PK `UIoa,mimetypeapplication/epub+zipPK`UIOEBPS/tdpsg_install_config.htmse Securing the Database Installation and Configuration

2 Securing the Database Installation and Configuration

This chapter contains:

About Securing the Database Installation and Configuration

After you install Oracle Database, you should secure the database installation and configuration. The methods in this chapter describe commonly used ways to do this, all of which involve restricting permissions to specific areas of the database files.

Oracle Database is available on several operating systems. Consult the following guides for detailed platform-specific information about Oracle Database:

Enabling the Default Security Settings

When you create a new database or modify an existing database, you can use the Security Settings window in Database Configuration Assistant (DBCA) to enable or disable the default security settings. Oracle recommends that you enable these settings. These settings enable the following default security settings:

To enable the default profile security settings using Database Configuration Assistant:

  1. Start Database Configuration Assistant:

    • UNIX: Enter the following command at a terminal window:

      dbca
      

      Typically, dbca is in the $ORACLE_HOME/bin directory.

    • Windows: From the Start menu, click All Programs. Then click Oracle - ORACLE_HOME, then Configuration and Migration Tools, and then Database Configuration Assistant.

      Alternatively, you can start Database Configuration assistant at a command prompt:

      dbca
      

      As with UNIX, typically, dbca is in the ORACLE_BASE\ORACLE_HOME\bin directory.

  2. In the Welcome window, click Next.

    The Operations window appears.

  3. Select Configure Database Options, and then click Next.

    The Database window appears.

  4. Select the database that you want to configure, and then click Next.

    The Security Settings window appears.

  5. Select the Keep the enhanced 11g default security settings (recommended). These settings include enabling auditing and a new default password profile option.

  6. Click Next.

    The Database Components window appears.

  7. Select any additional options, and then click Next. Answer the remaining questions as necessary.

  8. Click Finish.

Securing the Oracle Data Dictionary

This section describes how you can secure the data dictionary. The data dictionary is a set of database tables that provide information about the database, such as schema definitions or default values.

This section contains:

About the Oracle Data Dictionary

The Oracle data dictionary is a set of database tables that provides information about the database. A data dictionary has the following contents:

  • The definitions of all schema objects in the database (tables, views, indexes, clusters, synonyms, sequences, procedures, functions, packages, triggers, and so on)

  • The amount of space allocated for, and is currently used by, the schema objects

  • Default values for columns

  • Integrity constraint information

  • The names of Oracle Database users

  • Privileges and roles granted to each user

  • Auditing information, such as who has accessed or updated various schema objects

  • Other general database information

The data dictionary tables and views for a given database are stored in the SYSTEM tablespace for that database. The data dictionary is structured in tables and views, just like other database data. All the data dictionary tables and views for a given database are owned by the user SYS. Connecting to the database with the SYSDBA privilege gives full access to the data dictionary. Oracle strongly recommends limiting access to the SYSDBA privilege to only those operations necessary such as patching and other administrative operations. The data dictionary central to every Oracle database.

You can use SQL statements to access the data dictionary. Because the data dictionary is read only if you do not connect with the SYSDBA privilege, you can issue only queries (SELECT statements) against its tables and views. Be aware that not all objects in the data dictionary are exposed to users. A subset of data dictionary objects, such as those beginning with USER_% are exposed as read only to all database users.Oracle Database Reference provides a list of database views that you can query to find information about the data dictionary.

Example 2-1 shows how you can find a list of database views specific to the data dictionary by querying the DICTIONARY view.

Example 2-1 Finding Views That Pertain to the Data Dictionary

SQLPLUS SYSTEM
Enter password: password
Connected.

SQL> SELECT TABLE_NAME FROM DICTIONARY;

Enabling Data Dictionary Protection

You can protect the data dictionary by enabling the O7_DICTIONARY_ACCESSIBILITY initialization parameter. This parameter prevents users who have the ANY system privilege from using those privileges on the data dictionary, that is, on objects in the SYS schema.

Oracle Database provides highly granular privileges. One such privilege, commonly referred to as the ANY privilege, is typically granted to only application owners and individual database administrators. For example, you could grant the DROP ANY TABLE privilege to an application owner. You can protect the Oracle data dictionary from accidental or malicious use of the ANY privilege by turning on the 07_DICTIONARY_ACCESSIBILITY initialization parameter.

To enable data dictionary protection:

  1. Start Oracle Enterprise Manager Database Control (Database Control).

    See Oracle Database 2 Day DBA for instructions about how to start Database Control.

  2. Log in as SYS and connect with the SYSDBA privilege.

    • User Name: Enter the name of a user has administrative privileges. In this case, you enter SYS.

    • Password: Enter the user's password.

    • Connect As: From the list, select either SYSDBA, SYSOPER, or Normal. In this case, you select SYSDBA.

    The Oracle Enterprise Manager Database Home page (Database Home page) appears.

  3. Click Server to display the Server subpage.

  4. In the Database Configuration section, click Initialization Parameters.

    The Initialization Parameters page appears.

  5. In the list, search for O7_DICTIONARY_ACCESSIBILITY.

    In the Name field, enter O7_ (the letter O), and then click Go. You can enter the first few characters of a parameter name. In this case, O7_ displays the O7_DICTIONARY_ACCESSIBILTY parameter.

    Depending on the parameter, you may have to modify the value from the SPFile subpage. Click the SFFile tab to display the SPFile subpage.

  6. Set the value for O7_DICTIONARY_ACCESSIBILTY to FALSE.

  7. Click Apply.

  8. Restart the Oracle Database instance.

    1. Click the Database Instance link.

    2. Click Home to display the Database Control home page.

    3. Under General, click Shutdown.

    4. In the Startup/Shutdown Credentials page, enter your credentials.

      See Oracle Database 2 Day DBA for more information.

    5. After the shutdown completes, click Startup.

After you set the O7_DICTIONARY_ACCESSIBILTY parameter to FALSE, only users who have the SELECT ANY DICTIONARY privilege and those users authorized to make DBA-privileged (for example CONNECT / AS SYSDBA) connections can use the ANY system privilege on the data dictionary. If the O7_DICTIONARY_ACCESSIBILITY parameter is not set to FALSE, then any user with a DROP ANY TABLE (for example) system privilege can drop parts of the data dictionary.


Note:


Guidelines for Securing Operating System Access to Oracle Database

You can secure access to Oracle Database on the operating system level by following these guidelines:

Guideline for Granting Permissions to Run-Time Facilities

Many Oracle Database products use run-time facilities such as Oracle Java Virtual Machine (OJVM). Do not assign all permissions to a database run-time facility. Instead, grant specific permissions to the explicit document root file paths for facilities that might run files and packages outside the database.

Here is an example of a vulnerable run-time call, in which individual files are specified:

call dbms_java.grant_permission('wsmith',
 'SYS:java.io.FilePermission','filename','read');

The following example is a better (more secure) run-time call, which specifies a directory path (in bold typeface) instead.

call dbms_java.grant_permission('wsmith', 
 'SYS:java.io.FilePermission','directory_path','read');

Initialization Parameters Used for Installation and Configuration Security

Table 2-2 lists initialization parameters that you can set to better secure your Oracle Database installation and configuration.

Table 2-2 Initialization Parameters Used for Installation and Configuration Security

Initialization ParameterDefault SettingDescription

SEC_RETURN_SERVER_RELEASE_BANNER

FALSE

Controls the display of the product version information, such as the release number, in a client connection. An intruder could use the database release number to find information about security vulnerabilities that may be present in the database software. You can enable or disable the detailed product version display by setting this parameter.

See Oracle Database Security Guide for more information about this and similar parameters. Oracle Database Reference describes this parameter in detail.

O7_DICTIONARY_ACCESSIBILITY

FALSE

Controls restrictions on SYSTEM privileges. See "Enabling Data Dictionary Protection" for more information about this parameter. Oracle Database Reference describes this parameter in detail.



See Also:

Oracle Database Reference for more information about initialization parameters

Modifying the Value of an Initialization Parameter

This section explains how to use Database Control to modify the value of an initialization parameter. To find detailed information about the initialization parameters available, see Oracle Database Reference.

To modify the value of an initialization parameter:

  1. Start Database Control.

  2. Log in as user SYS with the SYSDBA privilege.

    • User Name: SYS

    • Password: Enter your password.

    • Connect As: SYSDBA

  3. Click Server to display the Server subpage.

  4. In the Database Configuration section, click Initialization Parameters.

    The Initialization Parameters page appears.

  5. In the Name field, enter the name of the parameter to change, and then click Go.

    You can enter the first few letters of the parameter, for example, SEC_RETURN if you are searching for the SEC_RETURN_SERVER_RELEASE_NUMBER parameter. Alternatively, you can scroll down the list of parameters to find the parameter you want to change.

    Depending on the parameter, you might have to modify the value from the SPFile subpage. Click the SFFile tab to display the SPFile subpage.

  6. In the Value field, either enter the new value or if a list is presented, select from the list.

  7. Click Apply.

  8. If the parameter is static, restart the Oracle Database instance.

    To find out if an initialization parameter is static, check its description in Oracle Database Reference. If the Modifiable setting in its summary table shows No, then you must restart the database instance.

    1. Click the Database Instance link.

    2. Click Home to display the Database Control home page.

    3. Under General, click Shutdown.

    4. In the Startup/Shutdown Credentials page, enter your credentials.

      See Oracle Database 2 Day DBA for more information.

    5. After the shutdown completes, click Startup.

PKssPK`UIOEBPS/tdpsg_auditing.htm Auditing Database Activity

7 Auditing Database Activity

This chapter contains:


See Also:


About Auditing

Auditing is the monitoring and recording of selected user database actions. You can use standard auditing to audit SQL statements, privileges, schemas, objects, and network and multitier activity. In standard auditing, you use initialization parameters and the AUDIT and NOAUDIT SQL statements to audit SQL statements, privileges, and schema objects, as well as network and multitier activities.

There are also activities that Oracle Database always audits, regardless of whether or not auditing is enabled. These activities are administrative privilege connections, database startups, and database shutdowns. See Oracle Database Security Guide for more information.

Another type of auditing is fine-grained auditing. Fine-grained auditing enables you to audit at the most granular level, data access, and actions based on content, using Boolean measurement, such as value > 1000. You can use fine-grained auditing to audit activities based on access to or changes in a column. You can create security policies to trigger auditing when someone accesses or alters specified elements in an Oracle database, including the contents within a specified object. You can create policies that define specific conditions that must take place for the audit to occur. For example, you can audit a particular table column to find out when and who tried to access it during a specified period of time. Furthermore, you can create alerts that are triggered when the policy is violated, and write this data to a separate audit file. Oracle Database Security Guide explains how to perform fine-grained auditing.

Why Is Auditing Used?

You typically use auditing to perform the following activities:

Where Are Standard Audited Activities Recorded?

Oracle Database records audit activities in audit records. Audit records provide information about the operation that was audited, the user performing the operation, and the date and time of the operation. Audit records can be stored in either a data dictionary table, called the database audit trail, or in operating system files, called an operating system audit trail. Oracle Database also provides a set of data dictionary views that you can use to track suspicious activities. See Oracle Database Security Guide for more information about these views.

When you use standard auditing, Oracle Database writes the audit records to either to DBA_AUDIT_TRAIL (the SYS.AUD$ Table), the operating system audit trail, or to the DBA_COMMON_AUDIT_TRAIL view, which combines standard and fine-grained audit log records.

In addition, the actions performed by administrators are recorded in the syslog audit trail.

Auditing General Activities Using Standard Auditing

This section explains how to use standard auditing to audit activities performed on SQL statements, privileges, schema objects, and network or multitier activities.

This section contains:


See Also:

Oracle Database Security Guide for detailed information about managing the standard audit trail

About Standard Auditing

In standard auditing, you enable auditing of SQL statements, privileges, schema objects, and network or multitier activities. You can direct the audit for a specific schema table if you want. To perform this type of audit, you use Database Control.

Standard audit records can be written either to DBA_AUDIT_TRAIL (the SYS.AUD$ table), the operating system audit trail, or to the DBA_COMMON_AUDIT_TRAIL view, which combines standard and fine-grained audit log records.

Enabling or Disabling the Standard Audit Trail

Before you perform the standard auditing procedures described in this section, you must enable standard auditing. When you enable standard auditing, you can create the audit trail in the database audit trail or write the audit activities to an operating system file. If you write to an operating system file, you can create the audit record in text or XML format.

To enable or disable the standard audit trail:

  1. Start Database Control.

  2. Log in as SYS and connect with the SYSDBA privilege.

    • User Name: SYS

    • Password: Enter your password.

    • Connect As: SYSDBA

  3. Click Server to display the Server subpage.

  4. In the Database Configuration section, click Initialization Parameters.

    The Initialization Parameters page appears.

  5. Click SPFile to display the SPFile subpage.

    If the SPFile tab does not display in your installation, then you did not install Oracle Database using a server parameters file. Go to the next step.

  6. In the Name field, enter audit_trail to find the AUDIT_TRAIL parameter, and then click Go.

    You can enter the first few characters of the parameter, for example, AUDIT_. Alternatively, you can scroll down the list of parameters to find the AUDIT_TRAIL parameter.

  7. In the Value field, select one of the following values:

    • DB: Enables database auditing and directs all audit records to the database audit trail (SYS.AUD$), except for records that are always written to the operating system audit trail. (This value is the default if you created the database using Database Configuration Assistant. Otherwise, the default is NONE.))

    • OS: Enables database auditing and directs all audit records to an operating system file. If you are using a highly secure database configuration, Oracle recommends that you use this setting because it reduces the likelihood of a Denial of Service (DoS) attack. This setting also makes it easier to secure the audit trail. If the auditor is distinct from the database administrator, you must use the operating system setting. Any auditing information stored in the database is viewable and modifiable by the database administrator.

      To specify the location of the operating system audit record file, set the AUDIT_FILE_DEST initialization parameter. The default directory is $ORACLE_HOME/rdbms/audit.

    • NONE: Disables standard auditing. (This value is the default if you created the database using a method other than Database Configuration Assistant. Otherwise, the default is DB.)

    • DB, EXTENDED: Performs all actions of the AUDIT_TRAIL=DB setting and also populates the SQL bind and SQL text CLOB-type columns of the SYS.AUD$ table, when available. (These two columns are populated only when this parameter is specified.)

    • XML: Writes to the operating system audit record file in XML format. Prints all elements of the AuditRecord node except Sql_Text and Sql_Bind to the operating system XML audit file.

    • EXTENDED: Specifies XML, EXTENDED, which performs all actions of XML and also populates the SQL bind and SQL text CLOB-type columns of the SYS.AUD$ table, wherever possible. (These columns are populated only when this parameter is specified.)

  8. Click Apply.

  9. Restart the Oracle Database instance:

    1. Click the Database Instance link.

    2. Click Home to display the Database Control home page.

    3. Under General, click Shutdown.

    4. In the Startup/Shutdown Credentials page, enter your credentials.

      See Oracle Database 2 Day DBA for more information.

    5. After the shutdown completes, click Startup.

Note the following:

  • You do not need to restart the database if you change the auditing of objects. You only need to restart the database if you made a universal change, such as turning on or off all auditing.

  • You do not need to set AUDIT_TRAIL to enable either fine-grained auditing or SYS auditing. (SYS auditing enables you to monitor the activities of a system administrator. See Oracle Database Security Guide for more information.) For fine-grained auditing, you add and remove fine-grained auditing policies as necessary, applying them to the specific operations or objects you want to monitor. You can use the AUDIT_SYS_OPERATIONS parameter to enable and disable SYS auditing.

Using Default Auditing for Security-Relevant SQL Statements and Privileges

This section explains how you can enable the Oracle-recommended audit parameters. It covers the following topics:

About Default Auditing

When you create a new database or modify an existing database, you use the Security Settings window in Database Configuration Assistant (DBCA) to enable or disable its default security settings. This section explains how to start DBCA and enable the default security settings. Oracle recommends that you enable these settings. When these settings are enabled, Oracle Database audits some of the security-relevant SQL statements and privileges. It also sets the AUDIT_TRAIL initialization parameter to DB. If you decide to use a different auditing option, for example, OS if you want to write the audit trail records to operating system files, you can do that: Oracle Database continues to audit the privileges that are audited by default. If you disable auditing by setting the AUDIT_TRAIL parameter to NONE, then no auditing takes place.

Oracle Database audits the AUDIT ROLE SQL statement by default. The privileges that are audited by default are as follows:

ALTER ANY PROCEDURECREATE ANY LIBRARYDROP ANY TABLE
ALTER ANY TABLECREATE ANY PROCEDUREDROP PROFILE
ALTER DATABASECREATE ANY TABLEDROP USER
ALTER PROFILECREATE EXTERNAL JOBEXEMPT ACCESS POLICY
ALTER SYSTEMCREATE PUBLIC DB LINKGRANT ANY OBJECT PRIVILEGE
ALTER USERCREATE SESSIONGRANT ANY PRIVILEGE
AUDIT SYSTEMCREATE USERGRANT ANY ROLE
CREATE ANY JOBDROP ANY PROCEDURE

Oracle Database also audits all privileges and statements that have the BY ACCESS clause.

If you are concerned that auditing these statements and privileges will adversely affect your applications, you can disable auditing by using Database Configuration Assistant (DBCA). When you modify your applications to use auditing, you can reenable the default auditing of these statements and privileges.

Oracle strongly recommends that you enable auditing by default. Auditing is an effective method of enforcing strong internal controls so that your site can meet its regulatory compliance requirements, as defined in the Sarbanes-Oxley Act. This enables you to monitor business operations and catch any activities that may deviate from company policy. Doing so translates into tightly controlled access to your database and the application software, ensuring that patches are applied on schedule, and preventing ad hoc changes. By enabling auditing by default, you can generate an audit record for audit and compliance personnel. However, be aware that auditing may affect database performance.


See Also:

Oracle Database SQL Language Reference for detailed information about the SQL statements described in this section and the AUDIT_TRAIL initialization parameter

Enabling Default Auditing

This section explains how to use Database Configuration Assistant to enable default auditing.

To enable the default profile security settings using Database Configuration Assistant:

  1. Start Database Configuration Assistant:

    • UNIX: Enter the following command at a terminal window:

      dbca
      

      Typically, dbca is in the $ORACLE_HOME/bin directory.

    • Windows: From the Start menu, click All Programs. Then click Oracle - ORACLE_HOME, Configuration and Migration Tools, and then Database Configuration Assistant.

      Alternatively, you can start Database Configuration assistant at a command prompt:

      dbca
      

      As with UNIX, typically, dbca is in the ORACLE_BASE\ORACLE_HOME\bin directory.

  2. In the Welcome window, click Next.

    The Operations window appears.

  3. From the list, select Configure Database Options, and then click Next.

    The Database window appears.

  4. From the list, select the current database instance, and then click Next.

    The Management Options window appears next.

  5. Select Keep the database configured with Database Control.

    The Security Settings page appears.

  6. Select the security option you prefer, and then click Next.

    Oracle recommends that you take advantage of the enhanced security settings for this release.

    The Database Components page appears.

