The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be - PowerPoint PPT Presentation

About This Presentation
Title:

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be

Description:

This presentation contains information proprietary to Oracle Corporation. When in Doubt, Encrypt Encryption Recognized as Defensible Safeguard Security Breach ... – PowerPoint PPT presentation

Number of Views:284
Avg rating:3.0/5.0

less

Transcript and Presenter's Notes

Title: The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be


1
(No Transcript)
2
The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into
any contract. It is not a commitment to deliver
any material, code, or functionality, and should
not be relied upon in making purchasing
decisions.The development, release, and timing
of any features or functionality described for
Oracles products remains at the sole discretion
of Oracle.
3
Encrypt Your Sensitive Data Transparently in 30
Minutes or Less
  • Paul Youn Peter Wahl
  • Senior Member of Technical Staff Senior Product
    Manager

4
When in Doubt, EncryptEncryption Recognized as
Defensible Safeguard
  • Security Breach Notification Laws recognize
    encryption as a safeguard against data breaches
  • Encryption is now a de-facto solution for
    regulatory compliance with all data privacy and
    breach notification laws

5
Oracle Advanced SecurityFeature Overview
Strong Authentication
  • Transparent Data Encryption
  • Full tablespace encryption
  • Column-level
  • Encrypted backups (RMAN) and Data Pump Exports
  • Built-In Key Management
  • Managed by the database
  • Hardware Security Module (HSM) integration
  • Network Encryption
  • Strong Authentication

Network Encryption
gt
75,000
Encrypted Tape Backups, Disk Backups, Exports
6
Prepare Database for TDE Tablespace
EncryptionConfigure External Security Module
  • Create directory to store Oracle Wallet or
    install and configure Hardware Security Module
  • Create Master Key alter system set encryption
    key identified by password

7
Rolling out TDE Tablespace Encryption
  • Fresh Application Installation
  • Modify install scripts to create encrypted
    tablespaces
  • Install application using the modified script
  • Existing Application
  • Use Online Table Redefinition to transparently
    migrate an existing application
  • No downtime
  • Transparent to application and application users

8
Fresh InstallationExample Peoplesoft Enterprise
  • Edit xxDDL.sql install scripts (e.g. epddl.sql)
  • Replace
  • CREATE TABLESPACE AMAPP DATAFILE
    /opt/oracle/oradata/amapp.dbf SIZE 90M EXTENT
    MANAGEMENT LOCAL AUTOEXTENT
  • With
  • CREATE TABLESPACE AMAPP DATAFILE
    /opt/oracle/oradata/amapp.dbf SIZE 90M EXTENT
    MANAGEMENT LOCAL AUTOEXTENT ENCRYPTION using
    AES256 DEFAULT STORAGE(ENCRYPT)
  • Run script

9
Existing InstallationStep-by-Step Preparation
  • SYS grants execution rights for Online Table
    Redefinition to SYSADM
  • Temporary additional storage size of largest
    tablespace
  • Create new encrypted tablespaces containing all
    interim tables that correspond to the source
    tablespaces and tables

10
Existing InstallationStep-by-Step Create
Initial Encrypted Copies
  • Create a procedure that generates individual
    scripts to start redefining all tables in a
    tablespace at a time
  • Copy dependent objects using dbms_redefinition.cop
    y_table_dependents (indexes, triggers,
    constraints, privileges, statistics, MVlogs)

11
Existing InstallationStep-by-Step Synchronize
and Finish
  • Create a procedure that generates individual
    scripts to synchronize interim with original
    tables
  • Create a procedure that generates individual
    scripts that automatically finishes the
    redefinition process
  • Synchronize interim and original tables
  • Names of original tables and interim tables are
    switched
  • Original tables briefly locked
  • Rename the original tablespaces
  • Rename encrypted tablespaces to original
    tablespace name
  • alter tablespace ltTBS_NAME_ENCgt rename to
    ltTBS_NAMEgt

12
For More Information
search.oracle.com
Transparent Data Encryption
or http//www.oracle.com/database/security/index.h
tml
13
Oracle Database Security
Learn More At These Oracle
Sessions
S311340 Classify, Label, and Protect Data Classification and Security with Oracle Label Security Monday 1430 - 1530 Moscone South Room 307
S308113 Oracle Data Masking Pack The Ultimate DBA Survival Tool in the Modern World Tuesday 1130 - 1230 Moscone South Room 102
S311338 All About Data Security and Privacy An Industry Panel Tuesday 1300 - 1400 Moscone South Room 103
S311455 Tips/Tricks for Auditing PeopleSoft and Oracle E-Business Suite Applications from the Database Tuesday 1430 - 1530 Moscone South Room 306
S311339 Meet the Database Security Development Managers Ask Your Questions Tuesday 1600 - 1700 Moscone South Room 306
S311345 Database Auditing Demystified The What, the How, and the Why Tuesday 1730 - 1830 Moscone South Room 306
S311342 Do You Have a Database Security Plan? Wednesday 1145 - 1245 Moscone South Room 102
S311332 Encrypt Your Sensitive Data Transparently in 30 Minutes or Less Wednesday 1300 - 1330 Moscone South Room 103
S311337 Secure Your Existing Application Transparently in 30 Minutes or Less Wednesday 1345 - 1415 Moscone South Room 103
S311344 Securing Your Oracle Database The Top 10 List Wednesday 1700 - 1800 Moscone South Room 308
S311343 Building an Application? Think Data Security First Thursday 1330 - 1430 Moscone South Room 104
14
(No Transcript)
15
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com