Oracle Advanced Security Administrator's Guide
Release 8.1.5
A67766-01
Library
Product
Contents
Index
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
accounting, RADIUS, 3-26
activating checksumming and encryption, 2-6
adapters, authentication, 1-10
application level firewalls, 9-11
architecture of SSL
in an Oracle environment, 9-3
with other authentication methods, 9-8
assigning new pincode to SecurID card, 6-15
asynchronous (challenge-response) authentication mode in RADIUS, 3-5
attack
data modification, 2-5
replay, 2-5
authenticated RPC, protocol adapter includes, 11-3
authentication, 1-5
biometric, 7-1
centralized, 1-5
authentication adapters, 1-10
authentication modes in RADIUS, 3-4
authorization, 1-9,
9-11,
Glossary-1
B
benefits of Oracle Advanced Security, 1-3
biometric authentication, 7-1
C
CDS
naming adapter components, 11-4
naming adapter includes, 11-4
CDS, using to perform name lookup, 13-13
cds_attributes file, modifying for name resolution in CDS, 13-14
Cell Directory Service (CDS), naming adapter includes, 11-4
Cell Directory Service, using to perform name lookup, 13-13
CELL_NAME, DCE address parameter, 13-2
centralized authentication, 1-5
CERN proxy server, 9-11
certificate
definition, 9-5
certificate authority
definition, 9-5,
Glossary-1
challenge-response (asynchronous) authentication in RADIUS, 3-5
checksumming and encryption, activating, 2-6
checksums, 1-4
cipher suites, SSL, B-8
client authentication in SSL, requiring, 9-28
combining SSL with other authentication methods, 9-8
Common Object Request Broker Architecture (CORBA), Glossary-2
confidentiality, definition, Glossary-2
configuration files
CyberSAFE, B-2
Kerberos, B-2
needed for servers in DCE, 13-3
SecurID, B-3
configuring a server, in DCE, 13-3
configuring cipher suites in SSL, 9-25
configuring clients
in SQL*Net/DCE, 13-10
to use CDS, 13-13
configuring Oracle
for Net8/DCE, 13-1
configuring RADIUS authentication, 3-9
configuring SSL, 9-12
connect to database, to verify roles, 13-8
connecting across cells, 13-5
connecting to another cell, 13-6
connecting to Oracle database
in DCE, 19
connecting to Oracle server in DCE, 21
with username/password, 21
without username and password, 21
connecting with username/password
with authentication configured, 10-2
Connection Manager, 1-11
CORBA (Common Object Request Broker Architecture), Glossary-2
creating an Oracle server account, 7-13
creating Oracle directories in CDS, 9
creating principals and accounts, 8
cryptography, definition, Glossary-3
CyberSafe, 1-7
system requirements, 1-12
CyberSAFE benefits, 1-7
CyberSafe Challenger
system requirements, 1-12
D
data
authentication, 1-5
authorization, 1-9
integrity, 1-3
privacy, 1-4
data integrity, 1-3
data modification attack, 2-5
data privacy, 1-4
data privacy and integrity, components of, 11-3
DCE address
sample for LISTENER.ORA, 13-4
DCE address, parameters, 13-2
DCE external roles, setting up, 13-6
DCE groups to Oracle roles
syntax for mapping, 13-6
DCE GSSAPI authentication adapter, 8-1
when to use, 8-1
DCE parameter SERVICE, 13-15
DCE principal, for DCE GSSAPI authentication, 8-2
DCE Secure Core services, 11-5
dce_service_name, verifying, 20
DCE.TNS_ADDRESS_OID parameter, 13-12
DCE.TNS_ADDRESS.OID
parameter in PROTOCOL.ORA, 13-14
decryption, definition, Glossary-3
defaults, encryption and checksumming, A-3
defining users, in multi-cell environment, 13-5
DES, 1-4,
Glossary-3
digital signature, Glossary-3
Distributed Computing Environment
overview, 11-2
E
enabling SSL, 9-12
encrypted data, across protocols, 1-11
encryption, 1-4
public-key, Glossary-5
encryption and checksumming
activating, 2-6
negotiating, 2-7
encryption and checksumming parameters, 2-9
Enterprise Manager, 7-5
export controls, placed on encryption technology, 2-2
external authentication, 11-3
external roles, Net8t/DCE, configuring, 13-6
externally-authenticated accounts, creating and naming, 13-4
F
failure of fingerprint authentication, 7-16
false finger threshold, 7-3
fingerprint accuracy, 7-2,
7-4
fingerprint authentication failure, 7-16
firewalls, and SSL, 9-11
G
Global Directory Service (GDS), 11-4
H
handshake, SSL, 9-7
hash
used by the Biometric Authentication Adapter, 7-3
used in the Biometric Authentication Service, 7-2
high security threshold, 7-3
HTTPS, 9-7
I
identity, definition, Glossary-3
Identix Biometric, system requirements, 1-12
Identix TouchNet II Desktop Sensor, 7-15
Identix TouchNet II Hardware Interface, 7-4
IIOP (Internet Inter-ORB Protocol), Glossary-4
secured by SSL, 9-7
initial ticket, Glossary-3
installing key of server, 9
integrity, definition, Glossary-4
internet, 9-7
Internet Domain Service (DNS), 11-4
Internet Inter-ORB Protocol (IIOP), Glossary-4