  7. Click Next.

    The Connection Mode page appears.

  8. Select either Dedicated Server Mode or Shared Server Mode (depending on the selection you made when you created this database), click Finish, and then click OK in the confirmation prompts.

Individually Auditing SQL Statements

The SQL statements that you can audit are in the following categories:

  • DDL statements. For example, enabling the auditing of tables (AUDIT TABLE) audits all CREATE and DROP TABLE statements

  • DML statements. For example, enabling the auditing of SELECT TABLE audits all SELECT ... FROM TABLE/VIEW statements, regardless of the table or view

Statement auditing can be broad or focused, for example, by auditing the activities of all database users or of only a select list of users.


See Also:

Oracle Database Security Guide for detailed information about auditing SQL statements

Individually Auditing Privileges

Privilege auditing is a way to audit statements that can use a system privilege, such as the SELECT ANY TABLE statement. You can audit the use of any system privilege. Similar to statement auditing, privilege auditing can audit the activities of all database users or of only a specified list. As with SQL statement auditing, you use the AUDIT and NOAUDIT statements to enable and disable privilege auditing. In addition, you must have the AUDIT SYSTEM system privilege before you can enable auditing.

Privilege audit options match the corresponding system privileges. For example, the option to audit use of the DELETE ANY TABLE privilege is DELETE ANY TABLE. For example:

AUDIT DELETE ANY TABLE BY ACCESS WHENEVER NOT SUCCESSFUL;

To audit all successful and unsuccessful uses of the DELETE ANY TABLE system privilege, enter the following statement:

AUDIT DELETE ANY TABLE;

To audit all unsuccessful SELECT, INSERT, and DELETE statements on all tables and unsuccessful uses of the EXECUTE PROCEDURE system privilege, by all database users, and by individual audited statement, issue the following statement:

AUDIT SELECT TABLE, INSERT TABLE, DELETE TABLE, EXECUTE PROCEDURE BY ACCESS WHENEVER NOT SUCCESSFUL;

See Also:

Oracle Database Security Guide for detailed information about auditing privileges

Using Proxies to Audit SQL Statements and Privileges in a Multitier Environment

You can audit the activities of a client in a multitier environment by specifying a proxy in the Add Audited Statements or Add Audited Privileges page in Database Control. In a multitier environment, Oracle Database preserves the identity of the client through all tiers. Thus, you can audit actions performed on behalf of the client by a middle-tier application.

The middle tier can also set the user client identity in a database session, enabling the auditing of user actions through the middle-tier application. The user client identity then shows up in the audit trail.

You can use the SQL AUDIT statement to audit the activities of a client in a multitier environment. To do so, use the BY PROXY clause in the AUDIT statement.

For example, to audit SELECT TABLE statements issued on behalf of client jackson by the proxy application server appserve:

AUDIT SELECT TABLE BY jackson ON BEHALF OF appserve;

Afterward, user jackson can connect using the appserve proxy user as follows:

CONNECT appserve[jackson]
Enter password: password

See Also:

Oracle Database Security Guide for detailed information about auditing in a multitier environment

Individually Auditing Schema Objects

Schema object auditing can audit all SELECT and DML statements permitted by schema object privileges, such as SELECT or DELETE statements on a particular table. The GRANT and REVOKE statements that control those privileges are also audited.


See Also:

Oracle Database Security Guide for detailed information about auditing schema objects

Auditing Network Activity

You can use the AUDIT statement to audit unexpected errors in network protocol or internal errors in the network layer. The types of errors uncovered by network auditing are not connection failures, but can have several other possible causes. One possible cause is an internal event set by a database engineer for testing purposes. Other causes include conflicting configuration settings for encryption, such as the network not finding the information required to create or process expected encryption.

To enable network auditing:

  1. Start SQL*Plus and log on with administrative privileges, such as SYSTEM, or as a security administrator. For example:

    SQLPLUS SYSTEM
    Enter password: password
    

    SQL*Plus starts, connects to the default database, and then displays a prompt.

    For detailed information about starting SQL*Plus, see Oracle Database 2 Day DBA.

  2. Enter the following statement:

    AUDIT NETWORK;
    

    To disable network auditing, enter the following:

    NOAUDIT NETWORK;
    
  3. Exit SQL*Plus:

    EXIT
    

See Also:

Oracle Database Security Guide for detailed information about auditing network activity

Tutorial: Creating a Standard Audit Trail

Suppose you wanted to audit SELECT statements on the OE.CUSTOMERS table. In this tutorial, you enable standard auditing, enable auditing for the SELECT SQL statement, run the SELECT SQL statement on the OE.CUSTOMERS table, and then check its audit file.

In this tutorial:

Step 1: Log In and Enable Standard Auditing

First, log in, and, if necessary, enable standard auditing.

To enable standard auditing:

  1. Start Database Control.

  2. Log in as SYS and connect with the SYSDBA privilege.

    • User Name: SYS

    • Password: Enter your password.

    • Connect As: SYSDBA

  3. Click Server to display the Server subpage.

  4. In the Database Configuration section, click Initialization Parameters.

    The Initialization Parameters page appears.

  5. Click SPFile to display the SPFile subpage.

    If the SPFile tab does not display in your installation, then you did not install Oracle Database using a server parameters file. Go to the next step.

  6. In the Name field, enter AUDIT_TRAIL to find the AUDIT_TRAIL parameter, and then click Go.

    You can enter the first few characters of the parameter, for example, AUDIT. Alternatively, you can scroll down the list of parameters to find the AUDIT_TRAIL parameter. To sort the list of parameters in alphabetical order, click the Name column.

  7. In the Value field, make a note of the current audit setting, and then select the DB (Database) option.

    The DB option enables database auditing and directs all audit records to the database audit trail (SYS.AUD$), except for records that are always written to the operating system audit trail. DB_EXTENDED has this functionality, plus it records SQL text and SQL bind variables.

  8. Click Apply.

  9. Restart the Oracle Database instance.

    1. Click the Database Instance link.

    2. Click Home to display the Database Control home page.

    3. Under General, click Shutdown.

    4. In the Startup/Shutdown Credentials page, enter your credentials.

      See Oracle Database 2 Day DBA for more information.

    5. After the shutdown completes, click Startup.

Step 2: Enable Auditing for SELECT Statements on the OE.CUSTOMERS Table

Next, enable auditing for SELECT statements on the OE.CUSTOMERS table.

To enable auditing of SELECT statements for the OE.CUSTOMERS table:

  1. Ensure that the sample user sec_admin exists.

    Log on as SYSTEM, and then from the Database Control home page, click Server to display the Server subpage. Select Users under Security, and check the list of accounts for sec_admin. "Step 1: Create a Security Administrator Account" explains how to create the sec_admin security administrator account.

  2. Grant sec_admin the SELECT privilege on the OE.CUSTOMERS table.

  3. Log in to Database Control as user sec_admin.

  4. Click Server to display the Server subpage.

  5. In the Security section, click Audit Settings.

    The Audit Settings page appears.

  6. Select the Audited Objects subpage.

  7. Click Add.

    The Add Audited Object page appears.

  8. Enter the following information:

    • Object Type: Select Table.

    • Table: Enter OE.CUSTOMERS.

    • Available Statements: Select SELECT, and then click Move to move it to the Selected Statements list.

  9. Click OK.

  10. Shut down the database instance and then restart it.

    1. In the upper, right corner of the Database Control page, select Logout.

    2. Click Login.

    3. In the Login page, enter the following login information:

      User Name: SYS

      Password: The password of the system administrator

      Connect As: SYSDBA

      Use the SYSDBA system privilege to shut down and restart the database.

    4. Under General, click Shutdown.

    5. In the Startup/Shutdown Credentials page, enter your credentials.

      See Oracle Database 2 Day DBA for more information.

    6. After the shutdown completes, click Startup.

    7. Exit Database Control.

Step 3: Test the Audit Settings

At this stage, auditing is enabled and any SELECT statements performed on the OE.CUSTOMERS table are written to the to DBA_AUDIT_TRAIL view. Now, you are ready to test the audit settings.

To test the audit settings:

  1. Start SQL*Plus, and connect as user sec_admin.

    SQLPLUS sec_admin
    Enter password: password
    
  2. Enter the following SELECT statement to create an alert in the audit trail:

    SELECT COUNT(*) FROM oe.customers;
    
  3. Enter the following statement to view the DBA_AUDIT_TRAIL view:

    SELECT USERNAME, TIMESTAMP FROM DBA_AUDIT_TRAIL;
    

    Output similar to the following should display:

    USERNAME          TIMESTAMP
    ---------------------------
    SEC_ADMIN         07-MAY-08
    
  4. Exit SQL*Plus:

    EXIT
    

Step 4: Optionally, Remove the Components for This Tutorial

Optionally, remove the audit settings you created earlier.

To remove the audit settings in Database Control:

  1. Log in to Database Control using administrative privileges.

  2. Go to the Database Control home page.

  3. Click Server to display the Server subpage.

  4. In the Security section, click Audit Settings.

    The Audit Settings page appears.

  5. Select the Audited Objects subpage.

  6. Under Schema, enter OE.

  7. Under Object Name, enter CUSTOMERS.

  8. Click Search.

  9. Select the box next to the OE.CUSTOMERS audited schema, and then click Remove.

    A Confirmation dialog box appears.

  10. Select Yes.

  11. Exit Database Control.

To set AUDIT_TRAIL to its original value:

Step 5: Remove the SEC_ADMIN Security Administrator Account

This is the last example in this guide. If you no longer need the sec_admin administrator account, you should remove it.

To remove the sec_admin security administrator account:

  1. Log in to Database Control using administrative privileges.

  2. Go to the Database Control home page.

  3. Click Server to display the Server subpage.

  4. In the Security section, click Users.

    The Users page appears.

  5. In the Name field, enter sec_admin.

  6. Click Search.

  7. Select the box next to the sec_admin user account, and then click Remove.

    A Confirmation dialog box appears.

  8. Select Yes.

  9. Exit Database Control.

Guidelines for Auditing

This section contains the following topics:

Guideline for Using Default Auditing of SQL Statements and Privileges

When you create a new database, you can enable the auditing of a select set of SQL statements and privileges. Oracle recommends that you enable default auditing. Auditing is an effective method of enforcing strong internal controls so that your site meets its regulatory compliance requirements, as defined in the Sarbanes-Oxley Act. See "Using Default Auditing for Security-Relevant SQL Statements and Privileges" for more information about default auditing.

Guidelines for Managing Audited Information

Although auditing does not severely affect database performance, limit the number of audited events as much as possible. This minimizes the performance impact on the execution of audited statements and the size of the audit trail, making it easier to analyze and understand.

Follow these guidelines when devising an auditing strategy:

  1. Evaluate your reason for auditing.

    After you understand of the reasons for auditing, you can devise an appropriate auditing strategy and avoid unnecessary auditing.

    For example, suppose you are auditing to investigate suspicious database activity. This information by itself is not specific enough. What types of suspicious database activity do you suspect or have you noticed? A more focused auditing purpose might be to audit unauthorized deletions from arbitrary tables in the database. This purpose narrows the type of action being audited and the type of object being affected by the suspicious activity.

  2. Audit knowledgeably.

    Audit the minimum number of statements, users, or objects required to get the targeted information. This prevents unnecessary audit information from cluttering the meaningful information and using valuable space in the SYSTEM tablespace. Balance your need to gather sufficient security information with your ability to store and process it.

    For example, if you are auditing to gather information about database activity, then determine exactly what types of activities you want to track, audit only the activities of interest, and audit only for the amount of time necessary to gather the information that you want. As another example, do not audit objects if you are only interested in logical I/O information for each session.

Guidelines for Auditing Typical Database Activity

When your purpose for auditing is to gather historical information about particular database activities, follow these guidelines:

  1. Audit only pertinent actions.

    To avoid cluttering meaningful information with useless audit records and to reduce the amount of audit trail administration, audit only the targeted database activities. You can audit specific actions by using fine-grained auditing. Oracle Database Security Guide describes fine-grained auditing in detail.

  2. Archive audit records and purge the audit trail.

    After you collect the required information, archive the audit records of interest, and purge the audit trail of this information.

    To archive audit records, you copy the relevant records to a database table, for example, using INSERT INTO table SELECT ... FROM SYS.AUD$ ... for the standard audit trail. (Fine-grained audit records are in the SYS.FGA_LOG$ table.) Alternatively, you can export the audit trail table to an operating system file. Oracle Database Utilities explains how to export tables by using Oracle Data Pump.

    To purge audit records, you delete standard audit records from the SYS.AUD$ table and fine-grained audit records from the SYS.FGA_LOG$ table. For example, to delete all audit records from the standard audit trail, enter the following statement:

    DELETE FROM SYS.AUD$;
    

    Alternatively, to delete all audit records from the standard audit trail generated as a result of auditing the table emp, enter the following statement:

    DELETE FROM SYS.AUD$
         WHERE obj$name='EMP';
    
  3. Remember the privacy considerations of your company.

    Privacy regulations often lead to additional business privacy policies. Most privacy laws require businesses to monitor access to personally identifiable information (PII), and this type of monitoring is implemented by auditing. A business-level privacy policy should address all relevant aspects of data access and user accountability, including technical, legal, and company policy concerns.

Guidelines for Auditing Suspicious Database Activity

When you audit to monitor suspicious database activity, follow these guidelines:

  1. Audit general information, and then audit specific information.

    When you start to audit for suspicious database activity, often not much information is available to target specific users or schema objects. Therefore, set audit options more generally at first, that is, by using the standard audit options described in "Auditing General Activities Using Standard Auditing".

    After you have recorded and analyzed the preliminary audit information, disable general auditing, and then audit specific actions. You can use fine-grained auditing, described in Oracle Database Security Guide, to audit specific actions. Continue this process until you gather enough evidence to draw conclusions about the origin of the suspicious database activity.

  2. Protect the audit trail.

    When auditing for suspicious database activity, protect the audit trail so that audit information cannot be added, changed, or deleted without being audited. You audit the standard audit trail by using the AUDIT SQL statement. For example:

    SQLPLUS "SYS/AS SYSDBA"
    Enter password: password
    SQL> AUDIT SELECT ON SYS.AUD$ BY ACCESS; 
    

Initialization Parameters Used for Auditing

Table 7-1 lists initialization parameters that you can use to secure auditing.

Table 7-1 Initialization Parameters Used for Auditing

Initialization ParameterDefault SettingDescription

AUDIT_TRAIL

DB

Enables or disables auditing. See "Enabling or Disabling the Standard Audit Trail" for detailed information.

AUDIT_FILE_DEST

ORACLE_BASE/admin/ORACLE_SID/adump

or

ORACLE_HOME/rdbms/audit

Specifies the operating system directory into which the audit trail is written when the AUDIT_TRAIL initialization parameter is set to OS, XML, or XML,EXTENDED. Oracle Database writes the audit records in XML format if the AUDIT_TRAIL initialization parameter is set to XML.

Oracle Database also writes mandatory auditing information to this location, and if the AUDIT_SYS_OPERATIONS initialization parameter is set, writes audit records for user SYS.

AUDIT_SYS_OPERATIONS

FALSE

Enables or disables the auditing of top-level operations directly issued by user SYS, and users connecting with SYSDBA or SYSOPER privilege. Oracle Database writes the audit records to the audit trail of the operating system. If you set the AUDIT_TRAIL initialization parameter to XML or XML, EXTENDED, it writes the audit records in XML format.

On UNIX systems, if you have also set the AUDIT_SYSLOG_LEVEL parameter, then it overrides the AUDIT_TRAIL parameter, which writes the SYS audit records to the system audit log using the SYSLOG utility.

AUDIT_SYSLOG_LEVEL

No default setting

On UNIX systems, writes the SYS and standard OS audit records to the system audit log using the SYSLOG utility.


To modify an initialization parameter, see "Modifying the Value of an Initialization Parameter". For detailed information about initialization parameters, see Oracle Database Reference and Oracle Database Administrator's Guide.

PK1j`PK`UIOEBPS/content.opf Oracle® Database 2 Day + Security Guide, 11g Release 1 (11.1) en-US B28337-07 Oracle Corporation Oracle Corporation Oracle® Database 2 Day + Security Guide, 11g Release 1 (11.1) 2011-06-30T15:28:13Z A database administration quick start guide that teaches you how to perform day-to-day database security tasks. The goal of this book is to help you understand the concepts behind Oracle database security. This book teaches you how to perform all common security tasks needed to secure your database. The knowledge you gain from completing the tasks in Oracle Database 2 Day + Security Guide helps you not only to better secure your data, but to meet common regulatory compliance requirements, such as the Sarbanes-Oxley Act. PK PK`UIOEBPS/tdpsg_network_secure.htm@~ Securing the Network

5 Securing the Network

This chapter contains:

About Securing the Network

You can configure the client connection to your Oracle Database installation by following the procedures in "Configuring the Network Environment" in Oracle Database 2 Day DBA and the Oracle Database Installation Guide for your platform. This chapter explains how you can encrypt data as it travels through the network, and also provides guidelines that you can follow to secure the network connections for Oracle Database.

Securing the Client Connection on the Network

This section describes how you can improve security for the client connection to ensure thorough protection. Using SSL is an essential element in these lists, enabling strict security for authentication and communications.

These guidelines are as follows:

Guidelines for Securing Client Connections

Because authenticating client computers is problematic over the Internet, typically, user authentication is performed instead. This approach avoids client system issues that include falsified IP addresses, compromised operating systems or applications, and falsified or stolen client system identities. Nevertheless, the following guidelines improve the security of client connections:

  1. Enforce access controls effectively and authenticate clients stringently.

    By default, Oracle allows operating system-authenticated logins only over secure connections, which precludes using Oracle Net and a shared server configuration. This default restriction prevents a remote user from impersonating another operating system user over a network connection.

    Setting the initialization parameter REMOTE_OS_AUTHENT to TRUE forces the database to accept the client, operating-system user name received over a nonsecure connection and use it for account access. (To modify an initialization parameter, see "Modifying the Value of an Initialization Parameter".) Because clients, such as PCs, are not trusted to perform operating system authentication properly, it is poor security practice to use this feature.

    The default setting, REMOTE_OS_AUTHENT = FALSE, creates a more secure configuration that enforces proper, server-based authentication of clients connecting to an Oracle database.

    Do not alter the default setting of the REMOTE_OS_AUTHENT initialization parameter, which is FALSE.

    Setting this parameter to FALSE does not mean that users cannot connect remotely. It means that the database will not trust that the client has already authenticated, and will apply its standard authentication processes.

  2. Configure the connection to use Secure Sockets Layer (SSL).

    Using SSL communication makes eavesdropping difficult and enables the use of certificates for user and server authentication. To learn how to configure SSL, see Oracle Database Advanced Security Administrator's Guide.

  3. Set up certificate authentication for clients and servers.

    See Oracle Database Advanced Security Administrator's Guide for more information about ways to manage certificates.

