SlideShare a Scribd company logo

8 i internet_security

Anil Pandey
Anil Pandey

This document discusses security challenges of doing business over the internet and how Oracle8i addresses these challenges. It describes how Oracle8i provides strong authentication of users and servers through SSL and X.509 certificates. It also explains how Oracle8i preserves user identity through application tiers using lightweight sessions and controls user access to data with virtual private databases and secure application roles.

Software
1 of 15
Download to read offline
Oracle8i™ and Internet Security An Oracle Business White Paper November 1999
Oracle8i and Internet Security November 1999 2 SECURITY CHALLENGES OF THE INTERNET THE DISINTERMEDIATION OF SECURITY One of the primary benefits of extending the business Enterprise to the Internet is disintermediation, a reduction in the supply chain between a customer and a business. As a result, organizations are better able to serve their customers, and to gauge their needs and preferences. Customers get faster access to information, goods and services. Organizations save money by “ cutting out the middleman,” and can potentially increase revenues by using the Internet as a sales channel. These factors all combine to make doing business on the Internet extremely compelling for organizations. Whether the Internet represents a web-front store, or a way of computing, the disintermediation of security, is a potentially serious risk of doing business on the Internet. Consider an order entry application moving from a client-server deployment in-house, to a web-based storefront. In the former case, people accessing the application are known to the company and are trusted to handle orders for multiple customers, orders which they take over the phone. There are many “ layers” of security involved, from the telephone itself (which is reasonably secure against tampering or eavesdropping), to the employee herself, who is using an application accessible only within the organization, that allows her to review multiple customers’ orders. Both the employee and the application are thus largely trusted by the company. While strong access control mechanisms are required, these access control mechanisms are generally embedded within the application itself and are not very granular, since a single order entry clerk typically enters orders for multiple customers. Now those applications, once staffed by in-house personnel, have become self-service web-based applications, so you can no longer put all your trust in a privileged user accessing a privileged application. Instead of an employee entering, manipulating, and altering data for multiple customers, customers may place their own orders and access them directly. As a result, access control must be far stronger and more granular than in a strictly intranet application. For
example, if customers access their orders directly over the Internet, an organization needs to ensure that customers only see their own orders, and not those of any other customers. The result of the disintermediation of security is that thousands of potentially unknown users may access mission-critical data directly, instead of a limited group of known users accessing data only within the Enterprise. OPEN NETWORKS ARE INHERENTLY INSECURE Another security challenge of doing business on the Internet is that open networks are inherently insecure, because data can be read in-transit by virtually anyone, friend or foe. Suddenly, your most valuable data, including business transactions, customer data and information, is passing over insecure networks. Organizations that feel perfectly comfortable allowing business plans to travel from client to server, or application server to data server inside their internal networks, feel far differently about allowing those plans to travel through the Internet. Companies who seek to harness the Internet to conduct business must take steps to ensure both the confidentiality of their data and the integrity of their data. CONSTRAINTS OF THE INTERNET The range of possible solutions to these security challenges is further constrained by the nature of the Internet itself. Doing business over the Internet, particularly business-to-business transactions, involves communication between disparate networks, therefore, solutions must be open and interoperable. Otherwise, organizations can, at best, deploy one-off, proprietary virtual private networks (VPNs), which cannot truly harness the Internet. Furthermore, any security solutions must be scalable, to handle hundreds of thousands of connections and hundreds of thousands of users. Of course, these solutions must also be manageable. Oracle8i and Internet Security November 1999 3
Oracle8i and Internet Security November 1999 4 KNOW YOUR USERS A solution to the Internet security challenge posed by thousands of potentially unknown users is a simple one: “ know your users.” “Know your users,” however, encompasses multiple elements, including strong authentication (knowing who a user is) as well as authorizations (limiting what a user can do). Additionally, these security mechanisms must be applied within the three-tier environment typical of Internet applications: client or thin client to application server to data server. STRONG, STANDARDS-BASED AUTHENTICATION A popular and important Internet security standard is the Secure Sockets Layer (SSL) protocol. SSL uses digital certificates and a public key infrastructure (PKI) to provide the major pieces of security: authentication of people and machines, encryption techniques for privatizing, and checksums for protecting against data modification or snooping. The importance of verifying the identity of not only users, but also of machines, becomes crucial when an organization opens its doors to the Internet. Most organizations have chosen to protect their databases by keeping them inside of the network and placing a web server outside of the network. Used in combination with a firewall and other security measures, the data can remain safe. The data server’s ability to authenticate the web server, therefore, is extremely important. You must verify that the web server is what it claims to be, so that you can trust it to pass data ¾ encrypted or unencrypted ¾ to the outside world. SSL provides the critical authentication piece along with the data privacy piece of the security solution. SSL uses industry-standard X.509 certificates for authentication. Oracle’s implementation of SSL, both in Oracle® Application Server and in Oracle8i, takes advantage of X.509 version 3 certificates. An X.509 certificate is analogous to a driver’s license containing a user’s identifying information. In Oracle8i, SSL works in the following manner: a client is issued an X.509 certificate and a private key which is stored in an Oracle Wallet. When the client initiates a Net8™ connection to the server, SSL performs a handshake between the two processes using the private key and
certificate. If it is successful, the client is granted access. This handshake is transparent to the user. Oracle Application Server supports SSL authentication for both HTTP, and IIOP (the Internet Intra-ORB Protocol); in the former case for web client and web listener authentication, and in the latter case for CORBA client and ORB authentication. In both cases, the standard SSL options of anonymous (no authentication), server-only authentication, and mutual client-server authentication are supported. Server-only authentication requires that the server have an X.509 certificate installed and that the client have the appropriate root data (the public key from the certificate authority (CA) which generated the server certificate) so that the client can verify the server certificate. Mutual authentication requires both client and server have certificates and appropriate roots installed. Oracle environments doing business over the Internet can have assurance in the strong, standards-based authentication of users, because both Oracle8i and Oracle Application Server both support SSL-based authentication of users as well as servers. SSL SSL SSL nj%9# !&n8R4 HTTP Net8 Oracle Client Firewall Oracle Server Oracle8i and Internet Security November 1999 5 Server ® !&n8R4 Net8 Oracle Application Server Internet Figure 1. SSL Secures Oracle and Internet Communications PRESERVING USER IDENTITY In order to “ know your users” in an Internet environment, an organization must be able to preserve the identity of the real user through the tiers of an application: from client to application server to data server. If the application server (or other middle tier) connects to the database as a super-privileged user, the application server can perform all actions on behalf of all users, which loses the desired individual identity and accountability. However, in order to
exploit the connection pooling offered by many application servers, the challenge becomes preservation of the user identity through the middle tier, without the overhead of setting up a separate authenticated user connection from the application server to the data server. After all, the middle tier will have authenticated the user, and can authenticate itself to the data server; therefore, it’s simply not necessary re-authenticate the user all the way through to the data server! For these environments, Oracle8i provides “ lightweight session” creation via the Oracle® Call Interface; applications can have multiple user sessions within a single database session. These “ lightweight sessions” allow a middle tier to create a session on behalf of the “ real” user, without the overhead of a separate database connection, thus preserving the identity of the real user through the middle tier. While the middle tier authenticates itself to Oracle8i, the “ real user” need not be re-authenticated, and can “ piggyback” on the initial application server connection. Another benefit is that middle tier applications no longer need to store and retrieve database passwords for users. Oracle8i also avoids the problem of the “ super-privileged” application server, by limiting the ability of middle tiers to initiate connections on behalf of users. For example, the “ WebStore” application server could be privileged to create a lightweight user session for Fred using Fred’s “customer ” role only, but not create sessions for Marie. Oracle8i enhances accountability by enabling organizations to audit actions taken on behalf of the “ real” user by the middle tier. Oracle8i’s audit records capture both the logged-in user (i.e., the “ WebStore” application server that initiated the connection), and the user on whose behalf an action is taken. Auditing user activity, whether users are connected through a middle tier or directly to the data server, enhances user accountability, and thus the overall security of three-tier systems. RADIUS SUPPORT RADIUS is another key element in knowing the identity of users accessing the Enterprise remotely. The RADIUS (Remote Authentication Dial-In User Service) protocol is an industry standard for remote authentication and controlled access to networks; it is implemented by Oracle8i and Internet Security November 1999 6
almost all organizations that allow remote user access. Many Enterprises have standardized on RADIUS because of its widespread acceptance in the industry, its flexibility, and its ability to provide user authentication, authorization, and accounting between a network client and an authentication server, as well as centralizing all user information in order to ease and reduce the cost of user administration. RADIUS support to Oracle8i is provided through the Advanced Security Option, and offers two major benefits for Oracle users. First, it readily integrates into existing systems, by making the Oracle8i data server a RADIUS client, therefore capitalizing on the infrastructure and investment that organizations have already made. Second, it extends the solutions for authenticating users to Oracle by enabling support for new authentication technologies such as token cards, smartcards and challenge-response mechanisms. With very little development effort required by a technology provider, Oracle customers’ choices of authentication mechanisms are extensively expanded. The Advanced Security Option already interoperates with a number of authentication services provided by third-party vendors with technologies such as token cards, Kerberos implementations, and biometric devices. With RADIUS, support for any new authentication services is built-in to Oracle. RADIUS allows the network equipment vendor (Oracle) to support one authentication protocol (RADIUS) on the server, while authentication vendors supply the specific RADIUS server. Little development effort is required by the technology provider, and more authentication solutions ¾ such as smartcards ¾ are available with enhanced features such as accounting and challenge-response methods of authentication, and accounting, two services that have never before been supported. Oracle8i and Internet Security November 1999 7
