Skip Headers

Oracle® Security Overview
10g Release 1 (10.1)

Part Number B10777-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Feedback

Go to previous page
Previous
View PDF

Index

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  R  S  T  U  V  W  X 


A

access
unauthorized, 1-13
access control
described, 1-5
directory, 5-5
least privilege, 9-5
Oracle Connection Manager, 9-52
access control lists (ACLs), 6-2
administration
delegation of, 5-7, 9-46
enterprise user, 9-49
application context
accessed globally, 9-13
accessed locally, 9-13
initialized externally, 9-13
initialized globally, 9-13
overview, 9-12
secure, 9-18
virtual private database (VPD), 9-12
application security
directory-based, 5-6
policies, 9-16
requirements, 1-14
secure application role, 9-21
auditing
customizable, 7-2, 9-6
fine-grained, 7-3, 9-21
in multitier systems, 7-3
introduction, 7-1
multitier applications, 9-22
security requirements, 7-1
authentication, 9-25
application user proxy authentication, 9-14
biometric, 9-35
CyberSafe, 4-3, 9-34
DCE, 4-6, 9-36
described, 1-5, 4-1, 9-5
directory, 5-4
Entrust/PKI, 8-6, 9-34
Kerberos, 4-3
methods, 8-5, 9-4, 9-31
multitier, 6-4
password-authenticated users, 6-3
password-based, 4-2
PKI certificate-based, 4-7, 8-4
PKI methods, 8-5, 9-32
proxy, 3-6, 4-7, 9-10
RADIUS protocol, 4-4, 9-34
SecurID, 9-35
smart cards, 4-5, 9-35
SSL, 8-6, 9-33
strong, 4-2, 9-31
token cards, 4-4, 9-35
authorization
biometrics, 4-6
described, 1-5
directory, 5-5, 5-6
multitier, 6-4
proxy, 4-7
availability
Real Application Clusters, 9-9
security factors, 1-6, 2-12, 9-7

B

backup and recovery, 9-8
Baltimore Technologies, 9-33
biometric authorization, 4-6, 9-35

C

certificate authorities, 9-33
introduction, 8-4
certificates
contents, 8-5
introduction, 8-4
support for multiple, 9-42
trusted, 8-5, 9-40
X.509 Version 3, 8-6
checksums, 9-27, 9-47
algorithms, 3-4
SSL, 9-28
confidentiality, 1-4
connection
management, 9-51
multitier, 3-2
connection pooling, 4-8, 9-14
credentials
secure storage, 8-7
CyberSafe ActiveTrust, 4-3
CyberSafe authentication, 4-3, 9-34

D

data
deep data protection, 9-15
encryption of stored, 2-10
Data Encryption Standard (DES), 2-11, 3-4, 9-6, 9-27
database links
current user, 9-39
DBMS_OBFUSCATION_TOOLKIT, 9-6
directory security
administrative roles, 5-10
application security, 5-6, 9-39
domains and roles, 5-8
discretionary access control (DAC)
least privilege, 9-5
Distributed Computing Environment (DCE)
authentication, 4-6, 9-36

E

encryption
algorithms, 2-10, 3-4
for network transmission, 3-3, 9-26
stored data, 2-10, 9-6
enterprise roles, 2-5, 9-49
enterprise user security
features, 9-37
global roles, 2-5
graphical user interfaces, 9-38
introduction, 6-1
privilege administration, 6-2
enterprise users
password authenticated, 6-3, 9-37
Entrust certificates, 9-40
Entrust Profile, 9-33
Entrust/PKI authentication, 8-6, 9-33

F

failover, 9-9
Federal Information Processing Standard 140-1 (FIPS), 9-24
fine-grained access control
facilitating VPD, 9-19
per-user, 9-20
fine-grained auditing, 7-3, 9-21
firewalls, 3-5, 9-52, 9-53

G

GTE CyberTrust certificates, 9-40, 9-41

H

hashing, password, 5-4

I

integrity
checking, 3-4
database mechanisms, 2-11, 9-3
described, 1-6
directory, 9-47
entity integrity enforcement, 9-4
Oracle Advanced Security features, 9-27
referential, 2-11, 9-4
Internet
access control, 9-54
data access increased, 1-8
hosted system security, 1-10, 9-16
increased data availability, 1-9
large user communities, 1-10
scalability of security, 1-10, 9-15
security challenges, 1-7
security features, 9-15
security requirements, 1-7