  4. Monitor the users who access your systems.

    Authenticating client computers over the Internet is problematic. Perform user authentication instead, which avoids client system issues that include falsified IP addresses, hacked operating systems or applications, and falsified or stolen client system identities. The following steps improve client computer security:

    1. Configure the connection to use Secure Sockets Layer (SSL). Using SSL communication makes eavesdropping unfruitful, and enables the use of certificates for user and server authentication. To learn how to configure SSL, see Oracle Database Advanced Security Administrator's Guide.

    2. Set up certificate authentication for clients and servers so that:

      • The organization is identified by unit and certificate issuer, and the user is identified by distinguished name and certificate issuer.

      • Applications test for expired certificates.

      • Certificate revocation lists are audited.

      See Oracle Database Advanced Security Administrator's Guide for more information about ways to manage certificates.

Guidelines for Securing the Network Connection

Protecting the network and its traffic from inappropriate access or modification is the essence of network security. You should consider all paths the data travels, and assess the threats that impinge on each path and node. Then, take steps to lessen or eliminate those threats and the consequences of a breach of security. In addition, monitor and audit to detect either increased threat levels or successful penetration.

To manage network connections, you can use Oracle Net Manager. For an introduction to using Oracle Net Manager, see Oracle Database 2 Day DBA. See also Oracle Database Net Services Administrator's Guide.

The following practices improve network security:

  1. Monitor listener activity.

    You can monitor listener activity by using Oracle Enterprise Manager Database Control. In the Database Control home page, under General, click the link for your listener. The Listener page appears. This page provides detailed information, such as the category of alert generated, alert messages, when the alert was triggered, and so on. This page provides other information, such as performance statistics for the listener.

  2. Prevent online administration by requiring the administrator to have write privileges on the listener.ora file and the listener password:

    1. Add or modify this line in the listener.ora file:

      ADMIN_RESTRICTIONS_LISTENER=ON
      
    2. Use RELOAD to reload the configuration.

    3. Use SSL when administering the listener, by making the TCPS protocol the first entry in the address list as follows:

      LISTENER=
        (DESCRIPTION=
          (ADDRESS_LIST=
            (ADDRESS=
              (PROTOCOL=tcps)
              (HOST = shobeen.us.example.com)
              (PORT = 8281)))
      

      To administer the listener remotely, define the listener in the listener.ora file on the client computer. For example, to access listener USER281 remotely, use the following configuration:

      user281 =
        (DESCRIPTION =
          (ADDRESS =
            (PROTOCOL = tcps)
            (HOST = shobeen.us.example.com)
            (PORT = 8281))
          )
        )
      

    For more information about the parameters in listener.ora, see Oracle Database Net Services Reference.

  3. Do not set the listener password.

    Ensure that the password has not been set in the listener.ora file. The local operating system authentication secures the listener administration. The remote listener administration is disabled when the password has not been set.

  4. When a host has multiple IP addresses associated with multiple NIC cards, configure the listener to the specific IP address.

    This enables the listener to monitor all the IP addresses. You can restrict the listener to monitor a specific IP address. Oracle recommends that you specify the specific IP addresses on these types of computers, rather than enabling the listener to monitor all IP addresses. Restricting the listener to specific IP addresses helps to prevent an intruder from stealing a TCP end point from the listener process.

  5. Restrict the privileges of the listener, so that it cannot read or write files in the database or the Oracle server address space.

    This restriction prevents external procedure agents spawned by the listener (or procedures executed by an agent) from inheriting the ability to perform read or write operations. The owner of this separate listener process should not be the owner that installed Oracle Database or executes the Oracle Database instance (such as ORACLE, the default owner).

    For more information about configuring external procedures in the listener, see Oracle Database Net Services Administrator's Guide.

  6. Because you cannot protect physical addresses when transferring data over the Internet, use encryption when this data must be secure.

    See "Protecting Data on the Network by Using Network Encryption" to learn about how to protect Oracle data over the network. Oracle Database Advanced Security Administrator's Guide describes network encryption in detail.

  7. Use a firewall.

    Appropriately placed and configured firewalls can prevent outside access to your intranet when you allow internal users to have Internet access.

    • Keep the database server behind a firewall. Oracle Database network infrastructure, Oracle Net (formerly known as Net8 and SQL*Net), provides support for a variety of firewalls from various vendors. Supported proxy-enabled firewalls include Gauntlet from Network Associates and Raptor from Axent. Supported packet-filtering firewalls include PIX Firewall from Cisco, and supported stateful inspection firewalls (more sophisticated packet-filtered firewalls) include Firewall-1 from CheckPoint.

    • Ensure that the firewall is placed outside the network to be protected.

    • Configure the firewall to accept only those protocols, applications, or client/server sources that you know are safe.

    • Use a product such as Oracle Connection Manager to multiplex multiple-client, network sessions through a single network connection to the database. It can filter using the source, destination, and host name. This product enables you to ensure that connections are accepted only from physically secure terminals or from application Web servers with known IP addresses. (Filtering using the IP address alone is not enough for authentication, because it can be falsified.)

  8. Prevent unauthorized administration of the Oracle listener.

    For more information about the listener, see Oracle Database Net Services Administrator's Guide.

  9. Check network IP addresses.

    Use the Oracle Net valid node checking security feature to allow or deny access to Oracle server processes from network clients with specified IP addresses. To use this feature, set the following sqlnet.ora configuration file parameters:

    tcp.validnode_checking = YES
    
    tcp.excluded_nodes = {list of IP addresses}
    
    tcp.invited_nodes = {list of IP addresses}
    

    The tcp.validnode_checking parameter enables the feature. The tcp.excluded_nodes and tcp.invited_nodes parameters deny and enable specific client IP addresses from making connections to the Oracle listener. This helps to prevent potential Denial of Service attacks.

    You can use Oracle Net Manager to configure these parameters. See Oracle Database Net Services Administrator's Guide for more information.

  10. Encrypt network traffic.

    If possible, use Oracle Advanced Security to encrypt network traffic among clients, databases, and application servers. For an introduction to Oracle network encryption, see "Protecting Data on the Network by Using Network Encryption". For detailed information about network encryption, see Oracle Database Advanced Security Administrator's Guide.

  11. Secure the host operating system (the system on which Oracle Database resides).

    Secure the host operating system by disabling all unnecessary operating system services. Both UNIX and Windows platforms provide a variety of operating system services, most of which are not necessary for typical deployments. These services include FTP, TFTP, TELNET, and so forth. Be sure to close both the UDP and TCP ports for each service that is being disabled. Disabling one type of port and not the other does not make the operating system more secure.

Protecting Data on the Network by Using Network Encryption

In addition to protecting information by encrypting it at the database level, you must protect it as it travels across the network.

This section contains:


See Also:

Oracle Database Advanced Security Administrator's Guide for detailed information about network encryption

About Network Encryption

Network encryption refers to encrypting data as it travels across the network between the client and server. The reason you should encrypt data at the network level, and not just the database level, is because data can be exposed on the network level even though you have carefully encrypted it in the database. For example, an intruder can use a network packet sniffer to capture information as it travels on the network, and then spool it to a file for malicious use. Encrypting data on the network prevents this sort of activity.

To encrypt data on the network, you need the following components:

  • An encryption seed. The encryption seed is a random string of up to 256 characters. It generates the cryptographic keys that encrypts data as it travels across the network.

  • An encryption algorithm. You can specify any of the supported algorithm types: AES, RC4, DES, or 3DES.

  • Whether the settings apply to a client or server. You must configure the server and each client to which it connects.

  • How the client or server should processes the encrypted data. The settings you select (you have four options) must complement both server and client.

  • A mechanism for configuring the encryption. You can use Oracle Net Manager to configure the encryption. Alternatively, you can edit the sqlnet.ora configuration file. Both Oracle Net Manager and the sqlnet.ora file are available in a default Oracle Database installation.

Configuring Network Encryption

You can configure network encryption by using either Oracle Net Manager or by editing the sqlnet.ora file. This guide explains how to use Oracle Net Manager to configure network encryption.

To configure network encryption:

  1. On the server computer, start Oracle Net Manager.

    • UNIX: From $ORACLE_HOME/bin, enter the following at the command line:

      netmgr
      
    • Windows: From the Start menu, click All Programs. Then, click Oracle - HOME_NAME, Configuration and Migration Tools, and then Net Manager

  2. From the Oracle Net Configuration navigation tree, expand Local, and then select Profile.

    Description of netmgr_profile.gif follows

  3. From the list, select Oracle Advanced Security.

    Description of netmgr_adv_sec.gif follows

  4. Under Oracle Advanced Security, select the Encryption tab.

    The Encryption settings pane appears.

    Description of netmgr_encrypt.gif follows

  5. Enter the following settings:

    • Encryption: From the list, select SERVER to configure the network encryption for the server. (For the client computer, you select CLIENT.)

    • Encryption Type: Select from the following values to specify the actions of the server (or client) when negotiating encryption and integrity:

      • accepted: Service will be active if the other side of the connection specifies either required or requested, and there is a compatible algorithm available on the other side; it will otherwise be inactive.

      • rejected: Service must not be active, and the connection will fail if the other side requires.

      • requested: Service will be active if the other side of the connection specifies either accepted, required, or requested, and there is a compatible algorithm available on the other side; it will otherwise be inactive.

      • required: Service must be active, and the connection will fail if the other side specifies rejected, or if there is no compatible algorithm on the other side.

    • Encryption Seed: Enter a random string of up to 256 characters. Oracle Database uses the encryption seed to generate cryptographic keys. This is required when either encryption or integrity is enabled.

      If you choose to use special characters such as a comma [,] or a right parenthesis [)] as a part of the Encryption Seed parameter, enclose the value within single quotation marks.

    • Available Methods: Select one or more of the following algorithms, and use the move button (>) to move them to the Selected Methods list. The order in which they appear in the Selected Methods list determines the preferred order for negotiation. That is, the first algorithm listed is selected first, and so on.

      • AES256: Advanced Encryption Standard (AES). AES was approved by the National Institute of Standards and Technology (NIST) to replace Data Encryption Standard (DES). AES256 enables you to encrypt a block size of 256 bits.

      • RC4_256: Rivest Cipher 4 (RC4), which is the most commonly used stream cipher that protects protocols such as Secure Sockets Layer (SSL). RC4_256 enables you to encrypt up to 256 bits of data.

      • AES192: Enables you to use AES to encrypt a block size of 192 bits.

      • 3DES168: Triple Data Encryption Standard (TDES) with a three-key option. 3DES168 enables you to encrypt up to 168 bits of data.

      • AES128: Enables you to use AES to encrypt a block size of 128 bits.

      • RC4_128: Enables you to use RC4 to encrypt up to 128 bits of data.

      • 3DES112: Enables you to use Triple DES with a two-key (112 bit) option.

      • DES: Data Encryption Standard (DES) 56-bit key. Note that National Institute of Standards and Technology (NIST) no longer recommends DES.

      • RC4_40: Enables you to use RC4 to encrypt up to 40 bits of data.

      • DES40: Enables you to use DES to encrypt up to 40 bits of data.

  6. From the File menu, select Save Network Configuration, and then select Exit to exit Oracle Net Manager.

  7. Repeat these steps for each client computer that connects to the server.


See Also:


Initialization Parameters Used for Network Security

Table 5-1 lists initialization parameters that you can set to better secure user accounts.

Table 5-1 Initialization Parameters Used for Network Security

Initialization ParameterDefault SettingDescription

OS_AUTHENT_PREFIX

OPS$

Specifies a prefix that Oracle Database uses to authenticate users attempting to connect to the database. Oracle Database concatenates the value of this parameter to the beginning of the user operating system account name and password. When a user attempts a connection request, Oracle Database compares the prefixed username with user names in the database.

The default value of this parameter is OPS$ for backward compatibility with previous versions. However, you can set the prefix value to "" (a null string), thereby eliminating the addition of any prefix to operating system account names.

REMOTE_LISTENER

No default setting

Specifies a network name that resolves to an address or address list of Oracle Net remote listeners (that is, listeners that are not running on the same computer as this instance). The address or address list is specified in the tnsnames.ora file or other address repository as configured for your system.

REMOTE_OS_AUTHENT

FALSE

Specifies whether remote clients will be authenticated with the value of the OS_AUTHENT_PREFIX parameter.

REMOTE_OS_ROLES

FALSE

Specifies whether operating system roles are allowed for remote clients. The default value, FALSE, causes Oracle Database to identify and manage roles for remote clients.


To modify an initialization parameter, see "Modifying the Value of an Initialization Parameter". For detailed information about initialization parameters, see Oracle Database Reference andOracle Database Administrator's Guide.

PKWE~@~PK`UIOEBPS/dcommon/blafdoc.cssc@charset "utf-8"; /* Copyright 2002, 2011, Oracle and/or its affiliates. All rights reserved. Author: Robert Crews Version: 2011.8.12 */ body { font-family: Tahoma, sans-serif; /* line-height: 125%; */ color: black; background-color: white; font-size: small; } * html body { /* http://www.info.com.ph/~etan/w3pantheon/style/modifiedsbmh.html */ font-size: x-small; /* for IE5.x/win */ f\ont-size: small; /* for other IE versions */ } h1 { font-size: 165%; font-weight: bold; border-bottom: 1px solid #ddd; width: 100%; text-align: left; } h2 { font-size: 152%; font-weight: bold; text-align: left; } h3 { font-size: 139%; font-weight: bold; text-align: left; } h4 { font-size: 126%; font-weight: bold; text-align: left; } h5 { font-size: 113%; font-weight: bold; display: inline; text-align: left; } h6 { font-size: 100%; font-weight: bold; font-style: italic; display: inline; text-align: left; } a:link { color: #039; background: inherit; } a:visited { color: #72007C; background: inherit; } a:hover { text-decoration: underline; } a img, img[usemap] { border-style: none; } code, pre, samp, tt { font-family: monospace; font-size: 110%; } caption { text-align: center; font-weight: bold; width: auto; } dt { font-weight: bold; } table { font-size: small; /* for ICEBrowser */ } td { vertical-align: top; } th { font-weight: bold; text-align: left; vertical-align: bottom; } li { text-align: left; } dd { text-align: left; } ol ol { list-style-type: lower-alpha; } ol ol ol { list-style-type: lower-roman; } td p:first-child, td pre:first-child { margin-top: 0px; margin-bottom: 0px; } table.table-border { border-collapse: collapse; border-top: 1px solid #ccc; border-left: 1px solid #ccc; } table.table-border th { padding: 0.5ex 0.25em; color: black; background-color: #f7f7ea; border-right: 1px solid #ccc; border-bottom: 1px solid #ccc; } table.table-border td { padding: 0.5ex 0.25em; border-right: 1px solid #ccc; border-bottom: 1px solid #ccc; } span.gui-object, span.gui-object-action { font-weight: bold; } span.gui-object-title { } p.horizontal-rule { width: 100%; border: solid #cc9; border-width: 0px 0px 1px 0px; margin-bottom: 4ex; } div.zz-skip-header { display: none; } td.zz-nav-header-cell { text-align: left; font-size: 95%; width: 99%; color: black; background: inherit; font-weight: normal; vertical-align: top; margin-top: 0ex; padding-top: 0ex; } a.zz-nav-header-link { font-size: 95%; } td.zz-nav-button-cell { white-space: nowrap; text-align: center; width: 1%; vertical-align: top; padding-left: 4px; padding-right: 4px; margin-top: 0ex; padding-top: 0ex; } a.zz-nav-button-link { font-size: 90%; } div.zz-nav-footer-menu { width: 100%; text-align: center; margin-top: 2ex; margin-bottom: 4ex; } p.zz-legal-notice, a.zz-legal-notice-link { font-size: 85%; /* display: none; */ /* Uncomment to hide legal notice */ } /*************************************/ /* Begin DARB Formats */ /*************************************/ .bold, .codeinlinebold, .syntaxinlinebold, .term, .glossterm, .seghead, .glossaryterm, .keyword, .msg, .msgexplankw, .msgactionkw, .notep1, .xreftitlebold { font-weight: bold; } .italic, .codeinlineitalic, .syntaxinlineitalic, .variable, .xreftitleitalic { font-style: italic; } .bolditalic, .codeinlineboldital, .syntaxinlineboldital, .titleinfigure, .titleinexample, .titleintable, .titleinequation, .xreftitleboldital { font-weight: bold; font-style: italic; } .itemizedlisttitle, .orderedlisttitle, .segmentedlisttitle, .variablelisttitle { font-weight: bold; } .bridgehead, .titleinrefsubsect3 { font-weight: bold; } .titleinrefsubsect { font-size: 126%; font-weight: bold; } .titleinrefsubsect2 { font-size: 113%; font-weight: bold; } .subhead1 { display: block; font-size: 139%; font-weight: bold; } .subhead2 { display: block; font-weight: bold; } .subhead3 { font-weight: bold; } .underline { text-decoration: underline; } .superscript { vertical-align: super; } .subscript { vertical-align: sub; } .listofeft { border: none; } .betadraft, .alphabetanotice, .revenuerecognitionnotice { color: #f00; background: inherit; } .betadraftsubtitle { text-align: center; font-weight: bold; color: #f00; background: inherit; } .comment { color: #080; background: inherit; font-weight: bold; } .copyrightlogo { text-align: center; font-size: 85%; } .tocsubheader { list-style-type: none; } table.icons td { padding-left: 6px; padding-right: 6px; } .l1ix dd, dd dl.l2ix, dd dl.l3ix { margin-top: 0ex; margin-bottom: 0ex; } div.infoboxnote, div.infoboxnotewarn, div.infoboxnotealso { margin-top: 4ex; margin-right: 10%; margin-left: 10%; margin-bottom: 4ex; padding: 0.25em; border-top: 1pt solid gray; border-bottom: 1pt solid gray; } p.notep1 { margin-top: 0px; margin-bottom: 0px; } .tahiti-highlight-example { background: #ff9; text-decoration: inherit; } .tahiti-highlight-search { background: #9cf; text-decoration: inherit; } .tahiti-sidebar-heading { font-size: 110%; margin-bottom: 0px; padding-bottom: 0px; } /*************************************/ /* End DARB Formats */ /*************************************/ @media all { /* * * { line-height: 120%; } */ dd { margin-bottom: 2ex; } dl:first-child { margin-top: 2ex; } } @media print { body { font-size: 11pt; padding: 0px !important; } a:link, a:visited { color: black; background: inherit; } code, pre, samp, tt { font-size: 10pt; } #nav, #search_this_book, #comment_form, #comment_announcement, #flipNav, .noprint { display: none !important; } body#left-nav-present { overflow: visible !important; } } PKr.hcPK`UIOEBPS/dcommon/cpyr.htmd Oracle Legal Notices

Oracle Legal Notices

Copyright Notice

Copyright © 1994-2016, Oracle and/or its affiliates. All rights reserved.

License Restrictions Warranty/Consequential Damages Disclaimer

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

Warranty Disclaimer

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

Restricted Rights Notice

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.

Hazardous Applications Notice

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Trademark Notice

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

Third-Party Content, Products, and Services Disclaimer

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.

Alpha and Beta Draft Documentation Notice

If this document is in preproduction status:

This documentation is in preproduction status and is intended for demonstration and preliminary use only. It may not be specific to the hardware on which you are using the software. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to this documentation and will not be responsible for any loss, costs, or damages incurred due to the use of this documentation.