Oracle8i and Internet Security November 1999 8 RADIUS Server Smartcards Username Password 72891 Oracle8i passes authentication information to another server for validation Server ® Firewalls Routers Authentication Servers Token Cards Figure 2. RADIUS Integration In a Network With Oracle, Remote Access, and Strong Authentication
Oracle8i and Internet Security November 1999 9 CONTROL USER ACCESS Extending the Enterprise to the Internet may potentially expose an organization’s valuable, mission-critical data to any user accessing the network from the Internet, because the disintermediation effect of the Internet also reduces the layers of security between a user and the data the user accesses. Therefore, organizations seeking to extend the Enterprise must implement strong, data-driven, user-based access control, that extends from the client through the application server, to the data itself. THE VIRTUAL PRIVATE DATABASE Giving customers and partners direct access to mission-critical systems over the Internet may yield reduced cost, better service, and more timely information, but it also offers new challenges. Organizations must not only keep data safe from prying eyes, but they must segregate data appropriately, often to the level of individual customers or users. Also, many companies are interested in providing Internet “ hosting” environments, with a well-designed and well-managed computing infrastructure, but must keep the data of each “ hosted” corporation separate and secure from each other, while allowing customizations and data access methods which best meet their individual needs. Oracle8i sets a new standard in security with the introduction of the Virtual Private Database: server-enforced, fine-grained access control, together with a secure application context, enabling multiple customers and partners to have secure direct access to mission-critical data. The Virtual Private Database enables, within a single database, per-user or per-customer data access with the assurance of physical data separation. For Internet access, the Virtual Private Database can ensure that online banking customers see only their own accounts, and that web storefront customers see only their own orders. Web hosting companies can maintain multiple companies’ data in the same Oracle8i database, while allowing each company to see only its own data. Within the Enterprise, the Virtual Private Database results in a lower cost of ownership in deploying applications. Security can be built once, in the data server, rather than in each application which accesses data. Security is stronger, because it is enforced by the data server,
no matter how a user accesses data. Security is no longer bypassed by a user accessing an ad hoc query tool or new report writer. The Virtual Private Database is enabled by associating one or more security policies with tables or views. Direct or indirect access to a table with an attached security policy causes the data server to consult a function implementing the policy. The policy function returns an access condition known as a predicate (a WHERE clause) which the data server appends to the SQL statements, thus dynamically modifying the user’s data access. A secure application context enables access conditions to be based on virtually any attributes an application deems significant, such as organization, cost center, account number, or position. For example, a human resources application may base its security on “ organization,” “ employee number,” and “ position;” that is, a user in the “manager” position can see the employee records of all employees in his “ organization,” while a user in the “ employee” position can only see and update records matching his own “employee number. ” Oracle8i and Internet Security November 1999 10 SELECT * FROM ORDERS SELECT * FROM ORDERS Figure 3. The Virtual Private Database: Customers View Their Own Orders Only The Virtual Private Database ensures that, no matter how a user gets to the data (through an application, a report writing tool or SQL*Plus®) the same strong access control policy is enforced. The Virtual Private Database can help banks ensure that customers see their own
accounts (and nobody else’s), that telecommunications firms can keep customer records safely segregated, and that human resources applications can support their complex rules of data access to employee records. The Virtual Private Database is key enabling technology in opening mission-critical systems to partners and customers over the Internet. SECURE APPLICATION ROLES As organizations open their mission-critical systems to the Internet, it is imperative that they control not only what a user may access, but how a user may access it. For example, an organization deploying a web storefront application must ensure that any privileges the user employs in the back-end order entry database are only enabled within the web storefront application. To address this need, Oracle8i introduces the secure application role, a role which can be enabled only through an application. Oracle8i’s secure application roles enable security in thin client or web-based applications by ensuring that the privileges enabled within the middle tier are only enabled within the application. Application roles are defined in Oracle8i such that an application can validate a SET ROLE command (using any desired criteria) prior to allowing SET ROLE to succeed. Oracle8i ensures that it is a trusted package ¾ a secure program element ¾ enabling the SET ROLE command. For example, Oracle8i can ensure that the user is connected through an application server proxying the user’s identity to the database, and that the user is not connected to the database directly (and thus invoking the role outside of the application). All database privileges the user needs may be granted to the application role; as a result, the user can’t access any data except within the application. Prior to secure application roles, system security officers who wanted to ensure that users only enabled roles through applications (and not directly in the data server) had to rely on “ security by obscurity” to obtain this functionality. You could embed a role enabled by password within an application (for which the users who are granted the role did not know the password), but the password needed to be supplied by the application in some way, e.g., by burying the password within the application. Oracle8i and Internet Security November 1999 11
Secure application roles are key enabling technology in extending the Enterprise to the Internet, because they can ensure that users only access data through your Internet applications. Oracle8i and Internet Security November 1999 12 INTEGRATED SECURITY AND DIRECTORY SERVICES An inherent challenge of any distributed system is that common application information ¾ including user information, such as mailstop, organizational unit and a user’s digital certificate ¾ is often fragmented across the Enterprise, leading to data that is redundant, inconsistent, and expensive to manage. Directories are being viewed by an increasing number of Oracle and third-party products as the best mechanism to make Enterprise information available to multiple different systems within an Enterprise. Directories also make it possible for organizations to access or share certain types of information over the Internet, for example, through a virtual private network. The trend towards directories has been accelerated by the recent growth of the Lightweight Directory Access Protocol (LDAP). A specific type of Enterprise information which is commonly proposed for storage in a directory is privilege and access control information. Both user privileges, represented as roles, and object constraints, represented as Access Control Lists (ACLs) listing those users who may access an object, may be stored in a directory. Oracle Application Server is currently capable of storing and accessing, in one or more LDAP directories, ACLs for objects on the application server. Similarly, Oracle8i supports Enterprise roles: centrally-administered privilege sets, maintained in Oracle Internet Directory, or any other LDAP-compliant directory. Enterprise roles enable strong, centralized authorization of users. Also, an administrator can add capabilities to Enterprise roles (granted to multiple users) without having to update the authorizations of each user independently. Oracle Security Manager (an extension to Oracle Enterprise Manager) provides one tool to centrally manage user definitions and assign Enterprise roles, resulting in a lower cost of user administration throughout the Enterprise. Another benefit of single station administration is that if security is easy to administer, organizations are more likely to implement strong security throughout the Enterprise.
Oracle Internet Directory, integrated with multiple Oracle products, is a native LDAP version 3 implementation that combines the mission-critical strength of Oracle’s database technology with the flexibility of the Internet standard. Oracle Internet Directory is the default data repository for accessing Oracle8i Enterprise user information, including X.509 certificates, and Enterprise roles. Centralized user and privilege management provides multiple benefits to organizations deploying Internet-based applications. Common information can be readily accessed by individuals who need it. User privileges may be centralized and thus secured. Eventually, Oracle users will be completely directory-based, meaning that organizations can support hundreds of thousands of users, merely by defining a user once in a directory server, providing the scalability and manageability required for Internet applications. Oracle8i and Internet Security November 1999 13 PROTECT DATA IN THE NETWORK The security challenge posed by the insecurity of data transmission over the Internet can be met by the data confidentiality and integrity mechanisms offered by secure networking protocols. The Secure Sockets Layer (SSL) protocol was developed by Netscape Corporation to prevent eavesdropping, tampering with, or forging messages over the Internet, and is widely-used over the Internet to give users established digital identities. SSL is the leading security protocol for the Internet, and it provides data encryption, data integrity, and client and server authentication to secure all sessions. SSL SUPPORT IN ORACLE Oracle Application Server supports Secure Sockets Layer (SSL) to protect data privacy between the browser and the application server, as well as authenticating the application server and, optionally, the user. Oracle Advanced Security for Oracle8i (formerly known as the Advanced Networking Option) also supports SSL, to ensure data privacy and integrity between web servers and corporate data servers. These two products together provide an end-to-end solution for the privacy and integrity of data flowing through networks and across the Internet.
SSL secures not only Net8 connections to the data server, but other protocols such as IIOP, LDAP and HTTP. By capitalizing on Java™ support, Oracle Advanced Security secures IIOP connections, giving Oracle the ability to work with thin clients and Enterprise JavaBeans™ (EJB). SSL both encrypts network traffic and authenticates Oracle clients and servers. By using SSL, Oracle servers can authenticate users by utilizing standard X.509 version 3 certificates. The inclusion of SSL in Oracle Advanced Security expands support for encryption and provides public key authentication based on the SSL standard. SSL provides encryption and data integrity (also called checksumming) through cipher suites. Cipher suites are sets of authentication, encryption and data integrity types. The client and server each have a list of cipher suites they support and they negotiate which one is to be used during connection. Oracle Advanced Security offers choices of encryption, such as DES and RC4. Among the encryption provided by cipher suites is Triple DES. Because it uses more than one 56-bit key employed by standard DES, Triple DES is a considerably stronger means of protecting data. Triple DES is increasingly being used by organizations requiring strong security. Support for SSL in Oracle Advanced Security closes the loop for secure end-to-end communications between any client, a web server or application server, and an Oracle8i data server. The addition of Oracle Application Server in the Oracle environment provides end-to-end Oracle8i and Internet Security November 1999 14 network security.
Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: +1.650.506.7000 Fax +1.650.506.7200 http://www.oracle.com/ Copyright © Oracle Corporation 1999 All Rights Reserved This document is provided for informational purposes only, and the information herein is subject to change without notice. Please report any errors herein to Oracle Corporation. Oracle Corporation does not provide any warranties covering and specifically disclaims any liability in connection with this document. Oracle and SQL*Plus are registered trademarks and Oracle8i and Net8 are trademarks or registered trademarks of Oracle Corporation. All other company and product names mentioned are used for identification purposes only and may be trademarks of their respective owners.