J

Java
class execution, 9-23
security implementation, 9-23
Java Database Connectivity (JDBC)
application user proxy authentication, 9-12
encryption, 9-30
JDBC-OCI driver, 3-7, 9-10, 9-29
network security, 3-7
supported drivers, 9-29
Thin driver, 3-7, 9-29
Java Secure Socket Extension (JSSE), 9-31
Java virtual machine (JVM), 9-23
java.lang.SecurityManager, 9-23

K

Kerberos authentication, 4-3, 9-34
Kerberos Single Sign-On, 4-3

L

label based access control
introduction, 2-9
Oracle Label Security, 9-44
LDAP
application security, 5-6
compliance, 9-47
delegation of administration, 5-7
directory access controls, 5-5
introduction, 5-2
Oracle Internet Directory, 9-41
security features, 5-2
server instance architecture, 9-48
single sign-on, 9-36
lightweight sessions, 4-8
Login Server, 4-10

M

MD4 hashing scheme, 5-5, 9-47
MD5 Checksum, 3-4, 5-5, 9-7, 9-27, 9-28, 9-47
Microsoft Active Directory, 9-39
multitier systems
auditing, 7-3, 9-22
authentication, 6-4
proxy authentication, 4-7, 9-11
security, 3-6
single sign-on, 4-10

N

network security
database enforced, 3-3
encryption, 3-3
firewalls, 3-5
Java Database Connectivity (JDBC), 3-7
managing privileges, 2-7
multitier connection management, 3-2
Oracle Advanced Security features, 9-26
PKI, 8-8
Secure Sockets Layer, 3-5
valid node checking, 3-2
VPD database enforced access, 9-55

O

Oracle Advanced Security, 9-23, 9-25
authentication, 9-31
PKI implementation, 9-39
Oracle Application Server
SSL encryption, 9-28
Oracle Call Interface (OCI)
JDBC driver, 9-10
JDBC-OCI driver, 3-7
PKI, 9-40
Oracle Connection Manager, 3-2
firewall support, 9-53
firewalls, 9-52
security features, 9-51
Oracle Enterprise Login Assistant, 9-33, 9-41
Oracle Enterprise Security Manager, 9-39, 9-41, 9-42
Oracle Internet Directory, 9-41
architecture, 9-48
components, 9-47
enterprise user administration, 9-49
security benefits, 9-47
security features, 9-45
Oracle Java SSL, 9-31
Oracle Label Security, 9-21, 9-44
Oracle Net Firewall Proxy, 9-53
Oracle Net Services, 9-26
protocol support, 9-51
security features, 9-50
Oracle Password Protocol, 9-31
Oracle Policy Manager, 9-20
Oracle Wallet Manager, 8-7, 9-31, 9-33, 9-41, 9-42
Oracle wallets, 9-40

P

partitioning, 9-19
virtual private database (VPD), 9-19
passwords
authentication, 4-2
authentication of enterprise users, 6-3, 9-37
protection in directory, 5-4, 9-47
security risks, 1-13
PKCS #12 containers, 9-42
PKCS#10 certificates, 9-41
policy function, 9-55
privacy of communications, 1-5
privileges
enterprise administration, 6-2
least, 9-5
managing, 2-3
network facilities, 2-7
roles to manage, 2-4
schema object, 2-2, 2-3
stored procedures to manage, 2-6
system, 2-2
views to manage, 2-7
profiles
user, 9-7
protocol conversion, 9-51
proxy authentication, 3-6, 4-7, 9-10
application user, 9-11, 9-14
directory, 9-11
expanded credential, 9-11
Kerberos and CyberSafe, 9-34
proxy authorization, 4-7
Public Key Certificate Standard #12 (PKCS#12), 8-7
Public Key Certificate Standards (PKCS), 9-33
public key infrastructure (PKI)
advantages, 8-3
authentication, 4-7, 9-32
authentication methods, 8-5
certificate-based authentication, 8-4
components, 8-2, 9-40
cryptography, 8-3
interoperability, 9-42
introduction, 8-1
network security, 8-8
Oracle Advanced Security, 9-39
Oracle implementation, 9-43
security features, 8-1
single sign-on, 8-7
supported vendors, 9-33

