About Network Data Encryption

Similar Messages

• Is it possible to perform network data encryption between Oracle 11g databases without the advance security option?

  Is it possible to perform network data encryption between Oracle 11g databases without the advance security option?
  We are not licensed for the Oracle Advanced Security Option and I have been tasked to use Oracle Network Data Encryption in order to encryption network traffic between Oracle instances that reside on remote servers. From what I have read and my prior understanding this is not possible without ASO. Can someone confirm or disprove my research, thanks.

  Hi, Srini Chavali-Oracle
  As for http://www.oracle.com/technetwork/database/options/advanced-security/advanced-security-ds-12c-1898873.pdf?ssSourceSiteId… ASO is mentioned as TDE and Redacting Sensitive Data to Display. Network encryption is excluded.
  As for Network Encryption - Oracle FAQ (of course this is not Oracle official) "Since June 2013, Net Encryption is now licensed with Oracle Enterprise Edition and doesn't require Oracle Advanced Security Option." Could you clarify this? Thanks.

• Testing network data encryption

  Hi,
  My sqlnet.ora file contains also:
  TRACE_LEVEL_CLIENT = SUPPORT
  TRACE_DIRECTORY_CLIENT = c:\temp
  TRACE_FILE_CLIENT = sqlnet_encryption.trc
  SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256, AES192)
  SQLNET.ENCRYPTION_TYPES_SERVER= (3DES168)
  DIAG_ADR_ENABLED = OFFI want to test the network encryption. I have issued a select within hr schema (select * from employees), but when i access that .trc file, i can see it contains:
  [18-DEC-2012 20:51:04:002] naeecom: entry
  [18-DEC-2012 20:51:04:002] naeecom: Encryption inactive[18-DEC-2012 20:51:04:002] naeecom: exit
  [18-DEC-2012 20:51:04:002] naeccom: entry
  [18-DEC-2012 20:51:04:002] naeccom: Crypto-Checksumming inactive[18-DEC-2012 20:51:04:002] naeccom: exit
  [18-DEC-2012 20:51:04:002] na_tns: entry
  [18-DEC-2012 20:51:04:002] na_tns: Secure Network Services is available.
  [18-DEC-2012 20:51:04:002] nau_adi: entry
  [18-DEC-2012 20:51:04:002] nau_adi: exit
  [18-DEC-2012 20:51:04:002] na_tns:      authentication is active, using NTS
  [18-DEC-2012 20:51:04:002] na_tns:      encryption is not active
  [18-DEC-2012 20:51:04:002] na_tns:      crypto-checksumming is not active
  ...I want to know why it says encryption is not active, if i used Net Manager to specify encryption algorithms for both server and client.
  I have also restarted the database (shutdown / startup), with no effect (same 'encryption inactive').
  Thanks

  Hi, Srini Chavali-Oracle
  As for http://www.oracle.com/technetwork/database/options/advanced-security/advanced-security-ds-12c-1898873.pdf?ssSourceSiteId… ASO is mentioned as TDE and Redacting Sensitive Data to Display. Network encryption is excluded.
  As for Network Encryption - Oracle FAQ (of course this is not Oracle official) "Since June 2013, Net Encryption is now licensed with Oracle Enterprise Edition and doesn't require Oracle Advanced Security Option." Could you clarify this? Thanks.

• Need suggestion for data encryption

  Hello Experts,
  I need your expert opinion on one of the data encryption method. We have some legal compliance to implement data encryption as listed below, lets say we have to apply encryption on 2 tables (1) TAB_A (2) TAB_B.
  (1) Need data encryption on the TAB_A & TAB_B for 2-3 columns and not the entire table.
  (2) Data should not be in readable format, if anyone connect to database and query the table.
  (3) We have reporting services on our tables but reporting services doesn't connect to our schema directly rather they connect to a different schema to which we have given the table Select grant.
  (4) Reports should work as it is, and users should see the data in readable format only.
  (5) There are batch processes which generates the data into these tables and we are not allowed to make any changes to these batch processes.
  This is a business need which has to be delivered. I explored various options such as VPDs, Data encryption methods etc but honestly none of these are serving our business need. There is also a limitation of encrypting data as data volume of quiet high (30TB DB) and generally users query the data on millions of records at a time. Also reports have very tight SLAs as well. If we create any encryption wrapper then decrypt will take longer in reports and will cause the SLA miss for reports.
  Could someone please suggest any better solution to me or if something is inbuilt in Oracle? We are using Oracle 11g.
  Regds,
  Amit.

  you can read about Transparent Data Encryption
  Check
  http://docs.oracle.com/cd/B28359_01/network.111/b28530/asotrans.htm

• Data Encryption

  Hello.
  Although I red the docs about Transparent Data Encryption, Data Vault and some encryption packages, I could't find an info about how to encrypt data in tables so that when someone runs :
  SELECT username FROM sometableon the encrypted table where
  username is varchar2, he gets encrypted data,something like:
  username
  Ab34SferT
  ....Also it would be great if I could use WHERE clouse on the encrypted column in the query above using nonencrypted data format.
  something like :
  SELECT username FROM sometable WHERE username='JONES'and to get :
  username
  Ab34SferTIf I could achive this somehow, please explain me how.
  Thank You.