Recommended

AzureAAD
AzureAADAzureAAD
AzureAADTonyHotko
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Authentication With Captive Portal
Authentication With Captive PortalAuthentication With Captive Portal
Authentication With Captive PortalWavecrest Computing
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Arx brochure - Intellect Design
Arx brochure - Intellect DesignArx brochure - Intellect Design
Arx brochure - Intellect DesignRajat Jain
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyTentacle Cloud
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementGluu
 

Recommended

AzureAAD
AzureAADAzureAAD
AzureAADTonyHotko
 
How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?How to deploy SharePoint 2010 to external users?
How to deploy SharePoint 2010 to external users?rlsoft
 
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...
SharePoint 2010 Extranets and Authentication: How will SharePoint 2010 connec...Brian Culver
 
Authentication With Captive Portal
Authentication With Captive PortalAuthentication With Captive Portal
Authentication With Captive PortalWavecrest Computing
 
Identity and Access Management Introduction
Identity and Access Management IntroductionIdentity and Access Management Introduction
Identity and Access Management IntroductionAidy Tificate
 
Arx brochure - Intellect Design
Arx brochure - Intellect DesignArx brochure - Intellect Design
Arx brochure - Intellect DesignRajat Jain
 
Best Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyBest Practices to Protect Customer Data Effectively
Best Practices to Protect Customer Data EffectivelyTentacle Cloud
 
Packt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementPackt publishing book proposal api and mobile access management
Packt publishing book proposal api and mobile access managementGluu
 
Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Toolsijtsrd
 
Web Services Security - Short Report
Web Services Security - Short ReportWeb Services Security - Short Report
Web Services Security - Short ReportMuhammad Jawaid Shamshad
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
Access management
Access managementAccess management
Access managementVenkatesh Jambulingam
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...Authentic8
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistJignesh Solanki
 