K
Kerberos, 1-7,
Glossary-4
system requirements, 1-12
kinstance (CyberSafe), 4-3,
4-8
kinstance (Kerberos), 5-3
kservice (CyberSafe), 4-8
kservice (Kerberos), 5-2
L
LAN environments
vulnerabilities of, 1-2
limitations of SSL, 9-11
listener endpoint, setting on server when configuring SSL, 9-29
LISTENER.ORA
parameters, description, 13-4
loading Oracle service names into CDS, 13-16
logging in
when SecurID is in next code mode, 6-16
with PINPAD card, 6-17
with standard card, 6-16
logging into Oracle
using DCE authentication, 21
using SecurID authentication, 6-13
M
managing roles with RADIUS server, 3-28
mapping DCE groups
to Oracle roles, 13-6
MD5 algorithm, 1-4
used by the Biometric Authentication Service, 7-2
MultiProtocol Interchange, not supported, 11-5
multi-threaded server
not supported, 11-5
N
Net8, Glossary-5
Net8 Native Authentication, 7-15
Netscape Communications Corporation, 9-2
O
Oracle Connection Manager, 1-11
Oracle Enterprise Manager, 7-5
Oracle parameter SID, 13-15
Oracle parameters
necessary for authentication, 1-13
Oracle service names, registering in CDS, 11-4
Oracle Wallet Manager, starting, 9-30
OS_AUTHENT_PREFIX parameter, 1-14
OS_ROLES parameter, setting, 13-6
P
parameters
authentication, B-1
Kerberos, B-2
RADIUS, B-4
encryption and checksumming, 2-9
SecurID, B-3
performance of SSL compared to Net8, 9-11
PINPAD cards
using SecurID, 6-14
prerequisites, for Biometric Authentication Service installation, 7-5
principal, in Kerberos, Glossary-5
privileges, 9-11
products not yet supported, 1-15
PROTOCOL, DCE address parameter, 13-2
PROTOCOL.ORA
DCE address parameters in, 13-10
parameter for CDS, 13-12
public-key encryption, Glossary-5
public/private key pairs, definition, Glossary-5
R
RADIUS, 1-7
accounting, 3-26
asynchronous (challenge-response) authentication mode, 3-5
authentication modes, 3-4
authentication parameters, B-4
challenge-response (asynchronous) authentication, 3-5
challenge-response (asynchronous) authentication, customizing challenge-response user interface, C-1
configuring, 3-9
location of secret key, 3-20
smartcards and, 1-7,
3-4,
3-7,
3-22,
C-2
synchronous authentication mode, 3-4
system requirements, 1-12
RC4 encryption algorithm, 1-4
realm (CyberSafe), 4-3
realm (Kerberos), 5-3,
Glossary-6
rejected PIN code, reasons for, 6-16
REMOTE_OS_AUTHENT parameter, 1-13
setting, 13-4
replay attack, 2-5
required SSL version, setting on server, 9-28
requiring client authentication in SSL, 9-28
roles, 9-11
managing with RADIUS server, 3-28
roles, external, mapping to DCE groups, 13-6
RSA encryption, 1-4
S
sample DCE address, in TNSNAMES.ORA, 13-15
secret key, 7-5
location in RADIUS, 3-20
SecurID, 3-4,
3-5
system requirements, 1-12
SecurID authentication, parameters, B-3
SecurID cards, types of, 6-13
security between Oracle and non-Oracle clients and servers, 9-7
security policy, 7-3
security, protocol adapter includes, 11-3
SERVER_PRINCIPAL
DCE address parameter, 13-2
DCE parameter, 13-15
service name, in Kerberos, Glossary-6
service table, in Kerberos, Glossary-6
service ticket, Glossary-6
SERVICE, DCE address parameter, 13-2
session key, Glossary-6
single sign-on, 11-3,
21
smartcard, definition, Glossary-7
smartcards, 1-8,
3-4
and RADIUS, 1-7,
3-4,
3-7,
3-22,
C-2
smit utility
restarting cdsadv service, 13-14
SQL*Net, level required by Biometric Athentication Service, 7-5
sqlnet.ora file
modifying so CDS can resolve names, 13-17
sample, A-2
SSL, 1-7
cipher suites, B-8
configuring, 9-25
client authentication parameter, B-9
components in an Oracle environment, 9-5
handshake, 9-7
requiring client authentication, 9-28
system requirements, 1-12
version parameter, B-9
wallet location, parameter, B-10
standard cards, using SecurID, 6-14
synchronous authentication mode, RADIUS, 3-4
System Environment Variable, 7-15
system requirements, 1-11,
11-2
CyberSafe, 1-12
Identix Biometric, 1-12
Kerberos, 1-12
RADIUS, 1-12
SecurID, 1-12
SSL, 1-12
T
threshold level, 7-3,
7-5
ticket, Glossary-7
ticket, initial, Glossary-3
tnnfg utility, sample of usage, 13-16
TNSNAMES.ORA
loading into CDS using tnnfg, 13-16
modifying to load connect descriptors into CDS, 13-15
renaming, 13-16
token cards, 1-8,
Glossary-7
TouchNet II, 7-4
trustpoints
adding, 9-39
definition, 9-39,
Glossary-7
U
user account, 7-14
V
verifying DCE groups are mapped to OS roles, 13-8
viewing mapping in CDS namespace, for listener endpoint, 20
W
wallet resource locator, definition, Glossary-8
wallets
definition, 9-6,
Glossary-7
setting location, 9-24,
9-33
WAN environments
vulnerabilities of, 1-2
WRL, Glossary-8
X
X.509 certificate, Glossary-8
Prev
Copyright © 1999 Oracle Corporation.
All Rights Reserved.
Library
Product
Contents