  Thank you damorgan, i was guessing dbms_crypto will do the trick.
  Also, does anyone have some good example doc about using dbms_crypto ?
  I searched the web but have found nothing containing explanation with good examples.
  Toni.

• IS Transperent Data Encryption is secure from DBA?

  Hi all,
  I want to encrypt some of data, for that i learn about Transperent Data Encryption, But i have doubt that TDE cant able to provide security against DBA.
  I want your valluable comment on this. and I want to know, is there any other way to secure my data From DBA except Database Vault?
  Thanks
  Message was edited by:
  Pratik Brahmbhatt

  Hi Sam,
  We use Oracle Applications 11.5.5 and 11.5.7 and DB 8.1.7.4.0 so TDE is not applicable for us.. but I think I got my objective (to encrypt and decrypt an attribute column) using the dbms_obfuscation_toolkit through the custom.pll
  There's only one thing to do, and its being a bit difficult for me to do it: how to capture the event KEY-EXIT (there/then is when I've planned to call the encrypt procedure)? That even is not in the "captured events list" for the custom.pll.
  Any ideas? How do you do when you want to make some operation in custom.pll corresponding with a KEY-EXIT event of a form?
  Thanks,
  Jose.

• WPA2 network authentication with AES Data Encryption

  I have tried unsuccessfully to connect with my university's network....they are running WPA2 with AES data encryption....authentication is Protected EAP (PEAP). Any ideas of the iPhone can connect to something like this?

  You've confirmed my suspicion. We use WPA2-Personal with AES Encryption as well and I just discovered after having bought my iPhone last night, that it will not connect. And yet every other WiFi device I own, including two Windows computers have no issue connecting to the same Access Point. Obviously the issue is with the iPhone and now I'll have to contact Apple to learn how the intend to resolve it.

• Encrypt all Network data problems

  Hi all,
  I am trying to securly connect to my friends computer over the internet.
  We are both using 10.4 and both running ARD.
  We can successfully connect and control each others computer when ARD security is set to 'encrypt all keystrokes and passwords' but the connection fails to connect when we try and use 'encrypt all network data'.
  We have port 22 open on our routers and also have selected the checkbox to allow remote login in the system preferences.
  I can connect via ssh to his account enabled for ARD and use terminal with normal UNIX restrictions, but we can't seem to get a successful connection with the full security settings in ARD.
  An anyone suggest what we may be doing wrong ?
  Thanks in advance
  mjharps

  Anyone else noticing this behavior?

• Listener Start Problem with TDE (Transparent Data Encryption)