816isdfo
816isdfo816isdfo
816isdfoAnil Pandey
 
Cloud computing identity management summary
Cloud computing identity management summaryCloud computing identity management summary
Cloud computing identity management summaryBrandon Dunlap
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industryCloudMask inc.
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the CloudGWAVA
 
Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breachCloudMask inc.
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust NetworksPractical Code, LLC
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityAhmed Banafa
 
Identity Management
Identity ManagementIdentity Management
Identity ManagementVenkatesh Jambulingam
 
Identity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyIdentity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyDavid J Rosenthal
 
akamai's [state of internet] / security
akamai's [state of internet] / securityakamai's [state of internet] / security
akamai's [state of internet] / securityThe Internet of Things
 
Internet Security Threat
Internet Security ThreatInternet Security Threat
Internet Security ThreatMichael Yatskievych
 

More Related Content

What's hot

Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Toolsijtsrd
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersCorey Roth
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 Michael Noel
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataEMC
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010Michael Noel
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...Authentic8
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsJohn Bauer
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistJignesh Solanki
 
Cloud computing identity management summary
Cloud computing identity management summaryCloud computing identity management summary
Cloud computing identity management summaryBrandon Dunlap
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industryCloudMask inc.
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the CloudGWAVA
 
Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breachCloudMask inc.
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing SecurityAhmed Banafa
 
Identity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyIdentity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyDavid J Rosenthal
 

What's hot (20)

Hexnode Identity and Access Management solution
Hexnode Identity and Access Management solutionHexnode Identity and Access Management solution
Hexnode Identity and Access Management solution
 
Identity and Access Management Tools
Identity and Access Management ToolsIdentity and Access Management Tools
Identity and Access Management Tools
 
Web Services Security - Short Report
Web Services Security - Short ReportWeb Services Security - Short Report
Web Services Security - Short Report
 
Extending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partnersExtending SharePoint 2010 to your customers and partners
Extending SharePoint 2010 to your customers and partners
 
Access management
Access managementAccess management
Access management
 
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010 SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
SEASPC 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
 
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
TechEd Africa 2011 - Collaborating with Extranet Partners on SharePoint 2010
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
 
SSO Strategy Implementation Considerations
SSO Strategy Implementation ConsiderationsSSO Strategy Implementation Considerations
SSO Strategy Implementation Considerations
 
Mobile App Security: Enterprise Checklist
Mobile App Security: Enterprise ChecklistMobile App Security: Enterprise Checklist
Mobile App Security: Enterprise Checklist
 
816isdfo
816isdfo816isdfo
816isdfo
 
Cloud computing identity management summary
Cloud computing identity management summaryCloud computing identity management summary
Cloud computing identity management summary
 
Securing sensitive data for the health care industry
Securing sensitive data for the health care industrySecuring sensitive data for the health care industry
Securing sensitive data for the health care industry
 
Protect your data in / with the Cloud
Protect your data in / with the CloudProtect your data in / with the Cloud
Protect your data in / with the Cloud
 
Protect your Data even under breach
Protect your Data even under breachProtect your Data even under breach
Protect your Data even under breach
 
Zero Trust Networks
Zero Trust NetworksZero Trust Networks
Zero Trust Networks
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Identity Management
Identity ManagementIdentity Management
Identity Management
 
Identity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor TechnologyIdentity and Access Management from Microsoft and Razor Technology
Identity and Access Management from Microsoft and Razor Technology
 

Viewers also liked

akamai's [state of internet] / security
akamai's [state of internet] / securityakamai's [state of internet] / security
akamai's [state of internet] / securityThe Internet of Things
 
Sqlia classification v1, till 2010
Sqlia classification v1, till 2010Sqlia classification v1, till 2010
Sqlia classification v1, till 2010Krassen Deltchev
 
New Web 2.0 Attacks, B.Sc. Thesis
New Web 2.0 Attacks, B.Sc. ThesisNew Web 2.0 Attacks, B.Sc. Thesis
New Web 2.0 Attacks, B.Sc. ThesisKrassen Deltchev
 
Automated Validation of Internet Security Protocols and Applications (AVISPA)
Automated Validation of Internet Security Protocols and Applications (AVISPA) Automated Validation of Internet Security Protocols and Applications (AVISPA)
Automated Validation of Internet Security Protocols and Applications (AVISPA) Krassen Deltchev
 
Web Application Forensics: Taxonomy and Trends
Web Application Forensics: Taxonomy and TrendsWeb Application Forensics: Taxonomy and Trends
Web Application Forensics: Taxonomy and TrendsKrassen Deltchev
 
Formation "Médias numeriques et évolutions" (Clemi - PAF)
Formation "Médias numeriques et évolutions" (Clemi - PAF)Formation "Médias numeriques et évolutions" (Clemi - PAF)
Formation "Médias numeriques et évolutions" (Clemi - PAF)Alexandre Acou
 
Performance of Group Key Agreement Protocols( Theory)
Performance of Group Key Agreement Protocols( Theory) Performance of Group Key Agreement Protocols( Theory)
Performance of Group Key Agreement Protocols( Theory) Krassen Deltchev
 
XAdES Specification based on the Apache XMLSec Project
XAdES Specification based on the Apache XMLSec Project XAdES Specification based on the Apache XMLSec Project
XAdES Specification based on the Apache XMLSec Project Krassen Deltchev
 

Viewers also liked (9)

akamai's [state of internet] / security
akamai's [state of internet] / securityakamai's [state of internet] / security
akamai's [state of internet] / security
 
Internet Security Threat
Internet Security ThreatInternet Security Threat
Internet Security Threat
 
Sqlia classification v1, till 2010
Sqlia classification v1, till 2010Sqlia classification v1, till 2010
Sqlia classification v1, till 2010
 
New Web 2.0 Attacks, B.Sc. Thesis
New Web 2.0 Attacks, B.Sc. ThesisNew Web 2.0 Attacks, B.Sc. Thesis
New Web 2.0 Attacks, B.Sc. Thesis
 
Automated Validation of Internet Security Protocols and Applications (AVISPA)
Automated Validation of Internet Security Protocols and Applications (AVISPA) Automated Validation of Internet Security Protocols and Applications (AVISPA)
Automated Validation of Internet Security Protocols and Applications (AVISPA)
 
Web Application Forensics: Taxonomy and Trends
Web Application Forensics: Taxonomy and TrendsWeb Application Forensics: Taxonomy and Trends
Web Application Forensics: Taxonomy and Trends
 
Formation "Médias numeriques et évolutions" (Clemi - PAF)
Formation "Médias numeriques et évolutions" (Clemi - PAF)Formation "Médias numeriques et évolutions" (Clemi - PAF)
Formation "Médias numeriques et évolutions" (Clemi - PAF)
 
Performance of Group Key Agreement Protocols( Theory)
Performance of Group Key Agreement Protocols( Theory) Performance of Group Key Agreement Protocols( Theory)
Performance of Group Key Agreement Protocols( Theory)
 