Private Alpha and Beta Draft Documentation Notice

If this document is in private preproduction status:

The information contained in this document is for informational sharing purposes only and should be considered in your capacity as a customer advisory board member or pursuant to your beta trial agreement only. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle.

This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. Your access to and use of this confidential material is subject to the terms and conditions of your Oracle Master Agreement, Oracle License and Services Agreement, Oracle PartnerNetwork Agreement, Oracle distribution agreement, or other license agreement which has been executed by you and Oracle and with which you agree to comply. This document and information contained herein may not be disclosed, copied, reproduced, or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates.

Documentation Accessibility

For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.

Oracle Logo

PKS\UKPK`UIOEBPS/dcommon/oracle.gifJGIF87aiyDT2F'G;Q_oKTC[ 3-Bq{ttsoGc4I)GvmLZ).1)!ꑈ53=Z]'yuLG*)g^!8C?-6(29K"Ĩ0Яl;U+K9^u2,@@ (\Ȱ Ë $P`lj 8x I$4H *(@͉0dа8tA  DсSP v"TUH PhP"Y1bxDǕ̧_=$I /& .)+ 60D)bB~=0#'& *D+l1MG CL1&+D`.1qVG ( "D2QL,p.;u. |r$p+5qBNl<TzB"\9e0u )@D,¹ 2@C~KU 'L6a9 /;<`P!D#Tal6XTYhn[p]݅ 7}B a&AƮe{EɲƮiEp#G}D#xTIzGFǂEc^q}) Y# (tۮNeGL*@/%UB:&k0{ &SdDnBQ^("@q #` @1B4i@ aNȅ@[\B >e007V[N(vpyFe Gb/&|aHZj@""~ӎ)t ? $ EQ.սJ$C,l]A `8A o B C?8cyA @Nz|`:`~7-G|yQ AqA6OzPbZ`>~#8=./edGA2nrBYR@ W h'j4p'!k 00 MT RNF6̙ m` (7%ꑀ;PKl-OJPK`UIOEBPS/dcommon/doccd_epub.jsM /* Copyright 2006, 2012, Oracle and/or its affiliates. All rights reserved. Author: Robert Crews Version: 2012.3.17 */ function addLoadEvent(func) { var oldOnload = window.onload; if (typeof(window.onload) != "function") window.onload = func; else window.onload = function() { oldOnload(); func(); } } function compactLists() { var lists = []; var ul = document.getElementsByTagName("ul"); for (var i = 0; i < ul.length; i++) lists.push(ul[i]); var ol = document.getElementsByTagName("ol"); for (var i = 0; i < ol.length; i++) lists.push(ol[i]); for (var i = 0; i < lists.length; i++) { var collapsible = true, c = []; var li = lists[i].getElementsByTagName("li"); for (var j = 0; j < li.length; j++) { var p = li[j].getElementsByTagName("p"); if (p.length > 1) collapsible = false; for (var k = 0; k < p.length; k++) { if ( getTextContent(p[k]).split(" ").length > 12 ) collapsible = false; c.push(p[k]); } } if (collapsible) { for (var j = 0; j < c.length; j++) { c[j].style.margin = "0"; } } } function getTextContent(e) { if (e.textContent) return e.textContent; if (e.innerText) return e.innerText; } } addLoadEvent(compactLists); function processIndex() { try { if (!/\/index.htm(?:|#.*)$/.test(window.location.href)) return false; } catch(e) {} var shortcut = []; lastPrefix = ""; var dd = document.getElementsByTagName("dd"); for (var i = 0; i < dd.length; i++) { if (dd[i].className != 'l1ix') continue; var prefix = getTextContent(dd[i]).substring(0, 2).toUpperCase(); if (!prefix.match(/^([A-Z0-9]{2})/)) continue; if (prefix == lastPrefix) continue; dd[i].id = prefix; var s = document.createElement("a"); s.href = "#" + prefix; s.appendChild(document.createTextNode(prefix)); shortcut.push(s); lastPrefix = prefix; } var h2 = document.getElementsByTagName("h2"); for (var i = 0; i < h2.length; i++) { var nav = document.createElement("div"); nav.style.position = "relative"; nav.style.top = "-1.5ex"; nav.style.left = "1.5em"; nav.style.width = "90%"; while (shortcut[0] && shortcut[0].toString().charAt(shortcut[0].toString().length - 2) == getTextContent(h2[i])) { nav.appendChild(shortcut.shift()); nav.appendChild(document.createTextNode("\u00A0 ")); } h2[i].parentNode.insertBefore(nav, h2[i].nextSibling); } function getTextContent(e) { if (e.textContent) return e.textContent; if (e.innerText) return e.innerText; } } addLoadEvent(processIndex); PKo"nR M PK`UIOEBPS/dcommon/oracle-logo.jpgflJFIFC    $.' ",#(7),01444'9=82<.342C  2!!22222222222222222222222222222222222222222222222222'7" }!1AQa"q2#BR$3br %&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz w!1AQaq"2B #3Rbr $4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz ?( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( ( (QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQE!KEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEzE7V%ȣOΏ9??:a"\fSrğjAsKJ:nOzO=}E1-I)3(QEQEQEQEQEQEQE֝Hza<["2"pO#f8M[RL(,?g93QSZ uy"lx4h`O!LŏʨXZvq& c՚]+: ǵ@+J]tQ]~[[eϸ (]6A&>ܫ~+כzmZ^(<57KsHf妬Ϧmnẁ&F!:-`b\/(tF*Bֳ ~V{WxxfCnMvF=;5_,6%S>}cQQjsOO5=)Ot [W9 /{^tyNg#ЄGsֿ1-4ooTZ?K Gc+oyڙoNuh^iSo5{\ܹ3Yos}$.nQ-~n,-zr~-|K4R"8a{]^;I<ȤL5"EԤP7_j>OoK;*U.at*K[fym3ii^#wcC'IIkIp$󿉵|CtĈpW¹l{9>⪦׺*ͯj.LfGߍԁw] |WW18>w.ӯ! VӃ :#1~ +މ=;5c__b@W@ +^]ևՃ7 n&g2I8Lw7uҭ$"&"b eZ":8)D'%{}5{; w]iu;_dLʳ4R-,2H6>½HLKܹR ~foZKZ࿷1[oZ7׫Z7R¢?«'y?A}C_iG5s_~^ J5?œ tp]X/c'r%eܺA|4ծ-Ե+ْe1M38Ǯ `|Kյ OVڅu;"d56, X5kYR<̭CiطXԮ];Oy)OcWj֩}=܅s۸QZ*<~%뺃ȶp f~Bðzb\ݳzW*y{=[ C/Ak oXCkt_s}{'y?AmCjޓ{ WRV7r. g~Q"7&͹+c<=,dJ1V߁=T)TR՜*N4 ^Bڥ%B+=@fE5ka}ędܤFH^i1k\Sgdk> ֤aOM\_\T)8靠㡮3ģR: jj,pk/K!t,=ϯZ6(((((((49 xn_kLk&f9sK`zx{{y8H 8b4>ÇНE|7v(z/]k7IxM}8!ycZRQ pKVr(RPEr?^}'ðh{x+ՀLW154cK@Ng C)rr9+c:׹b Жf*s^ fKS7^} *{zq_@8# pF~ [VPe(nw0MW=3#kȵz晨cy PpG#W:%drMh]3HH<\]ԁ|_W HHҡb}P>k {ZErxMX@8C&qskLۙOnO^sCk7ql2XCw5VG.S~H8=(s1~cV5z %v|U2QF=NoW]ո?<`~׮}=ӬfԵ,=;"~Iy7K#g{ñJ?5$y` zz@-~m7mG宝Gٱ>G&K#]؃y1$$t>wqjstX.b̐{Wej)Dxfc:8)=$y|L`xV8ߙ~E)HkwW$J0uʟk>6Sgp~;4֌W+חc"=|ř9bc5> *rg {~cj1rnI#G|8v4wĿhFb><^ pJLm[Dl1;Vx5IZ:1*p)إ1ZbAK(1ׅ|S&5{^ KG^5r>;X׻K^? s fk^8O/"J)3K]N)iL?5!ƾq:G_=X- i,vi2N3 |03Qas ! 7}kZU781M,->e;@Qz T(GK(ah(((((((Y[×j2F}o־oYYq $+]%$ v^rϭ`nax,ZEuWSܽ,g%~"MrsrY~Ҿ"Fت;8{ѰxYEfP^;WPwqbB:c?zp<7;SBfZ)dϛ; 7s^>}⍱x?Bix^#hf,*P9S{w[]GF?1Z_nG~]kk)9Sc5Ո<<6J-ϛ}xUi>ux#ţc'{ᛲq?Oo?x&mѱ'#^t)ϲbb0 F«kIVmVsv@}kҡ!ˍUTtxO̧]ORb|2yԵk܊{sPIc_?ħ:Ig)=Z~' "\M2VSSMyLsl⺿U~"C7\hz_ Rs$~? TAi<lO*>U}+'f>7_K N s8g1^CeКÿE ;{+Y\ O5|Y{/o+ LVcO;7Zx-Ek&dpzbӱ+TaB0gNy׭ 3^c T\$⫫?F33?t._Q~Nln:U/Ceb1-im WʸQM+VpafR3d׫é|Aү-q*I P7:y&]hX^Fbtpܩ?|Wu󭏤ʫxJ3ߴm"(uqA}j.+?S wV ~ [B&<^U?rϜ_OH\'.;|.%pw/ZZG'1j(#0UT` Wzw}>_*9m>󑓀F?EL3"zpubzΕ$+0܉&3zڶ+jyr1QE ( ( ( ( ( ( ( (UIdC0EZm+]Y6^![ ԯsmܶ捆?+me+ZE29)B[;я*wGxsK7;5w)}gH~.Ɣx?X\ߚ}A@tQ(:ͧ|Iq(CT?v[sKG+*רqҍck <#Ljα5݈`8cXP6T5i.K!xX*p&ќZǓϘ7 *oƽ:wlຈ:Q5yIEA/2*2jAҐe}k%K$N9R2?7ýKMV!{W9\PA+c4w` Wx=Ze\X{}yXI Ү!aOÎ{]Qx)#D@9E:*NJ}b|Z>_k7:d$z >&Vv󃏽WlR:RqJfGإd9Tm(ҝEtO}1O[xxEYt8,3v bFF )ǙrPNE8=O#V*Cc𹾾&l&cmCh<.P{ʦ&ۣY+Gxs~k5$> ӥPquŽўZt~Tl>Q.g> %k#ú:Kn'&{[yWQGqF}AЅ׮/}<;VYZa$wQg!$;_ $NKS}“_{MY|w7G!"\JtRy+贾d|o/;5jz_6fHwk<ѰJ#]kAȎ J =YNu%dxRwwbEQEQEQEQEQEQEQEQEQE'fLQZ(1F)hQ@X1KEQE-Q@ 1KE3h=iPb(((1GjZ(-ʹRPbR@ 1KE7`bڒyS0(-&)P+ ڎԴP11F)h&:LRmQ@Q@Š(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((?l:ϊw "{{-3j3%{sj~2= 7 ~MڅKrHb|P3 r=Ҁ +Ş/$iu7=q2dԂxn⸷9$l]H #WI񯄴;\[ݚD8C3p&0U9^AnK vI+!I8>5(zqj03Y.X ,@85ߛ8>pq8=} \xmm常8` $Q@$v7zwp]ɝA GX;y_]覮O&4 SPtY.X),@84U=7Vuv K4,$g{@<+uqtiGw3; I@ORմn5MBp%8'ƫ%u6uBJrHRN2@ϸ J(9i[[m͹۞v8ހ=e>#P3qky6yFH@ᯀ^|+jCq"4AC: f2qh( |vk~-bүCK=[  FUs׮xW6+𾝮ZS$n2@ 3qlQYWcag]E7dt&iͻ\iz KYU pJ3=\jnqko{Z[Ov-eF9`0=G\yi}ŭim=춎if@NXr ( +'u/x:]ދ{f3W/ F:y@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@?J o^^7xm|uX-MI$`%$xs^ ߃kc@!&/̠o9+v Ď9zEܖshPy 4 Q^_/SMOK9.ڍ腕CnRHp2ʛNq@/^BDKk(4S![|8'-c94_O^s\˿?03@}94|8״mI < ZN,x,S'c*/Cl<G>G=g<1?3wcÚ/E\dMy0"f&] gvyŒmO^ &uZzW:K"0Y2Fd˧xt$M>S/qp#fX[rSz]Yk}/[oT.$ d$$ {ݷ.uRO-$v{M& (E1%;L'/,̤F)I`z`\/n-jMn%Y-xUQ^71 ISz_7g7RFV$r aӸJ_PRp&O%BqJJzÈCIlYD\$ҼlRCs;95V?OGCWUyy\DD$G ю$pX.I @"c@Ҿ#|[{Fӭ ) g  d ?ꚥ Pz;eam\3ߓAnK vI+!I8>(6!J#O<5`_mCۿGRx/ƞ/P2ĞUxR&j+DLsl9e5!APEqֽOOj2/*gH窰N©sqO{;5x(BPDoÞ՗]<[h~E*qiĈA| ~|:-m󯭱wjvKPsP0rXt,|1w&ԥm^ o ݎW͚}ľ3bI>۵֗fEJ@c=.d'ŝ*{iIz.-в.[H:ש[_];MU~Ǟ( rDSڱCaQn+(((((((((((((((((?|;ol.'Gv7}\)//@)N[X]bR$(8gU(u . #" d"0QӰZ؋,5m" {Vi6@HNLztP~~!ӞWղvLH#r' 0Fx5ῇ~%}H,hL b:9x^.ιAw$x 6Z9BoN'8g,Mw@x2C#|E;Cc#Z( M;ijb76sz>x&G {[L fb`mw;ӥvP?k>a-$!I!]KmAۜdg =NK;H.dgHʞPc:}wPr3VrJ1n35Q@7VEJ$E `+뛉gG.;A'<* =vѴ=/rXiYZSnc՛eI&(1ImtvcLxp(A_vWQ@W:K"0Y2F򮢊(?[4:,gEv 9R?vWQ@z9dUt{KGST+)m4apI=nQEr!u^ cD{dg߀>fB `(vq]x%5ѿ [LU$]o Z@Gq8Q@޷xsGVծ>c2]w0Q‚O$xc΅mI} ] NZ8iPO; l䳿LoxĈ  Mtݭ>r+!@>€.QEQE[FuRL.I|]n[Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@Q@gztF85$}! nNAb6o\|Vc2$m39ωtxFH4}}& ĎH<`7eϊjV߻ч.P2*_~x-V=FĚz2ܪ፸U w19,yƺJ'M ƺs^h~oO I!f##*H8'W> MWZ07q<Ler!nvĜhOSmIxC]mtwəZ$ i[xQd:jO 9\>nQ^wZxzޛո1vV0H-X޿ ,;MOCT]l%ʙ 7(('u^@C²訫߅u|Ko)}IH ?UZn̼ >tjzO[o7nЮdg2+?>;:>_3Wtw'ݎ?4h>(Wt۽J84[olȁwʹ|1oZka =٢[|"B'b23 +x[o3SkwHrŎe|t_qύG?SlU +[4q2<yᵷX$/$0UE$xsRWOQk'#D$n9Va9#71{Z>.3T߃ڸ%K7ŸY>(W:Q]V&!1 z w,m?.6ᘍQ#}Yg+/ƿt0z4ۭµh.S@[hז1gz-q[,>b2 0j+/}m}sv1;W:*?ր=w$Ŀ M\/$:D=qhλk7Eۍ=밯jEEY!T*ÖZ~6CyRmImTnܫxRp% ͹E<-uCm'V_˸g)`q^^?J q@EW4<[Xii;QA,p98uI/kݦ3m%'ٷd2A_.|Y.]Wa3[\s04C ':((((((((((((((˹&eǣꖖo4Pʻ3IJgByᵷX$/$0UE$xs\~kVo%;'ex1lrTcul7Jz0l`Eg1ž4 KtB-{#j瑹g@qFy e/xLΥwӮbbDg܎2N3>#Z-vRX,z xtzt֭<+qdbB0JT2yǂmm常` $0I19tnm[Ѽ#I{iEuu e202NFAn"3E%a\NЊ +J}3L6EtQ'$$hN? IM} 4`A.FHٓI-滂;g2Tt?? -kϷ_=@" =G8*~[F<2el CcC|%}M:{CT=qDϠ`N5!}ST"F*+-7Sj<xN[=j&F)$,I W|V}lXoV0 Uwt*A93g'dQQJ q]炼FK绚 n՘1U\ A֏ +M𾳮S>qԪ6l&3!OA@xIu_Ht/x҉+մuKi y-h ԩ# o GÖkkc$:@gxW_Ļv1;e2s*8bRe=k+]w2V7ַcΖp<*8`09 åu G3ȹU,1f#j-I+w*.qï 760Nh?i/ncYlz%g^UIj/$:DVں^IiѦ[fuf UWjv3s"6m"ě"} :sc)X>϶RwB{}Hᾛ6;ť۴k=m!!C<('dM:+ux$Uce,(]6A`*x[v~妇a$Z.w;9{P>ŶfWu[A+qBIՐ©: g~;u[+U5#q<`(8Wqۯwg GT nTg|V}lXoV0 Uwt*A9=ÞF6" ƀnvIU=N; .dɠHA#4:גNPѭ,v-n'4mUg4RW%\fOZ(+MOw \-µ`;0緥p~!n+|A-sƫ/Ínow}ѱv1W{Pa^?J q]'~h>vg6 p O; }/P%nh_/=G*Ox[v~妇a$Z.w;9{W¿W_\i:7r|#Kc$IF?2$@gt/ E?vs"r!Ac=N2sz'4ox)d5arU>om°Urͳh5$QEPEPEPEPEPEPEPEPEPEPEPEPEPEPEy_F|'cS}^Kvi!GRۢT'r=~6OAv ѵ3}#Lp@:q=q_G}a鲬7nYd2J]QEWZ7}.]Btxf1#mS8n@}k((((6sayku2n#r0!G# b5 B{ Iy$Fp gg(k'ĉtæi[I]Z C1*UToy@yEy_/Y|YS}";uhDPۥW#j GnQEq<[7<yZe.<uIGH]JlFP$rT8Ȑup>=}wt;<˫>ihROJآ(ŗyg&O&^@3 ]|-8umZd7mp@ihw|WMa-$!I!]KmAۜdg(((((((((((((((7_[2uy'kk<>vnXrp]$~Co,I;X3>܀dEs_ "h%$E [pAj iw6L|KX32A= @]/Ti|M/[n`w˄#n<8v>%xQ~ ZھE*gQFR~-Ip 뺕Ư ~YRf}u!pPvT'%d\:|5w.'.z12+HX|梖$ 994~DmZ6I0y$ v.p='/ƳMG!F"D$#=¨ўKV*Y?)jx}5Bk!,T to?a~m_rڢo#)?\~V$H<|Y`Zç {WrxzG#"@>j)b@Ó@_K9&EɾCo7Jj:Gs|2n\k>Tѿ{b/BO3*a s֧>?k7-[&LDYc#$O{mG=ϲ0LE%)ۗu*%O65KN(]Th"VoMmӠ`CHڭUnpO |_ }RWT6˿$ w{?f{iqxgk_3rYU68'< ׍h"zs;F  ILᏇb UdDA,ꟳ$kRԴ[t{clp2 A< szG R&_d3y*]^+uQ  iVW\8ɉӓ2XeOxC᮹ 7:~Y +n9䝤ǜ|3^kh=ݺVq2e%Uom$gW'@^ៈ$&{v Dwiz>c޹pF2YB&ClCj%2A+$ AsUռ5 I++ >#Wx@4}F=F;*ʲ;Hc'=h(CaQn++CaQn+(ώ^}vb6s}8+e_ɣKKylcbn$Pk?\ QEC²訫+g'dQWPmCۿG]?xkV)k$](<RAEP?'%Uj !пJ$O^?qچ'~r6c9뎍2QEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEQEq0/%~!ƭ_;^F?獶p]Pxa-7Q Q{Hpvg}Ǘݿw?m{۝cKv6ʲ8{0 Aآ!е{keXTFHlr bk"-R5AҳVBN܌ײQ@ܾ })$K(mXvkN G^a|G41?e-H<(ߩ (=5Pg 2B88㟄_5kv-/w :R8!@Ex)Mb_jZc˯W׆ ySӷQ6fmagkkC n'j(FO'b+5k0~8Դ(bkkP]1vȣ$0?s]v>Nm=﹒wFN\,NOTyrLէծ߾|.3c u=+b+0xb k. Rŭp&)w- DHXVń*4Jn #+OÏk#>!M6Y@$TzPݭ: ;[wK` 3+49KK3fU'$=zExjvrYNndgIAS> '4MGLN57vHhG#(>/Wlw#9ێCB?<=i>wHݻw@8ɭ (߄$N_Y:67a#F?ǜP` v>$,㳰Zǝ p| O^Eg͟;^ZDҾW$Iyqg[L ʛVS X+(((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((PKm`ffPK`UI OEBPS/toc.htm6? Table of Contents