R

RADIUS protocol
authentication, 4-4, 9-34
smart cards, 9-35
supported vendors, 9-34
RADIUS-compliant smart cards, 4-5
RADIUS-compliant token cards, 4-4
RC4 encryption algorithm, 2-11, 3-4, 9-27
Real Application Clusters
availability, 9-9
referential integrity, 9-4
replication, advanced, 9-8
resource limitation, 9-7
roles
database, 2-4
directory administration, 5-10
enterprise, 2-5, 6-4
global, 2-5
managing privileges, 2-4
secure application, 2-6
secure application role, 9-21
types of, 9-5
row level security
introduction, 2-8
RSA certificates, 9-40, 9-41
RSA Data Security RC4, 3-4, 9-27
RSA SecurID tokens, 9-35

S

scalability
security, 1-14, 9-14
schema objects
privileges on, 2-3
secure application roles, 2-6, 9-21, 9-55
Secure Hash Algorithm (SHA), 3-5, 5-5, 9-27, 9-28, 9-47
Secure Sockets Layer (SSL), 9-40
authentication, 8-6, 9-33
checksums, 9-28
encryption, 9-28
network security, 3-5
Oracle Internet Directory, 9-46
single sign-on, 9-41
SecurID token cards, 9-35
security
administration team, 1-17
application, 9-16
application context, 9-12
application user proxy authentication, 9-14
auditing, 7-1
availability, 1-6, 2-12
credentials, storage, 8-7
database, 2-2
database integrity mechanisms, 2-11
deep data protection, 9-15
directory authentication, 5-4
directory-based, 5-6, 9-39
enterprise user, 6-1
firewalls, 3-5
good practices, 2-13
hosted systems, 1-10
integrity, 1-6
Internet, 1-7, 1-10, 9-15
Java Beans, 9-25
Java implementation, 9-23
label based access control, 2-9
LDAP features, 5-2
multitier systems, 1-14, 3-6
myths, 1-2
network, 9-26
Oracle Advanced Security, 9-23
Oracle Enterprise Edition, 9-14
Oracle Internet Directory, 9-45
Oracle Label Security, 9-44
Oracle Net Services, 9-50
Oracle Standard Edition, 9-1
password protection, 1-13, 5-4
personnel dimension, 1-3
physical dimension, 1-3
PKI, 8-1
privileges, 2-2
procedural dimension, 1-4
requirements, 1-14
row level, 2-8
scalability, 1-14, 9-14
scope of issues, 1-2
secure application role, 9-21
security directory integrity, 5-1
shared schemas, 6-2
single sign-on, 4-9, 6-4
strong authentication, 4-2
technical dimension, 1-4
threats and countermeasures, 1-11, 1-15
virtual private database (VPD), 2-9
SecurityManager class, 9-23
sessions
lightweight, 4-8
multiplexing, 9-52
shared schemas
Oracle Internet Directory, 9-50
security features, 6-2, 9-38
single sign-on
Entrust-based, 9-33, 9-36
implementations, 4-9, 9-36
introduction, 6-4
multitier, 4-10
Oracle Enterprise Login Assistant, 9-41
PKI, 8-7, 9-36
server-based, 4-9
Single Sockets Layer (SSL)
current user database links, 9-39
smart cards, 4-5, 9-35
storage
secure credentials, 8-7
secure data, 1-5
stored data encryption, 1-5
stored program units
managing privileges, 2-6, 9-6

T

tables
privileges on, 2-3
TCP.EXCLUDED_NODES networking parameter, 9-54
TCP.INVITED_NODES networking parameter, 9-54
TCP.VALIDNODE_CHECKING networking parameter, 9-54
token cards, 9-35
benefits, 4-4
Triple DES (3DES), 2-11, 3-4, 9-6, 9-27, 9-43

U

UNIX hashing scheme, 5-5
user models, 9-20
users
authentication of, 9-5

V

valid node checking, 3-2, 9-54
VeriSign, 9-33, 9-40, 9-41
views
complex and dynamic, 2-9
managing privileges, 2-7, 9-6
virtual private database (VPD), 9-19
application context, 9-12
database enforced network access, 9-55
how it works, 9-18
introduction, 2-9
network security, 3-3
Oracle Label Security, 9-21, 9-44
Oracle Policy Manager, 9-20
overview, 9-17
user models, 9-20

W

wallets, 9-40
encryption, 9-43

X

X.509 Version 3 certificates, 8-6, 9-10, 9-11, 9-33, 9-40, 9-41, 9-42