

Описание слайда:

Слайд 14

Описание слайда:

Слайд 15

Описание слайда:

Encryption Algorithms Supported by Oracle RC4 DES (Oracle 8 and 9) 3DES (Oracle 10) AES (Oracle 11)

Слайд 16

Описание слайда:

DBMS_OBFUSCATION_TOOLKIT Introduced in Oracle 8i Uses DES algorithm

Слайд 17

Описание слайда:

Syntax DBMS_OBFUSCATION_TOOLKIT.DES3Encrypt( input_string IN VARCHAR2, key_string IN VARCHAR2, which IN PLS_INTEGER DEFAULT TwoKeyMode iv_string IN VARCHAR2 DEFAULT NULL) RETURN VARCHAR2; DBMS_OBFUSCATION_TOOLKIT.DES3DECRYPT( input_string IN VARCHAR2, key_string IN VARCHAR2, which IN PLS_INTEGER DEFAULT TwoKeyMode iv_string IN VARCHAR2 DEFAULT NULL) RETURN VARCHAR2;

Слайд 18

Описание слайда:

Key Management Store the key in the database Store the key in the operating system Have the user manage the key

Слайд 19

Описание слайда:

DBMS_CRYPTO Released in Oracle 10.1 Supports AES Provides automatic padding Different options for block chaining Support for CLOB and BLOB Will deprecate dbms_obfuscation_toolkit

Слайд 20

Описание слайда:

Real Life Both packages are complicated to use Key management represents a problem Encryption / decryption must be done through the application Not used as often as it should be Solution ?

Слайд 21

Описание слайда:

Transparent Data Encryption (TDE) Introduced in Oracle 10.2 – column encryption Enhanced in Oracle 11.1 - tablespace encryption

Слайд 22

Описание слайда:

How is TDE Implemented? 1 Setup Wallet and Master Key 2 Identify columns with sensitive data 3 Review constraints 4 Encrypt existing and new data

Слайд 23

Описание слайда:

Wallet Default wallet location $ORACLE_BASE/admin/$ORACLE_SID/wallet Alternative location specified in sqlnet.ora wallet_location encryption_wallet_location ewallet.p12 Created by creating a new Master key: alter system set encryption key identified by “password “; Load the Master key into the database: alter system set encryption wallet open identified by “password”;

Слайд 24

Описание слайда:

Слайд 25

Описание слайда:

Wallet Maintenance To disable all encryption columns in database: alter system set encryption wallet close; Wallet must be done after database restart: alter system set encryption wallet open authenticated by “password"; Enable auto logging using Wallet Manager or mkwallet utility cwallet.sso

Слайд 26

Описание слайда:

Wallet Backups Back up the wallet to a secure location (HSM), separately from the tape backups. Use RMAN backups which automatically excludes the wallet.Sand*.sso During the OS backups exclude files *.p12 and *.sso

Слайд 27

Описание слайда:

Column Encryption CREATE TABLE employee (name VARCHAR2(128), salary NUMBER(6) ENCRYPT); ALTER TABLE employee ADD (ssn VARCHAR2(11) ENCRYPT); ALTER TABLE employee MODIFY (first_name ENCRYPT); ALTER TABLE employee MODIFY (first_name DECRYPT);

Слайд 28

Описание слайда:

Salt CREATE TABLE employee (name VARCHAR2(128), empID NUMBER ENCRYPT NO SALT, salary NUMBER(6) ENCRYPT USING '3DES168'); CREATE INDEX employee_idx on employee (empID); You cannot create an index on a column that has been encrypted with salt. ORA-28338: cannot encrypt indexed column(s) with salt

Слайд 29

Описание слайда:

Export / Import Must use Datapump expdp hr TABLES=emp DIRECTORY=dpump_dir DUMPFILE=dumpemp.dmp ENCRYPTION=ENCRYPTED_COLUMNS_ONLY ENCRYPTION_PASSWORD=pw2encrypt impdp hr TABLES=employee_data DIRECTORY=dpump_dir DUMPFILE= dumpemp.dmp ENCRYPTION_PASSWORD=pw2encrypt ENCRYPTION_MODE=DUAL ENCRYPTION_MODE=TRANSPARENT

Слайд 30

Описание слайда:

Overheads 5 % – 35 % performance overhead Indexes are using encrypted values Each encrypted value needs 20 bytes for integrity check Encrypted value padded to 16 bytes If using salt, additional 16 bytes needed NOMAC parameter skips integrity check ALTER TABLE employee MODIFY (salary ENCRYPT 'NOMAC');

Слайд 31

Описание слайда:

Incompatible Features Index types other than B-tree Range scan search through an index External large objects (BFILE) Materialized View Logs Transportable Tablespaces Original import/export utilities

Слайд 32

Описание слайда:

TDE - Advantages Simple - can be done in four easy steps! Automatically encrypts database column data before it's written to disk Encryption and decryption is performed through the SQL interface No need for triggers to call encryption API's Views to decrypt data are completely eliminated Encryption is completely transparent to the application

Слайд 33

Описание слайда:

TDE - Disadvantages Will not use indexes where the search criteria requires a range scan “where account number > 10000 or < 20000” will not work with TDE Indexes not possible if using ‘salt’ Performance hit Requires more space

Слайд 34

Описание слайда:

Data Dictionary Views

Слайд 35

Описание слайда:

Tablespace Encryption Compatibility = 11.0.0 or higher CREATE TABLESPACE encryptblspc DATAFILE '/u01/oradata/encryptblspc01.dbf‘ SIZE 200M ENCRYPTION USING '3DES168‘ DEFAULT STORAGE(ENCRYPT); DBA_TABLESPACES

Слайд 36

Описание слайда:

Considerations Great for encrypting whole tables Objects automatically created encrypted All data encrypted including data in TEMP, UNDO, REDO (except BFILEs) Data protected during JOIN and SORT Allows index range scan Can not encrypt existing tablespace Use datapump, “create table as select”, “alter table move” Tablespace can not be enctypted with NO SALT option

Слайд 37

Описание слайда:

Transparent Data Encryption cont. Example

Слайд 38

Описание слайда:

Encryption in Practice Not a solution to all security problems Represents only one layer of Oracle security model Should be implemented in combination with Data Pump, RMAN, VPD and Data Masking PCI’s requirement to change regularly the encryption key is difficult to achieve Only as safe as your wallet With TDE there is no reason why your datafiles should stay unsecured

Слайд 39

Описание слайда:

This presentation explained: What is data encryption Why sensitive data should be secured using encryption Demonstrated how TDE in Oracle 11 can help DBAs to encrypt data in an elegant and easy way With Oracle 11g there is no reason to fail PCI audit !