|Oracle® Database Advanced Security Guide
12c Release 1 (12.1)
|PDF · Mobi · ePub|
This preface contains:
The following are changes in Oracle Database Advanced Security Guide for Oracle Database 12c Release 1 (12.1).
The following features are new in this release:
Oracle Database 12c Release 1 (12.1) introduces a unified key management interface for Transparent Data Encryption (TDE) and other database components. This eases key administration tasks, provides for better compliance and tracking, and improves separation of duty between the database administrator and security administrator.
You now can perform all of the key and keystore management commands by using the
ADMINISTER KEY MANAGEMENT statement instead of the
orapki command-line utility, Oracle Wallet Manager utility, and
ALTER SYSTEM statement.
For better security and separation of duties, you now can grant the
SYSKM administrative privilege to users who are responsible for managing Transparent Data Encryption.
Oracle Data Redaction (Data Redaction) gives you the ability to disguise (mask) data from low-privileged users or applications. For example, suppose you have the following credit card numbers:
5105 1051 0510 5100
5111 1111 1111 1118
5454 5454 5454 5454
You can use Data Redaction to disguise the first 12 digits as follows:
**** **** **** 5100
**** **** **** 1118
**** **** **** 5454
The data is redacted at runtime, that is, it is hidden when the user accesses the page containing the data, but it is not hidden in the database. This enables the sensitive data to be processed normally, and it preserves the back-end referential integrity and constraints for the data. You have the option of redacting the data partially so that some of the original data is preserved (such as the last 4 digits of a credit card number), entirely by replacing it with a fixed value, or by replacing the data with an encrypted value. You also can apply Oracle Data Redaction policies throughout the databases in your enterprise.
See Chapter 8, "Introduction to Oracle Data Redaction" for more information.
The following feature is deprecated:
The use of PKI for managing Transparent Data Encryption keys is deprecated. Instead, use the
ADMINISTER KEY MANAGEMENT SQL statement to manage Transparent Data Encryption keys.
See the following sections for more information:
Oracle Advanced Security has been repackaged for greater availability. The following strong authentication features are now no longer part of Oracle Advanced Security and are provided with the default Oracle Database installation.
Thin JDBC Client Network support
Secure Sockets Layer (SSL) authentication
Multiple authentication support
For detailed information about these features, see Oracle Database Security Guide.
The following features are part of Oracle Advanced Security and are covered in this guide:
Transparent Data Encryption
Oracle Data Redaction
As part of this change, this guide has been renamed to Oracle Database Advanced Security Guide. In previous releases, it was Oracle Database Advanced Security Administrator's Guide.