XAdES Specification based on the Apache XMLSec Project
XAdES Specification based on the Apache XMLSec Project XAdES Specification based on the Apache XMLSec Project
XAdES Specification based on the Apache XMLSec Project
 

Similar to 8 i internet_security

8 isecurity database
8 isecurity database8 isecurity database
8 isecurity databaseAnil Pandey
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersRishabh Gupta
 
Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Modeltom termini
 
Authentication in cloud computing
Authentication in cloud computingAuthentication in cloud computing
Authentication in cloud computingvidhya dharmarajan
 
The Top 5 Risks of Cloud Migration
The Top 5 Risks of Cloud Migration The Top 5 Risks of Cloud Migration
The Top 5 Risks of Cloud Migration Protected Harbor
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptxchelsi33
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfSahilSingh316535
 
Carrying out safe exploration short of the actual data of codes and trapdoors
Carrying out safe exploration short of the actual data of codes and trapdoorsCarrying out safe exploration short of the actual data of codes and trapdoors
Carrying out safe exploration short of the actual data of codes and trapdoorsIaetsd Iaetsd
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptxRushikeshChikane2
 
E-Business And Technology Essay
E-Business And Technology EssayE-Business And Technology Essay
E-Business And Technology EssayPamela Wright
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
4192 sslvpn sb_0412
4192 sslvpn sb_04124192 sslvpn sb_0412
4192 sslvpn sb_0412Hai Nguyen
 
Achieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing reportAchieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing reportKiran Girase
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET Journal
 
Enhanced security framework to ensure data security
Enhanced security framework to ensure data securityEnhanced security framework to ensure data security
Enhanced security framework to ensure data securityeSAT Publishing House
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providersiosrjce
 

Similar to 8 i internet_security (20)

8 isecurity database
8 isecurity database8 isecurity database
8 isecurity database
 
Implementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommutersImplementing an improved security for collin’s database and telecommuters
Implementing an improved security for collin’s database and telecommuters
 
Authentication cloud
Authentication cloudAuthentication cloud
Authentication cloud
 
Bluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security ModelBluedog white paper - Our WebObjects Web Security Model
Bluedog white paper - Our WebObjects Web Security Model
 
Authentication in cloud computing
Authentication in cloud computingAuthentication in cloud computing
Authentication in cloud computing
 
The Top 5 Risks of Cloud Migration
The Top 5 Risks of Cloud Migration The Top 5 Risks of Cloud Migration
The Top 5 Risks of Cloud Migration
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptx
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdf
 
Carrying out safe exploration short of the actual data of codes and trapdoors
Carrying out safe exploration short of the actual data of codes and trapdoorsCarrying out safe exploration short of the actual data of codes and trapdoors
Carrying out safe exploration short of the actual data of codes and trapdoors
 
Chapter 2 System Security.pptx
Chapter 2 System Security.pptxChapter 2 System Security.pptx
Chapter 2 System Security.pptx
 
International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)International Journal of Engineering Inventions (IJEI)
International Journal of Engineering Inventions (IJEI)
 
E-Business And Technology Essay
E-Business And Technology EssayE-Business And Technology Essay
E-Business And Technology Essay
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?
 
4192 sslvpn sb_0412
4192 sslvpn sb_04124192 sslvpn sb_0412
4192 sslvpn sb_0412
 
Achieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing reportAchieving Secure, sclable and finegrained Cloud computing report
Achieving Secure, sclable and finegrained Cloud computing report
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
 
Enhanced security framework to ensure data security
Enhanced security framework to ensure data securityEnhanced security framework to ensure data security
Enhanced security framework to ensure data security
 
I017225966
I017225966I017225966
I017225966
 
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service ProvidersA Secure Framework for Cloud Computing With Multi-cloud Service Providers
A Secure Framework for Cloud Computing With Multi-cloud Service Providers
 

More from Anil Pandey

National health policy_2017
National health policy_2017National health policy_2017
National health policy_2017Anil Pandey
 
Class 3-computer-pt3-rev-ws-56
Class 3-computer-pt3-rev-ws-56Class 3-computer-pt3-rev-ws-56
Class 3-computer-pt3-rev-ws-56Anil Pandey
 
Class 3-social-pt3-rev-ws-for-uploading
Class 3-social-pt3-rev-ws-for-uploadingClass 3-social-pt3-rev-ws-for-uploading
Class 3-social-pt3-rev-ws-for-uploadingAnil Pandey
 
Class 3-science-pt3-rev-ws-for-uploading
Class 3-science-pt3-rev-ws-for-uploadingClass 3-science-pt3-rev-ws-for-uploading
Class 3-science-pt3-rev-ws-for-uploadingAnil Pandey
 
Class 3-math-pt3-rev-ws-for-uploading
Class 3-math-pt3-rev-ws-for-uploadingClass 3-math-pt3-rev-ws-for-uploading
Class 3-math-pt3-rev-ws-for-uploadingAnil Pandey
 
Class 3-hindi-pt3-rev-ws-for-uploading
Class 3-hindi-pt3-rev-ws-for-uploadingClass 3-hindi-pt3-rev-ws-for-uploading
Class 3-hindi-pt3-rev-ws-for-uploadingAnil Pandey
 
Class 3-english-pt3-rev-ws-for-uploading
Class 3-english-pt3-rev-ws-for-uploadingClass 3-english-pt3-rev-ws-for-uploading
Class 3-english-pt3-rev-ws-for-uploadingAnil Pandey
 
Art of indexing_in_o8i
Art of indexing_in_o8iArt of indexing_in_o8i
Art of indexing_in_o8iAnil Pandey
 
Apps session wait_tables
Apps session wait_tablesApps session wait_tables
Apps session wait_tablesAnil Pandey
 
Application sql issues_and_tuning
Application sql issues_and_tuningApplication sql issues_and_tuning
Application sql issues_and_tuningAnil Pandey
 
Appliance whitepaper 8_i
Appliance whitepaper 8_iAppliance whitepaper 8_i
Appliance whitepaper 8_iAnil Pandey
 

More from Anil Pandey (20)

26 bg2020
26 bg202026 bg2020
26 bg2020
 
National health policy_2017
National health policy_2017National health policy_2017
National health policy_2017
 
Class 3-computer-pt3-rev-ws-56
Class 3-computer-pt3-rev-ws-56Class 3-computer-pt3-rev-ws-56
Class 3-computer-pt3-rev-ws-56
 
Class 3-social-pt3-rev-ws-for-uploading
Class 3-social-pt3-rev-ws-for-uploadingClass 3-social-pt3-rev-ws-for-uploading
Class 3-social-pt3-rev-ws-for-uploading
 
Class 3-science-pt3-rev-ws-for-uploading
Class 3-science-pt3-rev-ws-for-uploadingClass 3-science-pt3-rev-ws-for-uploading
Class 3-science-pt3-rev-ws-for-uploading
 
Class 3-math-pt3-rev-ws-for-uploading
Class 3-math-pt3-rev-ws-for-uploadingClass 3-math-pt3-rev-ws-for-uploading
Class 3-math-pt3-rev-ws-for-uploading
 
