Dear Readers,
My name is Franz Devantier, creator of this blog. I am an Oracle Certified
Professional (OCP DBA 11g) Security DBA.
I will be sharing with you the basic duties of an Oracle DBA, and also
some of the undocumented, and not so well known tasks.
I will make a deal with you: If you refer me to a company that needs
database support, from a few hours per week to full time, and I am able to sign
a contract with them.
Then I will give you 10% of the monthly
contract or deal price every month. When
the contract ends, and we re-sign the contract, I will again give you 10% of
the monthly contract price. This will go
on until the company no longer employs or contracts me or my agents to look
after their databases.
I can do this, because that 10% is my
marketing budget. When we re-sign the
contract, in the future, it may depend on you giving the thumbs up again, and
that is worth 10% of the monthly contract price, to be given to you as
commission.
Contact:
Franz
Security,
Authentication Methods - Part 3
Kerberos Authentication
Kerberos uses a trusted third-party authentication
system. Kerberos is a system that relies
on shared secrets. The assumption is
that the third party is secure. Kerberos
provides a single sign-on capability, centralized password storage, database
link authentication, and enhanced workstation security. It all works through a Cybersafe Active
trust, which is a commercial Kerberos-based authentication server. Or it could also work through a Kerberos
authentication server.
PKI-Based Authentication
PKI-based authentication does not directly involve an
authentication server. PKI issues
digital certificates to user clients, who use them to authenticate directly to
servers in the enterprise.
Oracle provides a PKI for public keys and certificates,
which consists of the following components:
·
Authentication and
secure session key management using the SSL protocol
·
User-specified data is
signed using a private key and a certificate, and are enabled through Oracle
Call Interface (OCI) and PL/SQL functions
·
Trusted certificates
are used to identify third-party entities that are trusted as signers of user
certificates when an identity is being validated. During the validation of the user
certificate, the signer is checked by using trust points or a trusted
certificate chain of certificate authorities, stored in the validating system. In the case where there are several levels of
trusted certificates in the chain, then a trusted certificate at the lower or
lowest level, is trusted, without needing to have all its higher-level
certificates re-verified
·
Oracle wallets are
data structures that contain the private key of a user, a user certificate, and
the set of trust points of a user. The
set of trust points of a user is the trusted certificate authorities
·
OracleAS Certificate
Authority is a component of the Oracle Identity Management infrastructure,
which provides an integrated solution, and provisions X.509 versiion 3
certificates for individuals, applications, and servers that require
certificates for PKI based operations such as authentication, SSL, S/MIME, etc.
·
Oracle Wallet Manager
is a standalone Java application used to manage and edit the security
credentials in Oracle Wallets. Oracle
Wallet manager performs a number of operations:
o
It protects user keys
o
It manages X509
version 3 certificates on Oracle clients and servers
o
It generates a
public-private key pair and creates a certificate request for submission to a
dertificate authority
o
It installs a
certificate for the entity
o
It configures trusted
certificates for the entity
o
It creates wallets
o
It opens wallets to
enable access to PKI based services
o
It obtains X.509
version 3 certificates from a trusted entity that signs the certificate, for
example a certificate authority
Because the certificate authority is
trusted, these certificates certify that the requesting entity’s information is
correct, and that the public key on the certificate belongs to the identified
entity. Such a certificate is them
loaded into an Oracle Wallet to enable future authentication
Oracle Public Key Infrastructure
·
Authentication with
RADIUS: Oracle supports remote authentication
of users through the Remote Authentication Dial-In User Service (RADIUS). RADIUS is
a standard lightweight protocol used for user authentication, authorization,
and accounting.
Franz Devantier,
Need a database health check, or a security audit?
devantierf@gmail.com
Classifieds
No comments:
Post a Comment