Contents

List of Tables

Preface

1 Introduction to Oracle Database Security

2 Securing the Database Installation and Configuration

3 Securing Oracle Database User Accounts

4 Managing User Privileges

5 Securing the Network

6 Securing Data

7 Auditing Database Activity

Index

PKdfDLV,μd܌t||\Ҽ[L@ q]WXf84FMS҂m\[C5@,dJ)DBͱK Ъwbq=XD]vn6Ƚ u]G٥SmZm.ԂW}X4yrGT#⛧S\R0:{42-|sYf7n:۪)8o>LpܣxL >ț;:rN:]T7NuT#JJ.}6 `u}0*Xn& ݌+&6蟽H X xl#\P&;}Hbxbħ=:Rm5$*F,Ѱ5ц` cp(''M)ئ41>0s#!F1"#4 %}d]Ȇ rt!FJd&.T%1?qm% d>R2Q<$a¡VRC+gI@̥.wXt/OIb)3\f3Y3LhD̦69Mk girKȼ9v%`p4y̧>Oճ @HMBІ D'jIEpF7ю") HTPUt(MJ% ҕ=*hTִG75?s#0 PSSԨSlT:SȪ=QQu` +@jԯ2ɬWuX*UyFoMVU(kͫ^DV.{Mi[jWڴFU=,b,55,\+Z|%,Psٲn>mf+kخ*Ut,f:.֯g+ի-iWi-aq[v8 mAZ泵=p;ٹvEqZٝnxI]U.A-%j6UkNk+6/okXjM\;^wYM.~{^ o La׿Vpy>lmda. WavXus+bpdJYةmLQYNkZYL't,{Y]v\-3dNj,)uHTՍr5j@ Pz^ӯZG%@Z 6=&iS{fOhp@mĊ XMox~\ZmlG] @Jo0.aw'<̻gG(g ` `n/o8S{9m*c @ dXZqu;]19σfSx#).x V`D`aNq]YvկNw}\D`,8AЀ+1wxw~^Qw J``kc:_]9MN 쥐^z3꾇KVȿMi=M }=?ۑ9ѥy='W { `@h;\wQ?~Sg& ֹk ,|VV~ɧ}րwN8xuixwhҁ}#8,Wi%8u"Th0y5X;$6x0i5> < @QFH C HфN K PQVȄ48 !  !@ XQfh S ll 0 hQv( k 0p6 )h  iA.Ah3 { !y7`X X; h y"Px xHHX!)،dg{ (Ш88܈`X Xpvhè>Q؏8 ((؀X;؏X v7x iٍ()' H{'@p/yy,?I1ɇ78pPEAْSy3Gɇ~ДN&&ACÖki`(шx[Y p {iz9җPZ3҃rI & S ,q+Xdrɚ=7v%Y&Y씛%ym2kF6in 6oG)wyXF懺nF}ǀXs3' FާooYԞp7D1'x}zY>yᇠSd!W GǠ4w szMyبt7n|@j|w| $:iW} xI-:j/gwJ@whvt7Qx #4zy|zN{)rcJ2 Z4J{59xǟovtfZhڡXg4:|^*}ٟtjWsXjuF:~j<*qx J6)Y)~`%YꪹTaNjNڢ:ź;.ҪPm֚6pyڪٺ޺⚆:zꪃЮ:Zz;PK+ܡPK`UIOEBPS/img/ols_auth_user.gif |GIF87aR|z|<><4fddfl42<\ZdDJL|ztv||~4:D܄<>Dlnt̼djttr||̤,@pH,Ȥrl:ШtJZجv xxL.zn|Nd!~szckǁnݳlx`_hd (}a&gFខ Jp!w^1Ԙ]z;~ Q<?Sr:Af^ĕ'7ʴEƓ'УKNسkνËOwsC43/~1OgHr~%ES!^ hGRa*te`5~@ƅ688؆`x,/&CxcDBq=d#L P #EyWx.j,6)z*'uz˜Z)6W鴝8rg[ʧxuݢCv!,v~ohz8n;+߮;9).<&o$|(/#?/}2Oo_o=/3ݏo埯~W>/~~Ͽ(@; Jt# Rx2Aq m'& ShP>.|{b(Cаʹ!Q\@ H"q_0j@8PlR"0F`*zRtȇz +~yE:JюQx3r2cG(`|Lw C#Y'* "u<򉓴c(h d?E DQBѕ)OTbTd+_XJAV;AD/\9 E:RSg&Ŗ A HMJR؄"LM X<'g-6y>' `g(s"D'JъZC:L HGJҒhҖt<)К8\`JԢU:MjMySLTT`ũZLmj*~ F.^5bXU^DXsƵf5J(GcFҭ_#^ ׸ @" ̽F񐆕j_/6̦.љWR֤/X.֬b'!^^laX&Z qiWHLm,q VmlHjFV]&,iV-NF]-so܂ҝ_T*J5ndtN)ucj](+nCYjV&M>c=Gx~"?LŀRvhhP^ n؉MWbZ`$/ F8αO 8i4_c HNS俞\r;){3-˝Ч LK0sB́ )͜ 3 gJ9\l:`3]= FDΉIJG9 F٥M6/Ζi%MCa{>uMM7jZ:էvu38:#Kչl"%4kd/[N6GSUn kB>6[lZvnC~3ke6mxrml\ہfu5Ml}?\nMqO5oO\t9DZgۼѽ9EqI:ss_ ̑ab;4§N[~N9ַo Pa+f@c_eȜ%GpNxϻ.wp{nW}? skW[~:G<_{9q9?ϛ^[>]=v!ƻ9pa׶k:N)_7'W2 q/?ow?Y>hO}k_}OgocK x~g۷•x׀GWWw{ǀ`wxxgΗ7 z"zW /*H},ȁ؁1X3HR嗃K}0H|(}3%}T[؂XWGWzbdXH_fx/ֆpRratv~8XxHK8Xxv/tboExx,_XVGXxUB8VhBW'yD䊻Yd @xf`^D8`ָSWXHE(EF@UǕYLȕ8B8N45^͵^ΕLExBHD`X^ŐۥM(]4p ] A9iE\^Y'7IE\Ց_=$i5iHN˕^ȴ@98E@4 G9E4_uY3YfyN0g)EayKbPh؋AXɘ>6Y);ap9${w8١M~tQvyٚ99Q): :90Ĺyٜ9YX;PKY PK`UIOEBPS/img/login.gif GIF87aڴlrL<>dfDLV,μd䌒t||\Ҽy IPΣEL*Q3zQ'ѢUA]y+@F*٩DE*6(϶P -ڭirwXRJ* Tά"\É }xdr1˹[k!7vY4S[|f[S5Mθ qoڛ)^)t.#gxIz'{|)8j衭܉袄*}: tJJMZDj6z J꩸^( J؊ KS( HK9pm8~+ڎkn垫n+kJ°n.B0 lK -B* zqŰlJƠzq+"SS@ )q/%Jˤ)縲.0r9 s(Rg?)EO/OfMuv66Ny㺛^X k{8}Зzc94{{}Ie?.|:l#]W :@Zp2Aoq&H(`5@ ^޲p0b=2D4C||#(tX"OĮ.{S :qx(;[tc]7G&UIDǺokfd#iHE q룞򈸷Q}r>d()R򔃢dJn; )Z"Җ!o\Jq7Hl#e:T/DώdI073q3(Љ"r'ɹɩޱ'@w%ETA%s4I =C$ âWu#CkYZUH]]mk)6Y v=(Lҩ !|EKxڔf-]Mue$ްiZ(BH-Z!D:N1$h;yz 6=+l93{<, [=Ii :AM%Dϓ#G u9;]ok3^Quܜk[z$ne[oFy2*nsӻaoax2A%/0,ÛU1bpma5A/(%7‹qdl 恒}&ˈ2\ `8 t3CjӝπGeP4*tڳ5D דCDSzҗ6:N{Ӡ;ML#.PWVհV P3SJw@hP^ H-A@6m`nt@hK 8@ m? n nP;ڂF@r HnU=0zO5o;\~uea郓#vx|ⱨš|z߸!rUo`Ƚrd<5j d3*mB|ι[ =M@}ri'@x:ԙF(&@PNx; PkGI O'@JsQz<3%ɓJ/i3)s~< 02ǹzkOLr`1Ƭ hn7 ̭ ,8rls>2I<)uR'Ld##mrjouX0oWMx%gC l? HKxހs6,x6}r97߽vؚ|9wW[-pOuM 5㸧Bzm8ۨ':Я ݪ'?YPOw ǭ^WÜhlﰳ[_gб_ új_W>u{K 8NPI,mȤ'͏ef ,`D~\a|<1 T1\@TJЧ:uG$: 0@H IBL"V(򑐌$#70@Nz (GIRL*QWhr,gVZRʥ.w^ 0Ibj".f:Ќ4IjZ22c!Elz"IrL:v9I<'>MΕ @&M( ^E7T$%YU*Q#)R ppHV 0 =G;ʣ0iIOR-}iL QWKg)dVJeNg0XA t锜z)FQSGUUva*5ڊnOgW45zJkLbh^**,֭bmbXd+)*6(`խ0X,fXbv\-mgYfJte]msQ]M u%zӋh-TI~ [Җ%] ΨJfoѸV7%nc)wJ]rt.tU y*]1Kۮ[`*=mFU 'LEF? !78, V nuFJ7֔5yĪ 'A"[eq]\\*}Ul'?YK=odVʘAbhNW*eoFW/K%IOVoA Hupn`8-*m[0xi gZI? ĩv U[t &]V5t(gl-= 0Wic)̆hwdٛ 9ydf+\RZ q-d!Z74]Tݭ~7,`݂Ϛo6\Uⶍ^iԡuߎFZdzEE7UM)I7wr%^gJ89 _.~ ~31}+{tlk[Sߙgh;auˆn-pwu ށOq%u՛.+aRg/bZ~!oqwrZ~~m^^:To`Gny*-g/,֯joަ~/sƧvAKW~%S]#|{>TjX<}O8>|3D>tJ%=11qKov}wy7 bzdWsPvzz[zYzGt@{S=r8t=Cx3x'Hu}ŧ`km+m2r<v#;IaUb}jfoAho6xnpL Y xR0|08ix!gq¦cw67ydrWbyty#{0pVwX(W88g:%Wft@lc{lLY?5#mnpQpc%s}Vw4;]|9s26VvʥMoHHpTw'WS({`HqR$jG|yjX{cH%n(x}({R-Ћȇ:7Xz>zgЈf%(e?idF<s*mf]@tS%%t1$|&?H%|;lїbn#@;(?؊ggX8~7W ~zS( i%9qXeͨqScxw !H{HsN\Bj7`D(K4>$GWaA9m(&poGo6Fly xbE8 B|YT9E[^˨qDž?džk{wIov y}s(XVƁ_%ZTrETҚi&5j IE)@DYٙEi\ƹ$QeF(uD%pFYjr 0~b@c9Ջ|ٟkY:4ZH`cYP 6\$YĠ ڝ9U%DK*,:K %)ڢԡ =S?T 2JJ/Jz7*S У$*M&MDR%r5TpN X OdZfzh*lڦYyj:tZvzx&OYt}L⧂ZA!ʨꥪK! j*jZ!کTJ Dꨲ LZLڪš!z Lڬ*!ZrĭZ Kʪ 㚮ߚ8 -A ʮqRگj1R"¯:[Rd[1 ki! ˮ%!˲ʱz35+)!'ۨ:?۲:"766;A<d*j MV \!=!Z{emE `7۰o l iTź*f+ Kw{ KQQn۸Jkv봔ۮڷ+ U[R˧;kq{[뺐;뷺;F ȫ+ѫ k˻+Q;؛Gƽ훯[C[Ћ + { cK LʰʹR" B,J$# $ꧮ >]D:eR(@RbeB'1iqaVXU^ekʮԞ(^>noXܞŎN$QU뢮nq_I_`!D`R?RbB{ (^ O5\ /ގYB02^ h: 40y$C")̧HأbX1/[0ćŽL-BukmMY;v0РYҞ:m6u74Tō#Wn@Fׄo@ź};lLD@BHqPs+e vs|?D̔+X̾l/9O :tX|MV )P=8>H'Ш]Pn%]jDR0DB>/I}e.XQp0!ɩY4=olw?N:_jԇ~lVmᷝ~xpg\#ȱ&cs@5^չgHvDzHDJXqY,B(E@{("6r;e&Jӟ.E>If^\ Ơm)GڒL%0!r\Z[j.2f_@HIX(QuCޏ@v|0NTIa<;<9h&WvVPғ&l:YH{ess:r>!yG0;h)=KJ^dؾꨥꖻb-b+?hn+?$tg,&CC?@m)Vk`%.ڀ^CL~0s+DR[/>Ɣ^rΰ[CAAg5g&LqN?n"V_([0LیؕIM[J  8v@ @`qg+9\ Zb_rM+}(wܭxs{3~ rCMn8\yᝇ@袏Nz馟zꪯz뮿{&{ߎTJx|7bK|_9gNlyO݃O><׏>ž?1lp,*p lJp/ jp?p$, @b++J -CP?/T tCpءǑP<,1hJ b6D Riq\bZ/q#g3ɢ߈<62<Ɍz ,Mpd )xH#&qlpmokGC"lt!YIat)Jd20$%-07s(WY!V+vG;Rr=%5#0Lib*\d!1YDϋf#ωN37/co '<1VN3b () /SNh%_s'@=+u#k$1@J/4%%AM a ũNT#R:Ep)]P*# XC Ip I!!EpҁT+M׆D/h5L @ v|SJӨD*죒tݴCTFvJэoxChVyYs["X AU%hi'լX-c|Duc (EʽcM3(!W.Rk̎#Agicڴ6[gھtDF`@=; $Xu * u\%1UUUc (yQ)w/]k\ڊ D+}y 4qJ[c4)?b!8]j6ũ!3yJTR`1c{ᐢxD/BE\8Gy{㮓@h@[8me&[]s >R% #'wJ]ai}f6YrekqD<9y̒(;g9l^ ?fΠBtR; ]X;ǻamE/zAZeYy:o ƈRf㶊AX"w%qͽGs [m2-MѮe~9Ӎu;}j.HQ"dps[nzQAqBky}4v= zոWuߨpҒ=i4UJ` qh%7se㜖0<0s2ʼnڨ:oktPBWrSbSٰ-~sIubŮp~=q;І.$h$Zu@>m)ħWtc\N-<#*;^z8^g8|s'Wt8jpL#F7v눿0CPy}{vVNvؒTg(wB(Hhȁ@Sؓ??%hs3糂ӂ*)x%789Ȃ:X/>>=@0B>5sDŽM;Qx:#CU8;FXX(hƇ87cof9Z3fÂHhjaX=cHihtIIl7JhX)j1^6yhbpr"t(>nx!IKKL[A!f6kEȈl#J|8xKٴM%Ċ_5)5?X91FQQ4H+g?`8-P2ReOOBhȍzZ36V55s\4eS80(Sq=fs"rr2dyd)Vu$^QqUސU0UhY渑[bE0/7C}H2p46A a{_mn릐+r'6I9vlBAa-Y4gIӍ˸q5g)4FҒ'eV53߳&%GqҵiJ oW$%rkn]]]֑и^Sm(ԎPZyӋ q ):Buwg-v`oiviɵdn GP~Wv_XFb!cCc! rFmIEkְc+TH)Yua@4LYȑBfUYwYv*toj9)%صkscM#ahikf:vaQlRxHP m+"^Wy"\jj=y q y& !o 4ڔp@l R7,Wڑ QI-FF <#K9b!7&rdXErBr韠o1o6) p﹎Vɛs'',24Y)i`q#7r)5`"Kde(HFr #*1wuY7iO9 !Lȡ:t7{ ʢt23pEU%.850/G&Rpv/*@wȫ,I[(yAXksWM|[X1DYYlsk/)9J!G|}s ede^x {Uܷv[Ey7R[ʖ%Ym̻Ug̑H]T eVbaGAqq0mUyootW`ѕnqG>{WTn>GS^we5noq.sNun'4}<~L+O \/X苞]{{6N:LS>F^AK8\D꼈֒N "+Bq>$;Jjyc}8I?:J)K޲ w`S"X[Cd!sE+  Vr%5LF҄i֮eSW%ϗ2*xoիrtbA[-)2FvRa:wRֲY*si, hYktp? 6A[ᆎΜN% ^NMXi ]AsbVuRH(z # \[L,l76m O^.9gHMI_st "w| ə>Rs]+z47/֮YyR%F`TAo"~V{Zx䙇Q3eKu"fESQ i!"q*7rnr ?1AÃFHUiqL2aQ^Pz0y %+$nIS3xd^cX@I th>m$LXu UL@RvY MVjicJ])F̒{Hރ:i0Ѐ4Z'ɪrƩ.ڬ~+-?N+X"bᱡk-V"*XvT+k^,K G,1?lZƧr K?K%&)r/Y l8lKycu98g M,褗No {웋K:3yfg.n"&Hif6gϔ1`6 ?r/n`ǟ ;`h0Ѡ҇}\zJ`HA񯃸P d`">/o~,' t[ <` `BD^(ApL`N>Ѽs(B"DF~s2Yr?1alI{`NhOڧ&rG{l&=fwYރSwd7=fYxYlAg7ϼ{~^B/z]E|Ny cтum[bp%{ h+=2k9_ (KDt,EӾ}/! /#?Rwa,7e؇3GxgTFBFFt~׀--{xmztb'x" ?xFE('%-*(Xq7x1Z!Q$HD$G22Zf`HׁMXIgcI%n`1JdJF1"Vh͢Ouh[e |iFX,\g\iwpđh]HeH!UJTI Fɮe5ƴpŴJ¹PV\( C8dY`%Px3]55Lu)"S]gd^yҦ'LŸ,__<5gcd︽ܻG+{ ɧQVydǾ{qjIb[. *v/${Ƕ;cH:`cfګyBd)z|Nf~j# klܼP ·d*)5kvJ)̅IĠzZCLpئ5Η{ӌT9 V0l{ßv\< V Wլ"N+qk#|=c+<Jl`lXBFюh/*FXܼ Qmӻ-RәFQ=hgx]m)=rP}R-9UJpX+S:ӬvҚI-AU{N,p#=("[ :z;ةٹc yʀt}]څGͿQW ڷ3ۯoh:ۼ۾6JmMCܓzŭ ]}׍'ݨ-,,~w0zުޞު #7 }]pl =8*y3vg9|WZ>+˳^Jߘ'^c]yz 9K~&++nyߏן'5NH:@{1'/NE(S艭 6  H h8Υ¿~圽8܍~!Q,(HL~ΒiXӎ: yX-7}R(5ãb`xф E GlQnoZ^Y.