Class 3-hindi-pt3-rev-ws-for-uploading
Class 3-hindi-pt3-rev-ws-for-uploadingClass 3-hindi-pt3-rev-ws-for-uploading
Class 3-hindi-pt3-rev-ws-for-uploading
 
Class 3-english-pt3-rev-ws-for-uploading
Class 3-english-pt3-rev-ws-for-uploadingClass 3-english-pt3-rev-ws-for-uploading
Class 3-english-pt3-rev-ws-for-uploading
 
As onew816a
As onew816aAs onew816a
As onew816a
 
Art of indexing_in_o8i
Art of indexing_in_o8iArt of indexing_in_o8i
Art of indexing_in_o8i
 
Apps session wait_tables
Apps session wait_tablesApps session wait_tables
Apps session wait_tables
 
Application sql issues_and_tuning
Application sql issues_and_tuningApplication sql issues_and_tuning
Application sql issues_and_tuning
 
Appliance whitepaper 8_i
Appliance whitepaper 8_iAppliance whitepaper 8_i
Appliance whitepaper 8_i
 
Appd2 cg
Appd2 cgAppd2 cg
Appd2 cg
 
A85248
A85248A85248
A85248
 
35 dbatune3
35 dbatune335 dbatune3
35 dbatune3
 
9ias
9ias9ias
9ias
 
9i lin relnotes
9i lin relnotes9i lin relnotes
9i lin relnotes
 
9i hp relnotes
9i hp relnotes9i hp relnotes
9i hp relnotes
 
8i r3 nfs
8i r3 nfs8i r3 nfs
8i r3 nfs
 

Recently uploaded

Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odishasmiwainfosol
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024StefanoLambiase
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...Technogeeks
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 

Recently uploaded (20)

Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company OdishaBalasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
Balasore Best It Company|| Top 10 IT Company || Balasore Software company Odisha
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
Dealing with Cultural Dispersion — Stefano Lambiase — ICSE-SEIS 2024
 
What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...What is Advanced Excel and what are some best practices for designing and cre...
What is Advanced Excel and what are some best practices for designing and cre...
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 

