没有合适的资源?快使用搜索试试~ 我知道了~
首页Oracle 11g数据库高级管理员指南:安全增强与管理
Oracle 11g数据库高级管理员指南:安全增强与管理
需积分: 5 0 下载量 37 浏览量
更新于2024-06-25
收藏 6.97MB PDF 举报
Oracle Database Advanced Security Administrator's Guide 11g Release 2 (11.2) 是Oracle数据库系列的一本专业指南,专为高级安全管理员设计,适用于11.2版本的Oracle数据库管理系统。该文档由Oracle公司于2016年发布,版权归属于Oracle及其关联公司,所有权利受法律保护。 作者Sumit Jeloka带领多位贡献者,包括Min-Hank Ho、Peter Knaggs、Adam Lee等人,共同完成了这一技术密集型的内容编撰。该书深入讲解了Oracle 11g Release 2在高级安全性方面的管理和配置,涉及的主题涵盖了加密、身份验证、授权、审计、访问控制策略、安全日志管理、网络安全以及高级安全功能等。 书中强调了遵守严格的版权协议,未经许可,用户不得擅自复制、修改或分发软件及文档,除非在许可证协议中明确允许或法律规定。此外,该文档还提醒读者,书中信息可能随时更新,且不保证无误,若发现错误,应向Oracle公司报告,以确保内容的准确性和最佳实践。 作为一本详尽的参考手册,Oracle Database Advanced Security Administrator's Guide 11g Release 2对于需要管理和优化大型企业级数据库系统的IT专业人士来说,是不可或缺的工具,它提供了对如何确保数据库安全性的深入理解和实践经验。通过学习和遵循指南中的建议,管理员可以有效地提升组织的数据安全性,防止未经授权的访问,保护敏感信息,并遵循日益严格的法规要求。
资源详情
资源推荐
xvi
Entrust Authority Self-Administration Server ...................................................................... F-3
Entrust Entelligence Desktop Manager.................................................................................. F-3
Entrust Authority Server Login Feature........................................................................................ F-3
Entrust Authority IPSec Negotiator Toolkit.................................................................................. F-3
Entrust Authentication Process ............................................................................................................ F-4
Enabling Entrust Authentication ......................................................................................................... F-4
Creating Entrust Profiles.................................................................................................................. F-4
Administrator-Created Entrust Profiles ................................................................................. F-4
User-Created Entrust Profiles .................................................................................................. F-5
Installing Oracle Advanced Security and Related Products for Entrust-Enabled SSL........... F-5
Configuring SSL on the Client and Server for Entrust-Enabled SSL......................................... F-5
Configuring Entrust on the Client.................................................................................................. F-5
Configuring Entrust on a UNIX Client................................................................................... F-6
Configuring Entrust on a Windows Client ............................................................................ F-6
Configuring Entrust on the Server ................................................................................................. F-6
Configuring Entrust on a UNIX Server .................................................................................. F-6
Configuring Entrust on a Windows Server............................................................................ F-7
Creating Entrust-Enabled Database Users .................................................................................... F-8
Logging Into the Database Using Entrust-Enabled SSL.............................................................. F-8
Issues and Restrictions that Apply to Entrust-Enabled SSL.......................................................... F-9
Troubleshooting Entrust In Oracle Advanced Security .................................................................. F-9
Error Messages Returned When Running Entrust on Any Platform........................................ F-9
Error Messages Returned When Running Entrust on Windows Platforms........................... F-10
General Checklist for Running Entrust on Any Platform......................................................... F-12
Checklist for Entrust Installations on Windows.................................................................. F-12
Glossary
Index
xvii
List of Figures
1–1 Encryption.................................................................................................................................... 1-4
1–2 Strong Authentication with Oracle Authentication Adapters ............................................. 1-6
1–3 How a Network Authentication Service Authenticates a User............................................ 1-7
1–4 Oracle Advanced Security in an Oracle Networking Environment................................. 1-10
1–5 Oracle Net Services with Authentication Adapters............................................................ 1-10
2–1 Oracle Advanced Security Profile in Oracle Net Manager................................................... 2-3
2–2 Oracle Wallet Manager User Interface..................................................................................... 2-5
2–3 Certificate Request Information Displayed in Oracle Wallet Manager Right Pane.......... 2-7
5–1 How Oracle Data Redaction Policies Work in a Chain of Views...................................... 5-36
8–1 TDE Column Encryption Overview......................................................................................... 8-3
8–2 TDE Tablespace Encryption ...................................................................................................... 8-4
11–1 RADIUS in an Oracle Environment ...................................................................................... 11-2
11–2 Synchronous Authentication Sequence ................................................................................ 11-3
11–3 Asynchronous Authentication Sequence ............................................................................. 11-5
13–1 SSL in Relation to Other Authentication Methods.............................................................. 13-7
15–1 Oracle Advanced Security Authentication Window.......................................................... 15-2
F–1 Entrust Authentication Process................................................................................................ F-4
xviii
List of Tables
1–1 Authentication Methods and System Requirements......................................................... 1-11
2–1 Oracle Wallet Manager Navigator Pane Objects................................................................... 2-6
2–2 Oracle Wallet Manager Toolbar Buttons................................................................................ 2-7
2–3 Oracle Wallet Manager Wallet Menu Options ...................................................................... 2-8
2–4 Oracle Wallet Manager Operations Menu Options .............................................................. 2-8
2–5 Oracle Wallet Manager Help Menu Options......................................................................... 2-9
2–6 Common Security Administrator/DBA Configuration and Administrative Tasks..... 2-10
4–1 Redaction Capabilities for Oracle Built-in Data Types......................................................... 4-5