-ų?|]r]+^tLa~-i(ȏ.or3')o+ouYX\~i=A_yeyv*(f h,/ΐ̒7Y*-)_Fr͢ab]VhIQGa?刯-{o Y BiaOu-WȠ_s~Bk977M%:l/w]}a [N6T>BՉB6ͯɤ矯JH_߲o 8HXhxXp`p)9ȈH9JZjZj x +Ki j{ˋX,<{pI l< -L]],]ʪ- jp/?O_o.Oz\ L0"TVxjFZ;zR\ȑ$˕$Y|%Lq.rΝ;q'QBN*ѥ27TZ5֭\z 6رd˚=6ڵlۺ} 7ܹtڽkoA;/ l85Ċq1nl2ɐ+l9ec9dGFTt`՞Rr2ћu6`0P^x|}9dƇ__:އ8hC *A8 ~A`u("am 9) D b-rbvg6.h^mcZIdrÉ+X#y0\%jЃ?mgȩ'ibp #Tߞivʉy.ʩ0}J? K$Cة*%!@_p&*Kl50 C0LJiuiD40 JdA@-h ނ+.檺vk.h %{  }9b *Z-V[f7%Ik2e ?;F`(̫, ѬmPC R-lzY "[r( ˞p5E4rn3kIG=(ٍ4} Ђ4ҁ?]X=ƕnDZ D0nzsbv'ӽ6jk>4s ?o(JKl ~,b2H7>_z| Hmw9t 7QNk?vpʹùnxL,a8٢BN|x^}ҧ>CPo _7z}>X } $෻opKZ s?-@>@p ioAmfqK'"mIè:L N=j4@O"^'9:Q!q8'rC4U5(WMa!)}J hE"< TTOC#n*5M1o&2h b"{ht$$= IJQ5a%:CO'3Jti?ZЉu ]ECul*X4fD;Mj_״ Xp{ P0kjM&]d:<ִ8$H C# { oY(0k|w/Y[|Ѐ6|.u|4o|j}3xkPb1Jp 4 "LXyͶi+XBm7nрb`aenVpoPb5n'HNS4;>h 2B-qu %'gЈZ'G ,s}X,P &(VPp@H P c[Vc9iVf8i&J`hf^d6 PvXfoeN!`xmlXw4h { P5S5U)lIFoxctȈ@Y<O h1TSxI 8 {&ȅeg9imϖo&!ok pɒ (b?ƌAffKhg7i7(%T,cHB>EPc5i5hmd8y*UqeIgɄ#ȖeЖx BKU"WY5Rc9 g)o9eo혎%ْkm]ijƘ+m-iV ibHV;Ym蒔y4#0 3BtiBB4i88!^ق%)gb,QgXHɖ@ hHɔ؍`-<9 y ٞr)fkși6V>i˩9mqx0cf ig,ho9 H;ÍcEPzI? BYE{Y-)5^T)Zf80jiٝ I,8%:*z, .:<`T*Pc)kɒhihb%Fl)dd1 zof𶓋?IXx9?"ZKʇBN?-EѦk.h0%19 pKiA*0 ?GوBBwWZɊيl+9hʂɜ#bjvɚn*3 J֧eښ֧q* Bz4N{yE:H) *,t؊I( iyت X(?ZTX ZC pnn(I_XfV錻8 v'z3- 8IEmZHU T;XkJ[H^4`곾ȧ&mٝYX" k+**D걣ȱY۱xPp  ] {`wֳ=3ʴ`靲JDyʔS,Ej 4K&OKA0aIH;ש֩qDxw{?K$ګ髃tKإ@qꋾb;@ثniq[$ FK1k3 'r; &<\  N,tKT !l%唽 1,3̽AQs9;=|sA>,1',ңpPP eCElĤ E< %xðtYa,cLM`_\d|Sw&RR.yi`n|G"sR-ո|ȠWlL%Gȕ aL{ S,ʣLʥlʠ'xeʫ,Fap ˱,˳L˪1˹˻˺p˘0<LlO|<̌ ,d̅,0ͧQ̈́pl\̠ L΂΅0 mÐ l ]ж@ѻЉ  ҵ т0ς+M01-MӃ)-/];M}0M1-4E >Q-302DD;<M= LGceKhmq=yR%qgևցEmC MoC ؃ד Ԃ׍-{ٛ}$}mdmؑ؉hm7 G=И=ح]ِMb]cٻQ՟ j-تm_MMs۱-ٮܓrܯ}ۗ=ݽ iMZݗ] ҽ԰m]m-]]ԦA5M sތMg=Mҍსxۛ!!V")N$$T& .1.3n7~5; =A?.EnRM}K JSNѬP.^0^]~Hޭ \~nPĀ^缍 ڌ g°q.z t~x?.]P3ޏ8w=>^#MYѭƝӷMm֟ޡ/^۹='鳮nmD>ڋ^^MMڹڶn~ӌޭMŎ~6Ǎ>> ٘ ~.׳L^m.k~ڛ^=tؘ9خ2:r޷j|G/\ȎMDlnt̼djttr||̤ܼdd,1@@pH,Ȥrl:ШtJZجvzxL.zn|N~BpʞƜ.//.ڄt0ɝ0ߢ1/t X8DA6B(Bǯ㵊 "ƌLbtHJ,[z0#=p$]4ajП"҃L̩7Vk=]zV]:QAfaJIjٽ0/]|7p:b/>8Ñ^WYl˝XnZsOB[h(UaVCر)&6ԾZem{zv&8+797 ߇Oӫ_=0?|>m®S{'^h |%ȠQ+MXw=蝃v!}(.aNRa`xtǢ.܀H[u3bЖkEŢH@czLVRF])52ډ%'SiQ%'g8jnfdMg~zRy|bg5(d|M:agU YbRc*_iXzNfh~tk]Xo~/ _x/{S+6·69D*jv b Fqu,ulE4~]#m'1Kl^)GAe$eI r|!HRQc+2a ikiBOњ4DH=ґG"-8qNu"sE)ST&;9͡S2G8}u&xIlm%;1<ꧢ5 D5ɎzHGJR(MJWҖ0iAU&ӎfBkNwSol@ P5Ԣ)RԦΩPT 4 V*VIΫX:ְfMU˺VUZek\:Wxk^׾r,]kv-,b5eldWVV,a'vv fөmRSֲpl-nw[H鶷 n~+78=r2sKdͮvRzV.xKޤv+Dzj}AZҡ~淙{UKVu$C`vdZ[¼=pH>Lvq&((ƭ!9Niww d,a JβScOF|c/kQmbc)77<GZC^4>c=R7zɑmA םwL0Ývsqo/f{#w(wo:mu`;NxC>d1[]z‹63O>?qEpޠi%t^Ş}2LC?t~;.D`tjГГ05EɔFДJ s1O)V NYP)V3MPrdGɖWmPZBjysu`FbvɔlYRY2*ٗny( Жid{z阉e>~ɘ镣i 0הmzy>љ9)I\)霫~@ɗIFI9ni ٜٞYYU)i)ٝ9dٟ 6빜ʚ٠xIpy92ɡ)z=I١ 1)I♗j]ɡ( ɗɤ,*:i~8U X[ɝiX[z f *THk]m j,9v楧|:\uڧx ڹ3Z9]9eꨌz/ %zi8<е*W*Y!!Cʪ9jRt Yrzd:ڣ\z ک.:w]zS ykJkכu Ajjzʺؚ)%*BZu*꠽j :Je꬐YTjCi9[/e'+]  ;I&{{*#). "2K4[z8k:ڳ>[@:DۧF{zJkL۴kP{R;ZUŵ`۵ab[d{5ikko˶q^۶v;w[xz۷p[6jk-;U{?۸5;-Y%[y ٺ9^T)٩)\i`^Zۺ[ڝRJ ɯB 9U+; ϻy9ھʬ#jMbzz#>ڡ+[|* ܼz 9-J4*jJ!d:%L7Jl IkjYi:)9:.,9D*Å5 ʠ˼@L{=K9<< M;÷pɞ O*("Fjlıơd j\){ :ȋeȻɯjƙ|,Tf̬E ӪһGL\ %Y˒*<3 ɨ̂0t\{"̼j]hlڌyHq5=Ԧ'u{h sLU |)Zack`b=d]f}hjM SnM`ptv}Kz|Q׀M=W[؆]sr، ْ]]]ѵ؎]hLJٖv-,]*^eWr-k Mʤq)Dý}Ҫ?Ϲ +ǂ N@Cza ׍ ȯ<ʫ˽i} ߃mͽ̺}̓7 +w|߱qܪ]^ v^jgъᷝ&>Yjc]aںZ_Iv\+.OuJ ~Iܰ^|6흤i'\ͮϝK=^ ܫ`>[kI 9,OΠ-έcN?N+ո|ވ>Mr_ܘ]a5N>ςi[껥eYlEL賺9zp܎>N*윽ꄼΰ .[݋ݿݯ]j>yPLZ_|젉F=2NY:0%kELk^憎'ݱ. m}JHM.\%m >z>>PN/Z!.c5Bn |g#)lH/.r0=$/\,Llo$ VZkNϙl^/䖎vv0>r㝰vƽ軍fK Ǯ\#N۞ğcoi[:?,SfT_KuTEg&S;S6k?Tҟܿ- `:x?[Va 3FӐє6FFaEhO{@!!PD&ǢNUn]eVmic/O&t鈩ɰ101I2Rr3Ss3.PʱѴPpT4UQtճ7Ww1)vV)UYU;[{{*l:6֜yQ?_?[|\2ұ+'5x5tbD3HO*=#UF@1xeJ+Y±oѠvk0`;? 9yhPC:|igQK6uZIVzkzR=QlXc!q#mZkٶun\sֵ{o^{p` 6|qbŋ/bldɓ)Wrf͛9wFshѣIg]ujիfvl\϶}wnNux7^|q˙Nzt镟O~;ٹwrɗ'?|z˯g?R׷{7?Sm(<, jAL@(" 9 xU0Rſb\-K31񑀽jTkFq<㪑 zqÔ\K J'ӑ42+21\..j2-3Ԓ?KN<̳$s2,2DP#r4dA7SFEt,m4=;,CՔ$PSAs@EGUN/}QToWJJQMU\aS2 =USLV/bdUTiU0YCd35J4}WVX3\uU[Os\yѥW-W%L[wz˭DtMSmwCt_[M{EU ف*A?yudyU<o㘋 6qnKy15Xe^8/|]?1~7]VU05{7Ku-֯6:≹~/yo4\gzjA49T[n@Ӝ/<-OAT=A-;]+u.? 0w`_ޭ's襟ꭿߞ߾?_}oyɠߟ{'@p~@>$8AUЂ ~!DAτ'<9@ Bφ7 ~zt G!2ܞ$0z1{c <3T E R9G64kImuUC6򌔜$"YHTl S!kEE 'qHR+x,\Ҕ%,SLSr$Jlz* rZQ|2y/ql+Ly^ĤiI4ڽsR1l ;9̀R4)KVtu7) gB G*t)DCMhԥ\iENfԞ}h$wF%PyxRFe!GIf"OhVT}IlD-PMJ*/DOFamkVl*н5:J~ObLŢgNc)B6VkdYr<}g#Ҟ*ljYZֵۘ-X`;[VnyKo[\⃸Ur\>pnt[]ML׺nYt]~7x }Lw^x;_jot_*pp<`㶶8ykژx欃E _Wt9=Mwo5}iR:ƦFiVZwu\=k[VZHh^ygw`W xc5c{,4f7'j R6Ÿ}1cVw^moc.qk;$5mei7a}erln܃Z [O9MmpCaKWx5hWR6*c/*\J'-[+J!^\Gy\t_fwـ/ i9jsܰeFs -kz&1ʋݶO[nde, dKK9E-!NCTd2XߝlkcalUE3#^3eBS{A~Ҧ_}cl̟;&1Ʃ=[=Ǽ{kw{.bg Pv F > s1(t՘M7*kBHPL>,D^T PC?3('h0mjKd vz҂'p4kJ ) IjP + #IP  Hbꝶlʗ,j8. I'qn>Q G  !B1apqhSZ^iA'QWP fgѪJ qv M q"eq Q 11! O Q OR$("+"/2! #L;$Kr R9R%[BX%crV`R&krnh&sxpR'{x'2R(2(R)r(j)R*R*R+2+2R,,ӲR-2- R.r .rRĶ@R0 0S1h 0L/s/ xB 2%3.)3$l#6i67u77)':s83-9Q:S3:})MR;;$:3S3Cl3poIF*tC5A! DQCD#^RV.3Cfa-*.BuJZFGfmtD s.j.vN]DTHn@LI+nBX.ݘTtDDT-&NJp&h/Z4ZJ#LTd6PG.nN.tITjFH7Q.TfRTE]T[CF餯nPUaXnuNObEITK[UINVStX#KxXYtEX1URB&YWoNOOPRMص\^^5u\mSrM_aH+F_ܕ`uXbnRTUU鎵Ԏ_6`oNTWKU|ee)vGwN Biuoq62aN{YצVVLg斶\wft8qХ[Z-WP%]fM 6lVl6-<lϭm/VmV]DQksy-v6?wvE? WqW7r:rGr'w|B4rjsr;ְ@>ttOwWT\ל`Xwt!G oe7xhI |x Sw|bIwKJyÇysY'wWzG{pzSzʪT hocz|1{巒$BQ~|i~%1=ʙ ~P]I#APxq xi)7 7?=W=s+xb a ӐHQxAEx8 gp)|wqx{Iw$jQtׅ_juimisvu1rxRK ɑ}󰁡Xё} Ȍ7lqG wA*荧uyyw]7|QKs1;1;vMt?9òs媕%KqkٖfUwS9OHI+9 yrYא!YڠY Dy|u فyXYx({YX9Ʒ7Ǜc{鹞y/K#8W0W٭XA2 ~m _8p8XC|{)1ѥ٘ق e{1Gx꣫s{ؚhبG0wz=ɞK0:ا7::Z:z z i_=*Ǒ(U؄zgצ[xoqXiO5xE{#ۈ/YI+RŃc m{rXىpf>{;@n[T;";~xY G'ʻ۵ћr՛rBػrD'F[Ga??ɾ{d-;ى5h{{{QzZ'5|ƻy 9reڡC֟;?uׇތW=O_;1_{!($ʥ88QI6El9al>pt 5n?}^1u $*.26:>BFJNRVZ^bfjnrJu6͕Ꝧʲ" Z!37GKOR[_Sosw{'B3+cꪻۖi (P <=~BH//b̨q#ǎ? )r$ɒ&OLr%˖._Œ)s&͒o鐢Ξ> *t(ѢF"3)ӦNB*u*ժXͪu+׮^ iزfϢMvZl+w.ݺͫw/߾~+x0†sjx1ƎC,y2ʖ/cάy3Ξ?-z4ҦONz5M;PKqPz=.8.PK`UIOEBPS/img/ols_delete.gif2$GIF87a M4fdddfdf4d줺\$VlԼt2ddlΜ$$ʔ쬾̤Ҝ,$$$LLD<<4ޤTTT~|z|<><|dfl42<\ZdDJL|ztv||~4:D܄<>DlntdjtLbtr||, Mκ)H`A}*\p FDxJ-(1\IRÉJ^'wj S_N/ylrN1fɧP:V"ΙX#b skם7"u2+Kc%2Zhz= USx~;i[NKq Dmv82`j|_ugӨh-=8zZaU.=lKѧ:̻3ύ뒮/f+XoW+ݾk\p+^SCOy]%u}7mEq G Zn睦n!mD1eڂgPv!*}($jb("='0a4hc3-ި<Βc@)(?i1LdPFߓ ,Vb\ٖ XiǀIf+g銚hfteo9/pBeI(֩6wƒ(*sʧ1棕.iҐuZIDWFq$%QYj︷T ΅V7G陼T%hrh51MqisZ_IrL:v)z̧6~V 3zA%R. ¡АD֐}(BQX@TCT ::R]&GQ҅¢aiH>Ԥi+(RJ;i> !=-*҄թPhFYRtPhTAjUV[WzUn_kU:֓dHPė4Oj^zWueCժO%,H սo~S;TSsElfSI`JR66]/;֊vm4-Z_*ӫ"l_lGmZZ%iY^I֊),rXiRSr.p+ۦ6}.mk^f׻ۭvk_.gyzudqr^Nյ}e셱 ["ح}l3[ -}Sڕ]ll%aA 1yxe| X=mzǗIqLZ>qP^C=rl>.˜Yhr XwoǼسbF9m3z,`pqz`F_,aD;Є}.WOW>1ZWUoƻ=u d6u2C*x* Az\e(@/e 7:O_@#zZѩ˧.xA<ㅞ/kj3uX|vZTG{qW>f'S^GUPuH>fKtLMSw;0282C`t8,=;@B8D=@s9(;=KX?dW R8TXVxqIxp\n^bndXuhOj%nom4tOvx۔zM|؇H8WTB+T&8+hK68-(H/h؉xXxh8Hx؋@XsH?ʸΘO3X>xᓍ=؍㸆Xex<؎98S89w5iYxy yqn M $ y0h Ni@$z`o sv02hPh`O`@+),)* h`>@6ON`i=?Ay r 6gFLO &Ǧz` Uɑ6\M9_XWR6]]UmpsfQoXyloL5'h1cVx) *dhi`cP\9GPnapviaiXiQiRW5jPh0[Ic ecc)\}zq T] @`yٖYoqIVeh[6hʹyЉ)G暹EaE[ߙZri Z7e)Vy A`jYpcߕcf -) zN ꠶ЛZu&xpbx墥OzyEٓviY-jyefI\6[ DIWXH$ bImSZzY#ڥ>%@F@ X G?j:lJ;@E@FEI?  >@0J%B{*w-9J 9%ڧ,'sڪf ΰs%x^Gt0 MtS ګu`'vƺix_v:w嗬u~wj#{?w7zӊBx4yG}W}s׬Z#}䊯@gw~B7{P :Ǯ>1|Z[}/2~ʱ' u$"::};s/" H@ۀڳ`@HEk $z)ȳNK"4Z\ 6M{EXf{h{` Զnpr;t;# z|۷~;[w yk۸v:[q+Kl{۹ {Qں/'t뺲A{+s+ڰ!9%y)s˻{ntDts[%>뽌 . 