  i am testing Transparent Data Encryption in Oracle 10g by using the following link
  http://oracle-base.com/articles/10g/TransparentDataEncryption_10gR2.php
  Before Implementing the TDE listener was running fine but after implementation of TDE the listener was unable to start
  Please check the steps which i follow
  Step1-
  specify the ENCRYPTION_WALLET_LOCATION parameter in the sqlnet.ora file, now SQLNET.ora file looks like the following
  SQLNET.AUTHENTICATION_SERVICES= (NTS)
  NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
  ENCRYPTION_WALLET_LOCATION=
  (SOURCE=(METHOD=FILE)(METHOD_DATA=
  (DIRECTORY=D:\oracle\product\10.2.0\wallet\)))
  please check the contents of listener.ora file,i didn't make any configuration changes for listener before or after implementation of TDE
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = D:\oracle\product\10.2.0\db_1)
  (PROGRAM = extproc)
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
  (ADDRESS = (PROTOCOL = TCP)(HOST = shakeel-pc.lhr.inov8.com.pk)(PORT = 1521))
  Step2-
  CONN sys/password AS SYSDBA
  ALTER SYSTEM SET ENCRYPTION KEY AUTHENTICATED BY "myPassword";
  TDE implemented successfuly implemented.
  But when i try to stop/start listener
  C:\>lsnrctl status
  LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 06-JUN-2008 05:44
  :30
  Copyright (c) 1991, 2005, Oracle. All rights reserved.
  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
  STATUS of the LISTENER
  Alias LISTENER
  Version TNSLSNR for 32-bit Windows: Version 10.2.0.1.0 - Produ
  ction
  Start Date 05-JUN-2008 22:40:14
  Uptime 0 days 7 hr. 4 min. 16 sec
  Trace Level off
  Security ON: Local OS Authentication
  SNMP OFF
  Listener Parameter File D:\oracle\product\10.2.0\db_1\network\admin\listener.o
  ra
  Listener Log File D:\oracle\product\10.2.0\db_1\network\log\listener.log
  Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC1ipc)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=shakeel-pc.lhr.inov8.com.pk)(PORT=15
  21)))
  Services Summary...
  Service "PLSExtProc" has 1 instance(s).
  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
  Service "orcl" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
  Service "orclXDB" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
  Service "orcl_XPT" has 1 instance(s).
  Instance "orcl", status READY, has 1 handler(s) for this service...
  The command completed successfully
  C:\>lsnrctl stop
  LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 06-JUN-2008 05:44
  :35
  Copyright (c) 1991, 2005, Oracle. All rights reserved.
  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
  The command completed successfully
  C:\>lsnrctl start
  [i]LSNRCTL for 32-bit Windows: Version 10.2.0.1.0 - Production on 06-JUN-2008 05:44
  :40
  Copyright (c) 1991, 2005, Oracle. All rights reserved.
  Starting tnslsnr: please wait...
  TNSLSNR for 32-bit Windows: Version 10.2.0.1.0 - Production
  System parameter file is D:\oracle\product\10.2.0\db_1\network\admin\listener.or
  a
  Log messages written to D:\oracle\product\10.2.0\db_1\network\log\listener.log
  Error listening on: (ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PARTIAL=yes)(QUEUESI
  ZE=1))
  No longer listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\E
  XTPROC1ipc)))
  TNS-12560: TNS:protocol adapter error
  TNS-00583: Valid node checking: unable to parse configuration parameters
  Listener failed to start. See the error message(s) above...
  To start the listener i have to close wallet as
  1- SQL>conn sys as sysdba
  ALTER SYSTEM SET WALLET CLOSE;
  2- Replace the SQLNET.ora file as previous ,now SQLNET.ora contains
  SQLNET.AUTHENTICATION_SERVICES= (NTS)
  NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
  Now if i start the listener then the listener was started succesfuly
  Please suggest why listener is not being start with TDE?

  I have the same problem. I'm testing TDE using Oracle 11gR1. After setting the parameter encryption_wallet_location and restart the listener, the listener failed to start. The error is exactly the same
  TNS-12560: TNS:protocol adapter error
  TNS-00583: Valid node checking: unable to parse configuration parameters
  By removing the parameter encryption_wallet_location, the listner can be started successfully.
  Anyone can help?

• Configuration of FP-Modules. In the catalog is something written about sending data on data change. There is a checkbox in the FP-Explorer but I can�t find a configuration menu in FP-Explorer to set the threshold value at which the data will be send.

  Configuration of FP-Modules. In the catalog is something written about sending data on data change. There is a checkbox in the FP-Explorer but I can�t find a configuration menu in FP-Explorer to set the threshold value at which the data will be send.

  : Configuration of FP-Modules. In the catalog is something written about sending data on data change. There is a checkbox in the FP-Explorer but I can�t find a configuration menu in FP-Explorer to set the threshold value at which the data will be send.The FP-1600 modules automatically send data on-change only. The change threshold is by default 0%. Any change, even a single least significant bit change, is sent back to the computer. If the FP-1600 firmware revision supports deadbanding (firmware revision 3.0.x and later, can be downloaded from ftp://ftp.ni.com/support/fieldpoint/Update/FPEthernet0320.zip ). Then on each analog channel or count channel you can specify a percentage change for deadbanding in FieldPoint Explorer. This is done on a channel by channel basis, by right-clicking on the particular IO module and choosing Edit this Device, then choosing Channel Configuration. Each channel (if it supports deadbanding) will have a deadband entry box on the middle right side of the screen).
  The FP-1000/1001 seri
  al network modules do not support deadbanding. The checkbox in FieldPoint Explorer is simply for how FieldPoint Explorer displays the data to the user and does not effect client programs nor the behavior of the network module itself.
  Regards,
  Aaron

• Data Encryption : Length of the result data in RAW

  Hello,
  I am pretty new in data encryption, and in 10g, I use package DBMS_CRYPTO.
  I have no problem with that.
  I want to save to encrypted data in a table.
  I think about using RAW columns.
  The origine strings are saved into VARCHAR2(4000).
  How can I roughly compute and figure out the number of RAWs resulting of the encryption? Is there a kind of formula ?
  Is this connected with the length of the encryption key?
  Thanks a lot,
  Olivier

  Hi Murali,
  Thanks for your reply.
  Yes that's why I found it was weird.
  I always have a nice pop up window when click "Data Mart Status of The Request"...
  usually.
  It also didn't happen to all ODS/Cube,
  some of it still shows a nice pop up window,
  for loading using InfoPackage or DTP.
  So it's not a system problem... there's still pop up window.
  However in particular ODS/Cube,
  the symbol is correct - that data has been loaded,
  but there's no Pop Up window.