4–2 Redaction Capabilities for the ANSI Data Types.................................................................. 4-6
4–3 Redaction Capabilities for the User Defined Data Types or Oracle Supplied Types ...... 4-6
5–1 DBMS_REDACT Procedures.................................................................................................... 5-2
5–2 Partial Fixed Character Redaction Shortcuts ...................................................................... 5-13
5–3 Shortcuts for the regexp_pattern Parameter....................................................................... 5-21
5–4 Shortcuts for the regexp_replace_string Parameter........................................................... 5-22
5–5 Parameters Required for Various DBMS_REDACT.ALTER_POLICY Actions............. 5-29
5–6 Data Redaction Views ............................................................................................................ 5-38
8–1 Maximum Allowable Size for Data Types .......................................................................... 8-14
8–2 Description of the ALL_ENCRYPTED_COLUMNS Data Dictionary View .................. 8-32
8–3 Description of the V$ENCRYPTED_TABLESPACES View ............................................. 8-33
8–4 Description of the V$WALLET View................................................................................... 8-33
8–5 Description of the V$ENCRYPTION_WALLET View ...................................................... 8-34
8–6 Supported Encryption Algorithms for Transparent Data Encryption............................ 8-43
8–7 Transparent Data Encryption SQL Commands Quick Reference ................................... 8-43
9–1 Two Forms of Attack................................................................................................................. 9-2
9–2 Encryption and Data Integrity Negotiations ......................................................................... 9-5
9–3 Valid Encryption Algorithms................................................................................................... 9-7
10–1 CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_LEVEL Attributes ........... 10-3
10–2 CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_TYPES Attributes............ 10-4
10–3 CONNECTION_PROPERTY_THIN_NET_CHECKSUM_LEVEL Attributes............... 10-4
10–4 CONNECTION_PROPERTY_THIN_NET_CHECKSUM_TYPES Attributes ............... 10-5
10–5 CONNECTION_PROPERTY_THIN_NET_AUTHENTICATION_SERVICES Attributes .....
10-5
11–1 RADIUS Authentication Components................................................................................. 11-2
12–1 Options for the okinit Utility................................................................................................. 12-9
12–2 Options for the oklist Utility ............................................................................................... 12-10
13–1 SSL Cipher Suites.................................................................................................................. 13-11
14–1 KeyUsage Values .................................................................................................................... 14-4
14–2 Oracle Wallet Manager Import of User Certificates to an Oracle Wallet ....................... 14-4
14–3 Oracle Wallet Manager Import of Trusted Certificates to an Oracle Wallet.................. 14-5
14–4 PKI Wallet Encoding Standards ......................................................................................... 14-10
14–5 Types of Certificates ............................................................................................................. 14-15
14–6 Certificate Request: Fields and Descriptions .................................................................... 14-16
14–7 Available Key Sizes............................................................................................................... 14-17
A–1 Algorithm Type Selection ........................................................................................................ A-3
A–2 SQLNET.ENCRYPTION_SERVER Parameter Attributes .................................................. A-3
A–3 SQLNET.ENCRYPTION_CLIENT Parameter Attributes................................................... A-4
A–4 SQLNET.EXTENDED_KEY_USAGE Parameter Attributes............................................... A-4
A–5 SQLNET.CRYPTO_CHECKSUM_SERVER Parameter Attributes.................................... A-4
A–6 SQLNET.CRYPTO_CHECKSUM_CLIENT Parameter Attributes.................................... A-4
A–7 SQLNET.ENCRYPTION_TYPES_SERVER Parameter Attributes .................................... A-5
A–8 SQLNET.ENCRYPTION_TYPES_CLIENT Parameter Attributes..................................... A-5
A–9 SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER Parameter Attributes ..................... A-6
A–10 SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT Parameter Attributes...................... A-6
xix
B–1 Kerberos Authentication Parameters .................................................................................... B-1
B–2 SQLNET.AUTHENTICATION_SERVICES Parameter Attributes.................................... B-2
B–3 SQLNET.RADIUS_AUTHENTICATION Parameter Attributes ....................................... B-2
B–4 SQLNET.RADIUS_AUTHENTICATION_PORT Parameter Attributes .......................... B-2
B–5 SQLNET.RADIUS_AUTHENTICATION_TIMEOUT Parameter Attributes .................. B-2
B–6 SQLNET.RADIUS_AUTHENTICATION_RETRIES Parameter Attributes..................... B-3
B–7 SQLNET.RADIUS_SEND_ACCOUNTING Parameter Attributes ................................... B-3
B–8 SQLNET.RADIUS_SECRET Parameter Attributes.............................................................. B-3
B–9 SQLNET.RADIUS_ALTERNATE Parameter Attributes .................................................... B-3
B–10 SQLNET.RADIUS_ALTERNATE_PORT Parameter Attributes........................................ B-3
B–11 SQLNET.RADIUS_ALTERNATE_TIMEOUT Parameter Attributes................................ B-4
B–12 SQLNET.RADIUS_ALTERNATE_RETRIES Parameter Attributes .................................. B-4
B–13 SQLNET.RADIUS_CHALLENGE_RESPONSE Parameter Attributes............................. B-4
B–14 SQLNET.RADIUS_CHALLENGE_KEYWORD Parameter Attributes............................. B-4
B–15 SQLNET.RADIUS_AUTHENTICATION_INTERFACE Parameter Attributes .............. B-4
B–16 SQLNET.RADIUS_CLASSPATH Parameter Attributes..................................................... B-5
B–17 Wallet Location Parameters..................................................................................................... B-9
C–1 Server Encryption Level Setting ............................................................................................. C-2
D–1 Sample Output from v$session_connect_info ...................................................................... D-5
xx
剩余365页未读,继续阅读
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功