29FY8[ uʷSs ;tNǽڿ=+K0EyH]I@j; NQ}v>=\ "%|qWkٖ&u@A4Kuns: ?Aݺ7 XG5{Z*\i\ OQ8 u QOwpnԚh| (yvܱxul w^t 5^@ul旀g@m9p,6| 8sPl暳>xFx\3['ʛL' ɦĪLʬŝA'ʂjU 9y<;xm l sk~I,zR},[γǴܱ+;:+\㜮'6=s'&i\dЮF] iə <|lc̛et ϧsl'-~$B|*]{ہ5-؉idV\* c"=~]ݨ{O:@᷽t'pHҮ>^H˻jf}~0gōYVgm6`8j:j>)5P~+@kX>% xV>&z܊hOVjEJ] czeZZ[V[O}>+=G\^ž1VjhJ^-f<|K =Ƣr uzH7u]4hC0Şʾ^{?^޸| J)QGh[CBG?A~FZھ`߮ٴ٧ Zt]=tptl&(*#lN82?4_68:<>@B?D_EuÃNaP99J^S`_;b?f/;Z \lSn:pqtW?zVlo_o} N/[+\8v VD{WeP/_ZOf-ǥ~L#[֭$M77Y)a/v:Q 'b~xؘouXO4G9ڥ*9:hәbXpffIVjsud">}zꋑftyW'5zy}? H Oˁ.hUX1Ha(h!2d!%>(OvH"xb~ C2Hc6ވc:c>dBIdDnb,zVeRNIeV^eZne^~ fU6 ffrd-R5@rIgvY'xg~ hJhih袎> irɦ&M^ըji~ jJ (brJ*Jkz뭺ꪭ+Klh.khjJlJvfmt:&p+'H0@ (޾ .).}wr'x.r{=.6o>m?tgB(NB. $h x;UOy@khoJ{^o}S<%}lw *XA 4 f!H41-T^8950CW'ȉJ_66;i[:Kv_)@# A L ԫ7k#40HSD&6qNb ɺ*>}ddHl@ Lf}S(GRT H/9H*Kd9kV&ֱ0hxT%y<Qs2YGN`[ţKGN"w|ى}Mp00RSԞ~1i;I̓JMT h69*o~snX:M(Eiō΍䄼̅.uqli;]:)˝)ibft:xAgWՉN4lQ[]miV'ٽ3)cfu ho6c, 0LoKg$?r+=H?Η^eo<mtv&G9nb3KzV9y>_)Uu'{#6q3DoU_Z;-G}gyQ&xpXpF%wxvgtx4Vq'wt(er؇lA؉H(z6\6)iCHYhї{(XȄ?VJلF8cGȦZrQ(h'pHHi灤ׄ'sw4A)IqUv[{I5t)5阏 |՘Ii1əuә I7)i Hɚ Ii5雿 I~%ʼnɉ/bǜ)iXI׉ ɝe I9剞yɞ I9yɟ JȩT ʠ  *Jjʡ ;PKg7$2$PK`UIOEBPS/img/olsag008.gifGIF87aUUU****,0I8ͻ`(diKlp,tmx|pH,rl:ШtJޒ֬vz +.z$|N~B}]C(i@gZ˹`fU9eY^S7`1J_R4: E]GO]A;p˺$"A 0GY0 i-<$id1d1@FeL!y*C%f9Z.Uj&)ʟ/* Mbxge[dUK4n,INcx RYd1.zcLuJ3Q+M03?bd*y[#?*V|7e\wZƷ_L؏M'U2w U@A5FRo*Le>:.,omT/;o. i9&tIvOtR!VIXj=Tzdui`P,OC ݁zuGā6!Ffۮn͂I[.l*መd9ʐ&JEǚ00, K4(;2+:, $S ԃK*3ӌ#<˔W<[hA]6lNJPI%B `ZTSG@YȉԑV~U|+鬨ntoyaPɂt>2>ٶeS1"Q,}%0kD D6Wr+UG'񞒾CycP*fπyiS  /@E)Xr.ః|Aυڷ8L?;U^1-*1 ):ߕ:Jd7%_0aRؿ@PLWMtjHD"Ba&L! Vh(ե?Q"J?aN3|!4R~}DZL(94 (W( :נ8s` \43r9qq{Py,`ظxȍD&pSb-,:^31D5x&Fㄝe9pA: Θo仐.ϔ/%A:hєܡ `Y .ᬖMD5AFԙ0]}&) MݰݜԄ%6o`Q0t&l^[|7!x9ZBj 8j>tD+T(\zbjE8+aS-xs8m8l|B>T4 *yQ}"V_N1|eRUsJ`jR)T ,' 2S_ 0@O^N"KYuUͬEإRmڂZP,jPFȅ*lc2t*JµămcEQGr q\H7rµX^_כS)Y \cl}l`(n֒V$C޶.N{QqSLk;v6$^I3rAh%`ƒRu=Xc)N.4T;n2sÆ) F^s7 EA3; Jov;H臿EX#%My0cx7L4qQ&%]%p* [C,P+xSj`$cqvRqALgiubg45 QЃ fDSK,5'vd2P,0s/"n+%hRZ4baڊFobP=!z$)Ȕ2?gB d5i0S1RKXbФ.L8}!2CIsu{٣֧V3;ti0Tk2g43В4%,E/F V@[vϓt\@Oi4]SxU`{"fOc!&H۽펓I>UoP w'.ֈrZkJ|8 7 \E1+/A4D?(ܗaF=Au4.QΝQ/^2ifbMtM-׷}gC||r YDr{|N4t;ckWbFs(}hPr{bz26~CPՐ4&`!?Ga=`q؆yѧKЀPOC&F=s$:;Fd1cK@E|R|ցjARdLY(5d)l= dl/DaL / -)V3Or3VG4I2jHTFitjQMƧlW<8`>iXdUXB#~PKÆh'6G|sl=Ȉd1lYV_lfIl8(f?i'm#f8F: >Q=}?2kf7?Ѐgu; ~o!QƉj? 8ELPx5DQR M$ȌGDn&nYd,ЀO:Ey*tHkkĎ7 p!8~s*@PmĒMB8O 7(႓0?I(wArG4Ow˘')gIɃYGE9@S U}f9a?dYfyhjSP @r9t ts|ٗr}_GX[S|ck1]ALGz℟d:gQ;E^+-vo&}F6ҕR Hx(Tvecee|3>(Hg(48q߀zg׆I؛QxW9ɈXu^DH)cdM3`v 76O-p7zsPS7P<ԘwdjA|o(^@(!BQI ?&=XbHP'Y:aǍI~b~)~a _j(IMoh#o/vF=%R" Q:zG>(7)1äyyzGpq)PPՑ`+qB}9;+r8~*f^B{bu TAi U GjKeyrIVWD/qF8i8Q8]5ʨ(7kJH3$ zIHؙBDhoRKڤFLF6M8k$?تV"O6ykQOwIqpHj7"y$!yC )9f_֊xk,W.R: &j9 y {䠚@Ѱp@)Aa "QZX@.*.в0YxÀH%zaHbj ~" 7g´_59#x?#m8muր\J}ca'FF@t::~6~>>gp; =gd/хU4G&}d}&dh Yn+ %jf2Mz|֧9 b )kh֘W0i&J '9z[ 1j76H*UZB&ʮjm˻ɢ˾mE ۚ;pzooph]g}U~EJajxqۮ0%kX <[LVR)B@j7j3JP\GT|`S\XqY\>W`\a*K~G\{^vbC^ڊO𘚃^wŭom6ue;t5#4ZZn|țN_yW_4"Kf_Ϲmf޼rh[`έUxgtO }#W-/CȬ&Ylu`P7 KK_F^%:АǜwᏀ`R9p( UXܞE'Ny-,PpYNvBq/yہ6]쬇* X EZOE!}`"9/6C9e넏fpit&-dkvhŢQY{`DFI~+Ҁؤ#sYȳgO`&'ݫq%ṱK]vM3 ]R4.(|M5<FI/z`S$:Euӝc"g9(x g8F~v)Q LqNMBІ: v Jъ* D7юz :ѐ(MJ7+s0LgJoT5ͩNwӓޔ= PJTEMRjPTԩZXiUծzգ[XJVhMZqֵp KJ׺u;s^Zֶ_K uMbe: m,d'KYzI.zvGyhGΒiS*cmka+ڒmgqR b+M^ҕ΍Z+꒕nWZ oS+MoOѫ֔/L+4x z,N|7DHu?J [) {V;D!>QV-~X)s+1O,!F0%3N~,eS 2 - ^/ì1پf>|Ӭf}3+9v.=ٺ~t-h=4E ю-#ISڶl3irӬ4Q+Q߶ƦpSUz~u]-kҺֿ5 |]?׾_`۰>q&}6iWֶ+js[-z%J ntQܐ";/E~/PҀI%I cޏe VAvxPlw'Ra5>`Cp QǓD.K.ʼnW= z/18fqk8fM(,iϭG4J| ȑ>kz5mZ.XT}I>h_|(&Wt<.!Q[Ĝg:}:řJѨɻVͮRK/_z͹x:uӽ7stHq<ȃ3>hOZBR2o=}ΒS?:Lr`\ŭJsx;|'Ol_\㔵R4{O{g5?34/'%\%W~'UhU~}%u}އe}zGŁ \"(ixwUuW 'gybVe>GO8s0\)y%xR8tG{Cw .˰󄘗{qThtaUFE(|'Ur;NsvXy@yfDi>U,w$S{DŽ#y wDyK7n)pa(}GhRgzWs4 'yׅcu#xxU {iAJ7Ds'wW|qاdtiJvvȋK \׆HDcU|JhUGghgT؈3U@z0EYrH|W8%v1EQ}ŏe~_QXW]Y<Z UY2i[N8wْ.9 ֐/y8 +ՑLp9B T@9J;9E\IR M4T-7SWwLq$ hbGfK~SAQrޘ;p9% igy;xuqHXznI QYvtT(׋vWPi*Ql )׉mY9'_TI;1YrE՛!zs84狎ٖYKuJ77r1gi詓ORGInX.iةThY 9Y )i\/p&uIҵJJڡ ::%&:V,:Y(2X1Z!u8aʹ>Q@5D:OFzEJmLڤ֣P:[OQ0xDM>"`ǖXxVjiykyJQSe !zrԥps{EʝnZI{|MHN7X8zaG6ךuiŜZwy B*aAQyz 5r؇xs*ئYuqJ8yyԕ!Ίdڬ$9/':Xڬ 1 v皭^՞;ѩ xڪiI積\ʭZuj }wٕY׍롄Ț"jɅuT^:([*ֲ.kn'4VIzFe:<+Q y%&Zr]?[NUUQIKGK/:y"@{"ʡ?%5 oP;H鵔i% 9PU2jBp(t{ +Uxz {vK,+}p ˸;hT` K5;KK+Q鹞{pKۻ5w+srˠY *˻{o}{;;k˫( Ӌk _8۟ˣn {뼼;q+;+Ի+K V߫#Ii[; %nwYV@ EٻQ(*\T-<ۿB6L g;Sooϐֹ9MJV |VKL\|^ܵ)Kܺ `lk\\o 'Pyǜ+R }l[lB9AdȮj,8"9IǗDĄ{ʼn\ZLʥ\=LT\,u|"Lĥ ÉBܻF,' ˮ&z!, 'ɬ Ws,lǚ\l" \͎ P 'ʤ*ͅL+{qhl\ ÜӌPQq|t΁HZ%"#m͔ ?ʣѦL#-6mČHS#.]0 -T| ͌KA Ge\r֗$j=.QlUt].!-ԓ<+g,Ջ׍֏]-|ٵ؋+HJฝ \n;qh>`oĀK:eH&Ҍ}.S~p2y_=E<=&n-V^VH];!PnT'X,1밎pгνj(,̺nK?NVKܿ10ҪU\:r3&MM&>ϙ#8޾ ? oV-.Y;8 aªPϣr}no,TźW}nL;5e{A?:_wYNz.Ny6oaC4%k[$ʭĦN\fߖMt?_n/l?S]GL;a=޹ 4<š?/S]N"Qpڢܹ_v?1N{NŌþ?R2|nycN.Om0028ͻ` dhjAtmӔiB_JtѓJ/hN uԃNMV_gZuu~ vbffvgv}pr+Lw ߍ7z=q~[ xN8džq⊋x%?9ʒOr喻y1o9͞~sLz=:Ъ>t {IN;ӶtK{U<u{|a/hW>y~Gl8mt@<{hFsyp|=pz}zrqkwÈ?Ź8βuٔ׉}̳wO `89iӗ!D8HK"!fdȯ=u(`k\B\FJ3jg{d^ĥƵHӸ,o`ҧDqիX_Zʵ떣^Ê5uٳD]pʝKݻx˷߿amMǐ#KL˘3k7MӨ)(s԰c˞M֡3'HP`mjn (HУK<kʗ'{C^kγϮ]&q7`w &%^#ld "X$5|g_cug8AZ֢T"8؋,^"i7ʧqM ѢX5M&$IFdSH襒`V$9ζyJn XNzig]iyi:MNy}砇Jog:Psp hz"jebFh螝 x*pޗacsI`EnJꅒ:擪)jlky:Q,{Z뫌~j2{m= :E`D"lP,*n뭿J~ﱜfo40@hP@cR(O1!ɋjY:K\}<:ReGnϖ-YW\` o.=Й X; u\w=z-اmMhSv̦]یfp ڭxr;J7e\᭙ہ_7NxTێyesA[8dl#.y钥> @' ߲G{d n(З}Y~%$<0NOu/(P@>V]аҌvu%m7#^HS#؛B]op،XA_ ic 6RAZ#DL33pT!JXbKuaPD HsͰP,CX̢E.FQ*KPiH2#h6uPh7ptE9IX^4(gES T'a)7je%S@^QHH&&Yi^bq|*UV3c: LffY%5 NrSN TJ\3uxĴ$8sQcSQy|V/:^x6UlP 72w9uc3i^F>yY~Y6n;V=XV3 < lw]BۏѳK4ltWB6:ʟKy8s«X2ҞL3),bSMUko m7J^ju б`kpI[7r^K#I] q578C^[ǝ>i@Ծ݀v'|v'4fFf~,l+vpp+z €-;}L<o9nl8{Vomq:>6/i~rx m%_zI.uAҹ:7N^aþ7]a'?̮oc;S##v'[^}i{.A;w8񐏼'Oyȇ;PK| PK`UIOEBPS/img/ols_hr_added.gif5GIF87a޵c1Z!Rksckﭽ祵ޥR{祽ZkΜ!!Δ֜)!!!JJB991ޥRR{{s999ƭs1cέcƭ{έ֭ksJ99ccBJR)νcތs{{Zֽ9BΌkBJ!s{ZsksR{{{Zޥքkֵέƭ,˱'*\ȎÇ#J ŋ3j܈"Ǐ CY(S\2-$cʜIӡ1rɳOgԂYѣHߍSd"իXS#VJٳ8-O=ĘEݻxҔ-ܝsI ݱy+^<3 s[f̹X@v2ȗ7\װR,mMY˪f%d4n[_μ6*}^g;ν1)J5^ZpS{_Ͼ'P6u}MwϿ&Mx%OF8~% wI7X Vh!sD]^(∮a()1Pڑ(w D8</ȊDiH&L6PF)TViXf\v`)di"lp)tix|矀i²S&)(BhVj^)v駠*ꨤ Mx|)Nzzk+ۡM-gT;)':9;lW$NvMʱNm'X:'9 .On.koBnSjIWHOݷ\9<|= ܰWW^=1`ĭE[1+$o(_}lNmW/m]f<,< {H'ң̊=9ơvYfHrVwOXk-~'i=6S؏\smwX3| ӫ@ShS/v9[Vח)oqm/VEc^ܢߨzꀫ"NI6u=yko6eet;:;C yn.w߱՛_sio6هº*/xuЎax@u/k8AʍkcS@ d<u e|Njxymx{0ÜA;WP" >Yedؓl8L/1ܣ}৶sjOnݚE) @O(dHEU#IJr,Ty =IH''s|r)-VjrJ8'!0-qIo2' /]IbJr Lz͌4o4hNf3mzs487dVQ7:S\zgOl~ʓ (M MB*H/D'JъZͨF7юz HGJ҈(MJdj)LUJł  N:ӞJ2PڤUL5mJqzԦ:N)TSR)*V!T[ X$ձ5L`=ZV*u_m\:PJ+^j$J_;W~=\׷jR3YZ,^YrMEr`L*ʀ3l}ZjdXm6Tm\'5L2pPZ3x푞[\(qwM.nM$/ -*@1nw,zg161r_.68nx[68Ifr,X \ۢHRm}X0n0xI=qzjS c ^fl`ȓ%g:I-|c^p,c'S.ma& őt00x8~S [* +iM#h"頴4rfɪu|춹m v'{ZI}Eg7< fGAc W/]$H4`_7}k][i¢oklZլsdmYDԃWeNTW6sT YFjv57[EmkjsKy&ҰghnV;ܠU-@ 4m~Do[[BZtoPґUsK ](>sq:ғt{9`qicymu"D4}(.mkc{NO.ik^T<lv@t]M5y0G3H5iX%[]Վ飷F^rm|osܜ.Q['Ml.uS}ܼO_z'x߫>>rWi:?o#q_o`~ߕ۫˿'I%~5i'{7"Gxb&~ W1SvyzV$hVhby7`~Y$)8 8-ց+Fh:]Mf?vxGtwE҂X&0Ed?@dI8`oCYyƒIkz_H+zWsWh&\wdx64`%j~IWfzxzTtm7}V8gz[sXw8F2q_io7_c8b8|ϧZec>'h~h$1^UU`lw[wlqg#'fy׆uf=PnBUfVZUjiy<\UZXp9wKȄ8Vq٨̘Ѩ6`pCgrW$chxX}t扖\5|uSj5x؊pUKfkS[iZ8[,fHdy˶ngCgxwt([u8l&V9Yp1`&h}Ib' *YY G$.91{yx$X$%Dٓ(@)FE9uw+N)l%KNJ[&Exy%GY|R~)&%R"UJ,91<0\ڥA-GSaPb>H4* pMQ  ^q(ZZW2  UBO-(0 `[}|"E<+3^MJ+)@`ʩ«8wdNq'(*P pڥ^zꫝj;QZd8jPQ:$P&zW*e%Bd*g @!  ;J* PKN=گ?Ѧ P|**;N-+N>Z;?1 0U갷+/kL1@+6 =@K?+CE[LG+FgF+K+$j(X-[KLkJmk6'k"t[i+*oJykI{ (c;wD;L `J۷b~2ʸ~yKX' *D#!A󰴞 `a Р+ { yp@``@ʋ kߋ + %P` ۽e!dAPp:K 2@t[pP , !.4=3@P:B! pPJt| 97;l?