• General review of Transparent Data Encryption (TDE) and performance of...

  I understand that the implementation of just about any database encryption solution, is going to result in a some degree of a performance hit, especially as searches are performed against the database, but none-the-less, we are thinking about implementing the Oracle TDE solution and as recommended, just isolating encryption needs to ONLY necessary columns of data - in our case, columns pertaining to private ASNWER (results) data and/or PII (Pers. Ident. Info.). This being said, is anyone else doing something similar with TDE, or does anyone have any pointers up front on what to look out for, what to expect, and how they are operating with TDE. (Just reaching out for some thoughts, insight, comments, and/or warnings)... Thank you very much. - Jason

  Yes, we have many customers using it, please check my updated TDE best practices paper; it has lots of hints and tricks and things to look out for:
  Available from http://www.oracle.com/technology/deploy/security/database-security/transparent-data-encryption/index.html (scroll down, please).
  Thanks, Peter

• Transparent Data Encryption Configuration

  Hi,
  I want to configure Transparent Data Encryption on a Database which is protected with Database Vault.
  Is there any document which talks about the integration of Database Vault with Transparent Data Encryption.
  I want to create a common security administrator user (other than sys/system users) for Transparent Data Encryption configuration.
  If i create a new administrator from Enterprise Manager console i am getting the following error:
  SQL Error ORA-47401: Realm violation for grant system privilege on SELECT ANY DICTIONARY. ORA-06512: at "SYSMAN.MGMT_USER", line 9316 ORA-06512
  How to avoid this error.
  Any pointers on this is appreciated.
  Thanks & regards,
  Srikanth

  Turning off DBVault is not needed to turn on TDE ... the DB user who wants to manage the DB through Enterprise Manager, needs to have the SELECT ANY DICTIONARY privilege (I think I remember this is done by logging into EM (not DVA) as DBV_OWNER, or DV_ACCT_MNGR if you have configured one).
  If then the creation of the wallet fails, make the user an OWNER of the DATA DICTIONARY realm in DBVault. Note that the directory that you plan to use to store the wallet needs to exist before you create the wallet and master key for TDE.
  Peter
  Edited by: Peter Wahl on 03.07.2010 02:20

• Tablespace data encryption

  HI ,
  i was reading about the tablespace data encryption in oracle applications 11i.so i have certain doubts.please clear my doubts.
  * Is it necessary that the whenever we startup the database we need to open the wallet in order to allow the users to access the table data or privileged users will be capable of accessing the table data
  * How the privileged users will be getting authenticated to access the table data
  Normally when we encrpt the create the wallet is it necessary that we should encrypt the table data
  What is the purpose of opening the wallet.If we open the wallet is it necessary that we have to decrpt the table data or opening the wallet i more enough to aoolow the users to access the table data
  please clear my confusions
  Regards
  Aram

  Hi Rajeesh,
  Thanks for the link to the tutorial. I went through the steps and got to the part where you actually create the encrypted tablespace. I skipped the column encryption since I will not be using that method. The tablespace creation failed via EM as it has before so I tried it at the command prompt as directed in the tutorial. It failed as well as it has before:
  SQL> create tablespace obe datafile '/u01/oradata/test/obe.dbf' size 100M
  2 encryption default storage (encrypt);
  create tablespace obe datafile '/u01/oradata/test/obe.dbf' size 100M
  ERROR at line 1:
  ORA-28374: typed master key not found in wallet
  I suspect re-keying will fail as well. Are there additional log files with more detail in them that might hint at the problem?
  Thanks.
  Dan.

• Transparent Data Encryption vs. OS level encryption

  Can someone help me by posting few URLs to read about Oracle's Transparent Data Encryption vs. OS Level Encryption (Win 2003 server)? We are trying to choose an option and go with it. I'm looking for a comparative analysis doc (Oracle 10.2.0.2 on MS Win 2003 Server), or if you can give me pros and cons for each of those options.
  Many thanks in advance,
  Dejan

  http://www.oracle.com/technology/deploy/security/database-security/transparent-data-encryption/index.html