8 i internet_security

  • 1. Oracle8i™ and Internet Security An Oracle Business White Paper November 1999
  • 2. Oracle8i and Internet Security November 1999 2 SECURITY CHALLENGES OF THE INTERNET THE DISINTERMEDIATION OF SECURITY One of the primary benefits of extending the business Enterprise to the Internet is disintermediation, a reduction in the supply chain between a customer and a business. As a result, organizations are better able to serve their customers, and to gauge their needs and preferences. Customers get faster access to information, goods and services. Organizations save money by “ cutting out the middleman,” and can potentially increase revenues by using the Internet as a sales channel. These factors all combine to make doing business on the Internet extremely compelling for organizations. Whether the Internet represents a web-front store, or a way of computing, the disintermediation of security, is a potentially serious risk of doing business on the Internet. Consider an order entry application moving from a client-server deployment in-house, to a web-based storefront. In the former case, people accessing the application are known to the company and are trusted to handle orders for multiple customers, orders which they take over the phone. There are many “ layers” of security involved, from the telephone itself (which is reasonably secure against tampering or eavesdropping), to the employee herself, who is using an application accessible only within the organization, that allows her to review multiple customers’ orders. Both the employee and the application are thus largely trusted by the company. While strong access control mechanisms are required, these access control mechanisms are generally embedded within the application itself and are not very granular, since a single order entry clerk typically enters orders for multiple customers. Now those applications, once staffed by in-house personnel, have become self-service web-based applications, so you can no longer put all your trust in a privileged user accessing a privileged application. Instead of an employee entering, manipulating, and altering data for multiple customers, customers may place their own orders and access them directly. As a result, access control must be far stronger and more granular than in a strictly intranet application. For
  • 3. example, if customers access their orders directly over the Internet, an organization needs to ensure that customers only see their own orders, and not those of any other customers. The result of the disintermediation of security is that thousands of potentially unknown users may access mission-critical data directly, instead of a limited group of known users accessing data only within the Enterprise. OPEN NETWORKS ARE INHERENTLY INSECURE Another security challenge of doing business on the Internet is that open networks are inherently insecure, because data can be read in-transit by virtually anyone, friend or foe. Suddenly, your most valuable data, including business transactions, customer data and information, is passing over insecure networks. Organizations that feel perfectly comfortable allowing business plans to travel from client to server, or application server to data server inside their internal networks, feel far differently about allowing those plans to travel through the Internet. Companies who seek to harness the Internet to conduct business must take steps to ensure both the confidentiality of their data and the integrity of their data. CONSTRAINTS OF THE INTERNET The range of possible solutions to these security challenges is further constrained by the nature of the Internet itself. Doing business over the Internet, particularly business-to-business transactions, involves communication between disparate networks, therefore, solutions must be open and interoperable. Otherwise, organizations can, at best, deploy one-off, proprietary virtual private networks (VPNs), which cannot truly harness the Internet. Furthermore, any security solutions must be scalable, to handle hundreds of thousands of connections and hundreds of thousands of users. Of course, these solutions must also be manageable. Oracle8i and Internet Security November 1999 3
  • 4. Oracle8i and Internet Security November 1999 4 KNOW YOUR USERS A solution to the Internet security challenge posed by thousands of potentially unknown users is a simple one: “ know your users.” “Know your users,” however, encompasses multiple elements, including strong authentication (knowing who a user is) as well as authorizations (limiting what a user can do). Additionally, these security mechanisms must be applied within the three-tier environment typical of Internet applications: client or thin client to application server to data server. STRONG, STANDARDS-BASED AUTHENTICATION A popular and important Internet security standard is the Secure Sockets Layer (SSL) protocol. SSL uses digital certificates and a public key infrastructure (PKI) to provide the major pieces of security: authentication of people and machines, encryption techniques for privatizing, and checksums for protecting against data modification or snooping. The importance of verifying the identity of not only users, but also of machines, becomes crucial when an organization opens its doors to the Internet. Most organizations have chosen to protect their databases by keeping them inside of the network and placing a web server outside of the network. Used in combination with a firewall and other security measures, the data can remain safe. The data server’s ability to authenticate the web server, therefore, is extremely important. You must verify that the web server is what it claims to be, so that you can trust it to pass data ¾ encrypted or unencrypted ¾ to the outside world. SSL provides the critical authentication piece along with the data privacy piece of the security solution. SSL uses industry-standard X.509 certificates for authentication. Oracle’s implementation of SSL, both in Oracle® Application Server and in Oracle8i, takes advantage of X.509 version 3 certificates. An X.509 certificate is analogous to a driver’s license containing a user’s identifying information. In Oracle8i, SSL works in the following manner: a client is issued an X.509 certificate and a private key which is stored in an Oracle Wallet. When the client initiates a Net8™ connection to the server, SSL performs a handshake between the two processes using the private key and
  • 5. certificate. If it is successful, the client is granted access. This handshake is transparent to the user. Oracle Application Server supports SSL authentication for both HTTP, and IIOP (the Internet Intra-ORB Protocol); in the former case for web client and web listener authentication, and in the latter case for CORBA client and ORB authentication. In both cases, the standard SSL options of anonymous (no authentication), server-only authentication, and mutual client-server authentication are supported. Server-only authentication requires that the server have an X.509 certificate installed and that the client have the appropriate root data (the public key from the certificate authority (CA) which generated the server certificate) so that the client can verify the server certificate. Mutual authentication requires both client and server have certificates and appropriate roots installed. Oracle environments doing business over the Internet can have assurance in the strong, standards-based authentication of users, because both Oracle8i and Oracle Application Server both support SSL-based authentication of users as well as servers. SSL SSL SSL nj%9# !&n8R4 HTTP Net8 Oracle Client Firewall Oracle Server Oracle8i and Internet Security November 1999 5 Server ® !&n8R4 Net8 Oracle Application Server Internet Figure 1. SSL Secures Oracle and Internet Communications PRESERVING USER IDENTITY In order to “ know your users” in an Internet environment, an organization must be able to preserve the identity of the real user through the tiers of an application: from client to application server to data server. If the application server (or other middle tier) connects to the database as a super-privileged user, the application server can perform all actions on behalf of all users, which loses the desired individual identity and accountability. However, in order to
  • 6. exploit the connection pooling offered by many application servers, the challenge becomes preservation of the user identity through the middle tier, without the overhead of setting up a separate authenticated user connection from the application server to the data server. After all, the middle tier will have authenticated the user, and can authenticate itself to the data server; therefore, it’s simply not necessary re-authenticate the user all the way through to the data server! For these environments, Oracle8i provides “ lightweight session” creation via the Oracle® Call Interface; applications can have multiple user sessions within a single database session. These “ lightweight sessions” allow a middle tier to create a session on behalf of the “ real” user, without the overhead of a separate database connection, thus preserving the identity of the real user through the middle tier. While the middle tier authenticates itself to Oracle8i, the “ real user” need not be re-authenticated, and can “ piggyback” on the initial application server connection. Another benefit is that middle tier applications no longer need to store and retrieve database passwords for users. Oracle8i also avoids the problem of the “ super-privileged” application server, by limiting the ability of middle tiers to initiate connections on behalf of users. For example, the “ WebStore” application server could be privileged to create a lightweight user session for Fred using Fred’s “customer ” role only, but not create sessions for Marie. Oracle8i enhances accountability by enabling organizations to audit actions taken on behalf of the “ real” user by the middle tier. Oracle8i’s audit records capture both the logged-in user (i.e., the “ WebStore” application server that initiated the connection), and the user on whose behalf an action is taken. Auditing user activity, whether users are connected through a middle tier or directly to the data server, enhances user accountability, and thus the overall security of three-tier systems. RADIUS SUPPORT RADIUS is another key element in knowing the identity of users accessing the Enterprise remotely. The RADIUS (Remote Authentication Dial-In User Service) protocol is an industry standard for remote authentication and controlled access to networks; it is implemented by Oracle8i and Internet Security November 1999 6
  • 7. almost all organizations that allow remote user access. Many Enterprises have standardized on RADIUS because of its widespread acceptance in the industry, its flexibility, and its ability to provide user authentication, authorization, and accounting between a network client and an authentication server, as well as centralizing all user information in order to ease and reduce the cost of user administration. RADIUS support to Oracle8i is provided through the Advanced Security Option, and offers two major benefits for Oracle users. First, it readily integrates into existing systems, by making the Oracle8i data server a RADIUS client, therefore capitalizing on the infrastructure and investment that organizations have already made. Second, it extends the solutions for authenticating users to Oracle by enabling support for new authentication technologies such as token cards, smartcards and challenge-response mechanisms. With very little development effort required by a technology provider, Oracle customers’ choices of authentication mechanisms are extensively expanded. The Advanced Security Option already interoperates with a number of authentication services provided by third-party vendors with technologies such as token cards, Kerberos implementations, and biometric devices. With RADIUS, support for any new authentication services is built-in to Oracle. RADIUS allows the network equipment vendor (Oracle) to support one authentication protocol (RADIUS) on the server, while authentication vendors supply the specific RADIUS server. Little development effort is required by the technology provider, and more authentication solutions ¾ such as smartcards ¾ are available with enhanced features such as accounting and challenge-response methods of authentication, and accounting, two services that have never before been supported. Oracle8i and Internet Security November 1999 7
  • 8. Oracle8i and Internet Security November 1999 8 RADIUS Server Smartcards Username Password 72891 Oracle8i passes authentication information to another server for validation Server ® Firewalls Routers Authentication Servers Token Cards Figure 2. RADIUS Integration In a Network With Oracle, Remote Access, and Strong Authentication