(KK: [*=q-?zd8a+.Dnڦ NtO^ڧ)gj030{YnrM\L_ܰ(Jy9~dު:]PȮze^P^Q^nWY^|KazNn-^T=v/}ӌ<+^{JLڭ"DXu^K~X*۵r^;A&볁>M.쾞DnN?ߗ^:ldNJ)~_ R+N.^O]q4Ffx #Zlͫ@&B'sK"?v ϞN')?s"~jB']FH%گ0۴K1a$ 3! !j/\ d/"oqsf/ }ٻhٲ 盾+Q {Rjc&Ƹ ЖȮ oEq,{ ?,\qó<Դ&-П-\ ף=Ž=$n[^`<=˴|nԿs3ďY F.(=gˈI0V1\5"O/p@Xhh(P8x8@h)Hyhy *:Hzp {JJ[k{+j:++[l|L|{i0A!!M`)HX9yn+=Klko )/L_0U?uk`1>Z4oHM 80Z($+8U4Xș;4ِ  `p]E}Uoq[{pl½. lݴپ}33~E %|ѧ[n]:vז7˛=}[o}'u~_W][b 765}uuR`b"Hb&b*b.c2Hc6ވc:c>dB(FdJ.IqL> eRNT^eZn\~ fbidfj~in g G)gvމYtg~ΞJh^K.h> iNJi^ini~ jJjꦁ;PK[PK`UIOEBPS/img/ols_apply.gif=GIF87aq2d4fd줺\$VlԼtdlΜ$$ʔ쬾̤Ҝ,$$$LLD<<4ޤTTT~|z|<>Dlntdjt|Ĕtr||̤ܼ|dTDrT~SڪNkS klN&6F]RRjR:n覫rPy)YL+*KSll'0BSn}JR:R/| ,$+JWhg^+(r,n2a\ɜ[y_ 4%'L7]ɮ c2G3S @u}Wht\v`ep-KA݊O}Vn!S ZsKx|WW8C8ݠ. NݶwtU >}m>\C͛}8Ϯ첳:³˰Gtòy3d=~3@u49ԡ/xJCJQJ4LͨF7Zш:e <В IWҖU)u'޴8ͩNwӞ@ PJԢHMRԦT3TPXT;a!UT, ղRV=Z)1c\JHX+^7ͪ[׿ݫ^ 2R5,d'ͬf' m$+ɲ*iM lcK9E*T޶vu2j \nU'*VunpnnbYɼwBo]f7͓y+Zsy+V{O^ɫ+N-$V8N0 uoC,b ā0K<`v1L]+W2-hrA mf/+wnLdGج,f&;e=r|,)׷4?,FSdβSLV8]V3y`􈻜jQхO-:zҏB̭+'CѠ&5:$޴ZKgZx.rYz̵6kr\N _gu9~}nkт%*ml;X^Qs{~v7.?p|F5W nYs8gUxc63n 9u?lq[Fnt gtgjub=RG2kac' tNyIy׺V9}!'89?w;WTmԯyƵo嫻>}TkO %{6ת[g~kW_Qğ X@OOϿ+x}(')*p ؀8Xx (  8${*UѓÂ*"._S\2?1H79xq<4&6qcD(HHA8ECгN#PUMxJOxCOą0 ur $]?5ARF46THsHIj3nd @  Ѓ:^4q=F;5C _4YZq)@%P@  Јbh0X2>/c5$Id87R[p `0ȆsCx4yh}(RApÍotEC@Q &`J XF>xC눅7ċrAC6>}G8L1 ``' p<@6y#ฒxtiXti5I){(-9NS׉0 3Ոɕ9)J7rKAOt_ah© J20!*`J:}j2pآJ1$j9K0/ 2:bJ*=O-Z@2BJDj.?/ɉI4v~칓 TQ* hF5T4Ƞ9i-)d *t.U ɐؕg*7w*Mrj*Zr뒧n~Z Hzz0.UJ;}2YʚXlڠzvj4@FFyؙ*Zcʪw䪘HJ}8u6 yTJnʒ|Zd5:)ڬbX*u9ښB..N:J:*Z":HڡkG [GY{'% 5O$[]&*;"(.Ѳ0;42[8 <۳>@B;D[F{HJ ;PKj)B=PK`UIOEBPS/img/ols_new_policy.gif#9GIF87aP4fdddfdf4d줺\$VlԼt2ddlΜ$$ʔ쬾̤Ҝ,$$$LLD<<4ޤTTT~|z|<><|dfl42<\ZdDJL|ztv||~4:D܄<>DlntdjtLbtr||,Pף RnCx0SuQ|1YQAV|Hd.R]-18SŚb܉eF )2OC zPъBY2}*)ХQ]BݨS]ʳ,I/5 Ԕn%kBtUz7ֵR}+wۿj 'k=u+8QږWNne793_DCg}UtiGcklI*Voƫkݙԫ)rWAKe]WN>7o&c {mypSmO!U\H'Vm ZUh" `U mU7 rR$hb0#,"`0(#*)hՈ>3JGs=C+4;/\ԻIB1H<5n[]o[kUG.6v׫*2ǹJzk3mM.v 9erFn.{㒹cw.,(5`騧ꬷ.n/|꟏n|o>埯>obǿ׏d݄(,/*yۜXr|?.J*v8b8k 4 R084BU-^-a}kjlgt5Z٭-MYP+ٔ(8)i*!xCUkYfNA"L6͐USafƢX6ɱ]BcݚG1&Eȷ)V=M-! tBb,ȶD툜|8ɒh]Lcږ((U0n$핶2o4e%.cDQl\#7\>DHC3MIsMj59]bx 8IrL:aWMn|<}ys޼>Q}sT X 4%EBP"# ED1Q5VTŋ.N(CIZ"]vR#R,1MH(Ja:ҏt'L]QjQS jFGZF VTeѐbS@=Ճ>զe )V%:նuQ}ZV=5k\הnTp}^jWf6*BTթpk?1ԕzK%_sѬ6?Z:Zub=ֆլW5ٺYmi/{X:4jo{k4RږCxEty[~oc랶t]\V5mmiĪ-v+򎗧uor^"/vZZZvU.rYK[궰ce}jܾɅ0Z.6_. ^pz a*w_^:8-rS r~1}ߋ]%L^2Ge ݣ_2;dwJEa[Y5luZ>1s S$Ytodq@WwWJ[5YJdXمk[l_5rvM=bЍe,H 6_+[3[FQ|Tn5ưwޑ7ᙑx|nSϹIzOGz[y7 F 2L^w@/|ˠ Og= Z^~Sl|{?aC)DͰ~/γ?>~M Y@we[tuuR0xuTPNW >_KtLM0?m=x WFxHJqCprP8IR8iTVCX\?^b?dXsh>jӆnqO%t=vxדz8=@&K"xHᢈbȈx(艚؉Hȉhȇ}<8Sx<9(oxHʈ1،?s8#(ؘVh=<(0%yON`i,yUB !Yhp9iH<ٓx6 @)h YFHQ)&|Ry^φVPP0Ga,U NpPgЖXKɔ9ĶvQbIT0rN %9$cppXSjx7`bgk啦h0HcprٔteUeշx;f`hV |yag @yVV zp eVc^Y AЖgYy*XOg_ٚ(x0u~V)Arvc:6e[ycY9LhP]h) iQgvi ? WGPɝؕ aVj2bxYkyf@Np zP0Q)s#/9Q> )Djړri D`?N0PpESʒU A螱@EFEI *je s* >@|:B0Yp`zHpHZj#%rZzf@sWs FtLGY#Uu[9ڪ v'ugO"p}|Igw*wss'sϪ|:WxNJ&"y ̗{}GGz"ȧߧzZ!r:G87GU Ƈ|I|} ʮtᗰ K~ʭj̧7G[Zh* Ҁ%Ȫ*- !<۳>&Ȃ:k 2HJ;8NPR;T[V{C5۵^`b;d[f{bZ \npr Zvpq)s۷~;:k mtr;s+{+7 ɐ I7WKwzO{u=s+sz7o˻o )Dy)໠ I׺&TtLs;sG6q n+3y7JY JH@ӫs ZwsKks뽨qKTIWZYVW< sʬdǬsggsGb|& && lG *IWltJJvG \KO$NQwH\kJ"\|uB?zSiylR|XLWG@%I^,͊{|mpG\SΪ†DŽȃK|\rܰt{^oFP9iȟžtvL:xLJə];t,{{y{İ]F_{c67c~|$[^ H Nztⱝt@*Ȃ鞾C>^A8gꪞ{ jʦn >ѫ~e;K7;w^8(:Gƾ69>:;|ڧ~ u<׶Pׁ~`o>^zg?  ?_7";^ o)!?0O;%O '18:.<3P@_1F:H8/@LSLOR/N P\NVo_Tb%:hod  &#s{/'w#mo@_`::zo;o!O}?Nx?_/olOlr:_7Oto_"Oo_ (( 0`XXHhب )yhy9  jzxꚈ9 ۺ;Ⱥ ,ZXIm}Ok~k˟ <,&p"IwtV^5l"bؑ*Yq+T$43C 31-K,RlISOK4Eyq''NRm'&ЎLŔ__=VPOLKF`Y~/MM;*(Oe Zؗ rt(@+\Kb=4s ]n$2.~ZnPxآlG1_ J<7c̝%uWTڞSg7bN;Ʈn>kۻ/&=z[p u]^ .`>aNHa^ana*( w u݀b*b.c2Hc6ވ c1H FdJ.ɤ 4 eRNIeV^eZ2^~d`If[H]ifl grtiz馐Dz睁IhZ9Z&hfߐ1'^)ֹidBY&j䪬 jaD D :l*جJ L@^m6Y춆"{WJ 1 C ЁR٭V:o+I%!xlS, 7FFM6Hj'pOsI ),+ٲPƌ$F$5; 38R%.UF5 "YAn1&S]UguU{}5a v'cM6*OA6rüso$s?|;޲xIT, 0@80WSdGO3Izs}ۚ$ꪯ>uK);;hO'B *P\imҋLR/sÞ:EP)$9nْLg+!%?xGB && 0m\ 8P{; h,)`5XىnT]G»m}Ja;V*0: LU$ YA N·jEI|WطEaQh8`xg"zx&ŶL^Nf 嵔x$&v"!jqLFYp PZCx2)KEAPzr,%2*TrOb`HA&ӛ[;>y$n]y'i |J Ѐ t-APlvJ7qODӝߊEO^KD١Qnmt(I5Q,RHRD@MoӜ@(` uD-QԤ*uLbOTUլju<*P AYϊִul=SC H QS=E_Kxja"6-GQ1 @@@!ډG(X59l_I VjkXv-S{ `S=0-hA15%,UL¶jmr_TܚBt:5.rY(xީMjU+mm_uz{`w,٫X`ږFi/|wxvM|b{Xem'x,&'kձ_k]x>p~_ FN-[;o1&8U2\ad04kslzh6v|-j1leB9YN4%L~AiL+thHО.t3])ozЊ6LiSt·8n :ҭ3}U{8f? blѓVf/jSKۢV,dY浜HŲt?LlWuIMn$_Yg[ qi#6ihG5Ow[ɂwa:9`힋Tk|01g^d6'F^8 wݒָ#s-Kwx׭OQ\⯦PW;3__ƻu^wntz|3k'.w]vyvȻw͒t/yH_w~GIcO_vm~{u۟ꟽOrh}MYrbPxbiGb#x _|WwjV`gv8Ɓvm xfssbXbwUF_bhGwy'*|'rwddRu.u7u?uCWm ueBoWp:!vU7v7pGhTT@x GfhHWhEju[;]&uQIvuKXiw(ru(ugtqcEy!V6lisǁ (q-x8mExxH}qhX綈'xSdi5huev~G8rGqnGumf sqGahWxmzoav5gSwXhY؍8AwxInuȇ;G8'Xgm]HLt-xn*(y8pZWٶxx u֐zv5ƈMwƂo{w`$wT(zx/ [7(Td9{EGՓד8CICX/@IU8YMOP)SI[ŔUYp[_Y] cI'ei{gm閫ǖo)sXqIwfeyɗ}y.闁)ii&ɘGU |I9əI4陡I)Mi隱 )Ii|)Iiljɩɜ )Ii׉;PKX##PK`UIOEBPS/img/netmgr_adv_sec.gifHGIF87at4NL|ddf4Μ̚4ddfddfdfd4fdd24fd̚424, dihlp,tmxpH,Ȥrl:ШtJZlSzxL.E.zn| ~oW~C?PJsGDABAHpFx@EǻɚIƶp֭߳ݒҺb܋晏8}+C{#ZwΓN#MCXQ`J\2 R 2dHIo[ :%М$͞@ 3jIX[\Wg4z5Ǧ9B ecFqnvzH/^,.È_1FCL9ʘ3˽爸MӨS^ͺװc˞-aCmέ;/n Nȓ+_μy&@سkνË=:?;_ϾP`u&zhG} PF(Vhfv`߂p%@,{ԧDh8!!iH`r $@ L6d2&ATViTH@1 ydxO~1.1%p)c^ iJc*^3:8碌6Zc[^eQz#` Hi pf>2s­ϩު:뮼>VH>$klbZkr&U+rն횷"f䖋\I)C"BJ:[8Kj":mʺn[Ҧo++-1.r\(+ėŖ0 mClS9lB|=G1@-TCH2Nz. Ʈ3B3MHAnw3x'tG !#"ws,uՌ_Hj- ׈xQ Y ror Bc tύϣ:{7>xλ~!Ǜ<9{Њќ[Kt-g_`CO>?{`+F`6 DMuW=mou &ԅOmSr>%q[_Zx% ay@ h ְ,{ LGakDN GEUq&,(To!{!  `P4T.FO(BnqYd'|92 @ " đ}b ;yC=OD\Lhrφj($8s ` pЎVRhs `(FQޱJ/h3R.O @,ҋtliSV QqxQ>% 'qTjC8qFR0]@=?j~Z!;Ϯ$t_XJӤ49gUTo5>tui^hE oqJKeF@ f cY+%P@Y:EY T@hp;\-6H)vLP/[ۙN$DZ\_8@䞩`Xޒ4t+ <ʶ=m7㰌"P ƶ:1%'zsivLEp HN5]S`dgMv3MB&B;ѐשE[.@7Ny~~G_ ִW;:nS'FNĘe^+׏vu=g_ ̯iY4kbPJ}l)W}lao{sN_f#ukc{ع=vӛ~7mow-{ۻō[r#$P`;w5np;voȧm(7%]YZ?ጸ=EkZHFyg=I9'Cwye؇uWJ3YU5;Hq狒(E\U^u8ѕ"ThPWIE.`U卫UOHPdgKk8xxH#ԏ w(HG X4e#I(`ő").␝-<7ztXODuB6퉔TIVs&P_" Lr^mezD~dZP!=3Ŷo %bUaS_vJ>@׆dmEӄ'k}V0ǣ>M}kz 7ǥX}78Ը6Sǖ҆nsU}ltY\{s[icφ~5=Wzб7D헠z֟ u~dQ)Gs{ӽ'wef܇"Ɠ[w )e 2x]{4ҧc!_%!#vX|%Zt (SWÍ!)geaq埆hpߍ-u5Icd|L-&c;ؖIK4|AbNd&䒭lfRU*JY}VI(XNux$Og(&X^uű) jn{* >Om9sXjnϙ\ -0XkY YJfkd]Ld-@ i g֋).~,kůcyjf;-: ژ|fw Y`Gxh>Y\Byٿ&7v 2LxBǻ"MVh(9KfN3.|lv'cڝے *&=w,n߭|K~.x'G.'Nn/xw\.Cz騧.s y#>x䎻<Q|'oKٿq|1|.cow*kq|s?l߆/?&/;?[ܛ^7@og@o~ #ꧾ6/xAz0`=HBᯃWBIP0⋡LO}ѣanІ{` HDgTH xpPa׿$rp@TtX.z1G-щdh(}Nb/ a(Br"_HF/OLbhqlc),* e7Qܣ!)yB3R T#*G@ QGEbQ<+iA󌿻ḁ4׺iZd#6MU 4rL:v~ @JЂ7ІcDY͉Z(F7QRh )*bl($6CdmV u,K'Aҝޔ>Ui"aT3M)]S toA=Q 5d=j`JVg-QնFOZT=5]:֪íH+J S[kk^G)Ӽ:r%MXWࢬdm,d+[ͺu5-KeYvɴlec Ζmh-;Yv,8Dظb=.6P},kK]:V]nr+F.]3{򾁼~mirvh߾Vepk*zXa,`K_&.MBέ\ x%,`Xĝ0`? \Sfqc%1e\0]cj6N~| L`"/FrQawiO?,kyDqNlc7Xa3Ϭ5[YV 779>4k)?N.qBWX[^q KZӠ.33cK|6Q mA9pQsZ>6ɶl3MY lVp?;i?Ӽv멋}kedwt_̼n}{COw;MlѧÍV륏^օ+>gk^w=t?][wѣ>Jx)}ւ(_V|@֠P8Wڰcnb5 8N(Rx@UhW؁ b9'VˁmS TwJ*U fH}dMr7U5؃<(g{6ȂtE@ R3肧PilE;oX(?\.X`Hg"U6Gl.\b޵Z%_yw~\o8~Qfolw~ș{_vlE|[_G^5'wvEq%m}5~}t8udXVr7s;7[vwdd'ggȋf޸x(0wAx+DŽu3nRjަv jdזxVo@wifqV|y7Ȏ(~:XxhIQh7wvhwfh"q#I7p(X8qu#*)ki8HvEWkȍws̘CIskgwRx=Duewgtw &xZǔWa] xχxwyjJx Im;~xy:rbwGbGK9wG{XuzX~y|wzssu՚؇{׆s7 }rw{(^7})ӗ 8:7i)@dX%g|ਫ਼ ȞY ŝٟȟZE ڠĠZ2HEDڡ]ġ,"ZC#*,ڢ.02:4Z6z8:7jʀ#$>j;8DMIZL NC:P~#ĥX Z7^Kc|귛Glów@<#@Hk>J1{6tBAȄFKLD@W$G DKDC6deGDN庵SC`3p~۷ķ _۷pKC⳷DkLkjA ˸۹+”{ŴEkA{;~B :xk64k{Oۻ[ĻI 6kK ˹˼{{󐼲kBV뵣BK㫸ikt뻴tELM +u%% {*:T° Kp` L 9sQp`2l P%l8o`01<5 p9ù 3l pIL,JNLn Securing Data