  • 9. Oracle8i and Internet Security November 1999 9 CONTROL USER ACCESS Extending the Enterprise to the Internet may potentially expose an organization’s valuable, mission-critical data to any user accessing the network from the Internet, because the disintermediation effect of the Internet also reduces the layers of security between a user and the data the user accesses. Therefore, organizations seeking to extend the Enterprise must implement strong, data-driven, user-based access control, that extends from the client through the application server, to the data itself. THE VIRTUAL PRIVATE DATABASE Giving customers and partners direct access to mission-critical systems over the Internet may yield reduced cost, better service, and more timely information, but it also offers new challenges. Organizations must not only keep data safe from prying eyes, but they must segregate data appropriately, often to the level of individual customers or users. Also, many companies are interested in providing Internet “ hosting” environments, with a well-designed and well-managed computing infrastructure, but must keep the data of each “ hosted” corporation separate and secure from each other, while allowing customizations and data access methods which best meet their individual needs. Oracle8i sets a new standard in security with the introduction of the Virtual Private Database: server-enforced, fine-grained access control, together with a secure application context, enabling multiple customers and partners to have secure direct access to mission-critical data. The Virtual Private Database enables, within a single database, per-user or per-customer data access with the assurance of physical data separation. For Internet access, the Virtual Private Database can ensure that online banking customers see only their own accounts, and that web storefront customers see only their own orders. Web hosting companies can maintain multiple companies’ data in the same Oracle8i database, while allowing each company to see only its own data. Within the Enterprise, the Virtual Private Database results in a lower cost of ownership in deploying applications. Security can be built once, in the data server, rather than in each application which accesses data. Security is stronger, because it is enforced by the data server,
  • 10. no matter how a user accesses data. Security is no longer bypassed by a user accessing an ad hoc query tool or new report writer. The Virtual Private Database is enabled by associating one or more security policies with tables or views. Direct or indirect access to a table with an attached security policy causes the data server to consult a function implementing the policy. The policy function returns an access condition known as a predicate (a WHERE clause) which the data server appends to the SQL statements, thus dynamically modifying the user’s data access. A secure application context enables access conditions to be based on virtually any attributes an application deems significant, such as organization, cost center, account number, or position. For example, a human resources application may base its security on “ organization,” “ employee number,” and “ position;” that is, a user in the “manager” position can see the employee records of all employees in his “ organization,” while a user in the “ employee” position can only see and update records matching his own “employee number. ” Oracle8i and Internet Security November 1999 10 SELECT * FROM ORDERS SELECT * FROM ORDERS Figure 3. The Virtual Private Database: Customers View Their Own Orders Only The Virtual Private Database ensures that, no matter how a user gets to the data (through an application, a report writing tool or SQL*Plus®) the same strong access control policy is enforced. The Virtual Private Database can help banks ensure that customers see their own
  • 11. accounts (and nobody else’s), that telecommunications firms can keep customer records safely segregated, and that human resources applications can support their complex rules of data access to employee records. The Virtual Private Database is key enabling technology in opening mission-critical systems to partners and customers over the Internet. SECURE APPLICATION ROLES As organizations open their mission-critical systems to the Internet, it is imperative that they control not only what a user may access, but how a user may access it. For example, an organization deploying a web storefront application must ensure that any privileges the user employs in the back-end order entry database are only enabled within the web storefront application. To address this need, Oracle8i introduces the secure application role, a role which can be enabled only through an application. Oracle8i’s secure application roles enable security in thin client or web-based applications by ensuring that the privileges enabled within the middle tier are only enabled within the application. Application roles are defined in Oracle8i such that an application can validate a SET ROLE command (using any desired criteria) prior to allowing SET ROLE to succeed. Oracle8i ensures that it is a trusted package ¾ a secure program element ¾ enabling the SET ROLE command. For example, Oracle8i can ensure that the user is connected through an application server proxying the user’s identity to the database, and that the user is not connected to the database directly (and thus invoking the role outside of the application). All database privileges the user needs may be granted to the application role; as a result, the user can’t access any data except within the application. Prior to secure application roles, system security officers who wanted to ensure that users only enabled roles through applications (and not directly in the data server) had to rely on “ security by obscurity” to obtain this functionality. You could embed a role enabled by password within an application (for which the users who are granted the role did not know the password), but the password needed to be supplied by the application in some way, e.g., by burying the password within the application. Oracle8i and Internet Security November 1999 11
  • 12. Secure application roles are key enabling technology in extending the Enterprise to the Internet, because they can ensure that users only access data through your Internet applications. Oracle8i and Internet Security November 1999 12 INTEGRATED SECURITY AND DIRECTORY SERVICES An inherent challenge of any distributed system is that common application information ¾ including user information, such as mailstop, organizational unit and a user’s digital certificate ¾ is often fragmented across the Enterprise, leading to data that is redundant, inconsistent, and expensive to manage. Directories are being viewed by an increasing number of Oracle and third-party products as the best mechanism to make Enterprise information available to multiple different systems within an Enterprise. Directories also make it possible for organizations to access or share certain types of information over the Internet, for example, through a virtual private network. The trend towards directories has been accelerated by the recent growth of the Lightweight Directory Access Protocol (LDAP). A specific type of Enterprise information which is commonly proposed for storage in a directory is privilege and access control information. Both user privileges, represented as roles, and object constraints, represented as Access Control Lists (ACLs) listing those users who may access an object, may be stored in a directory. Oracle Application Server is currently capable of storing and accessing, in one or more LDAP directories, ACLs for objects on the application server. Similarly, Oracle8i supports Enterprise roles: centrally-administered privilege sets, maintained in Oracle Internet Directory, or any other LDAP-compliant directory. Enterprise roles enable strong, centralized authorization of users. Also, an administrator can add capabilities to Enterprise roles (granted to multiple users) without having to update the authorizations of each user independently. Oracle Security Manager (an extension to Oracle Enterprise Manager) provides one tool to centrally manage user definitions and assign Enterprise roles, resulting in a lower cost of user administration throughout the Enterprise. Another benefit of single station administration is that if security is easy to administer, organizations are more likely to implement strong security throughout the Enterprise.
  • 13. Oracle Internet Directory, integrated with multiple Oracle products, is a native LDAP version 3 implementation that combines the mission-critical strength of Oracle’s database technology with the flexibility of the Internet standard. Oracle Internet Directory is the default data repository for accessing Oracle8i Enterprise user information, including X.509 certificates, and Enterprise roles. Centralized user and privilege management provides multiple benefits to organizations deploying Internet-based applications. Common information can be readily accessed by individuals who need it. User privileges may be centralized and thus secured. Eventually, Oracle users will be completely directory-based, meaning that organizations can support hundreds of thousands of users, merely by defining a user once in a directory server, providing the scalability and manageability required for Internet applications. Oracle8i and Internet Security November 1999 13 PROTECT DATA IN THE NETWORK The security challenge posed by the insecurity of data transmission over the Internet can be met by the data confidentiality and integrity mechanisms offered by secure networking protocols. The Secure Sockets Layer (SSL) protocol was developed by Netscape Corporation to prevent eavesdropping, tampering with, or forging messages over the Internet, and is widely-used over the Internet to give users established digital identities. SSL is the leading security protocol for the Internet, and it provides data encryption, data integrity, and client and server authentication to secure all sessions. SSL SUPPORT IN ORACLE Oracle Application Server supports Secure Sockets Layer (SSL) to protect data privacy between the browser and the application server, as well as authenticating the application server and, optionally, the user. Oracle Advanced Security for Oracle8i (formerly known as the Advanced Networking Option) also supports SSL, to ensure data privacy and integrity between web servers and corporate data servers. These two products together provide an end-to-end solution for the privacy and integrity of data flowing through networks and across the Internet.
  • 14. SSL secures not only Net8 connections to the data server, but other protocols such as IIOP, LDAP and HTTP. By capitalizing on Java™ support, Oracle Advanced Security secures IIOP connections, giving Oracle the ability to work with thin clients and Enterprise JavaBeans™ (EJB). SSL both encrypts network traffic and authenticates Oracle clients and servers. By using SSL, Oracle servers can authenticate users by utilizing standard X.509 version 3 certificates. The inclusion of SSL in Oracle Advanced Security expands support for encryption and provides public key authentication based on the SSL standard. SSL provides encryption and data integrity (also called checksumming) through cipher suites. Cipher suites are sets of authentication, encryption and data integrity types. The client and server each have a list of cipher suites they support and they negotiate which one is to be used during connection. Oracle Advanced Security offers choices of encryption, such as DES and RC4. Among the encryption provided by cipher suites is Triple DES. Because it uses more than one 56-bit key employed by standard DES, Triple DES is a considerably stronger means of protecting data. Triple DES is increasingly being used by organizations requiring strong security. Support for SSL in Oracle Advanced Security closes the loop for secure end-to-end communications between any client, a web server or application server, and an Oracle8i data server. The addition of Oracle Application Server in the Oracle environment provides end-to-end Oracle8i and Internet Security November 1999 14 network security.
  • 15. Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: +1.650.506.7000 Fax +1.650.506.7200 http://www.oracle.com/ Copyright © Oracle Corporation 1999 All Rights Reserved This document is provided for informational purposes only, and the information herein is subject to change without notice. Please report any errors herein to Oracle Corporation. Oracle Corporation does not provide any warranties covering and specifically disclaims any liability in connection with this document. Oracle and SQL*Plus are registered trademarks and Oracle8i and Net8 are trademarks or registered trademarks of Oracle Corporation. All other company and product names mentioned are used for identification purposes only and may be trademarks of their respective owners.