TAILIEUCHUNG - Applied Oracle Security: Developing Secure Database and Middleware Environments- P9
Applied Oracle Security: Developing Secure Database and Middleware Environments- P9:Computer security is a field of study that continues to undergo significant changes at an extremely fast pace. As a result of research combined with increases in computing capacity, computer security has reached what many consider to be “early adulthood.” From advances in encryption and encryption devices to identity management and enterprise auditing, the computer security field is as vast and complex as it is sophisticated and powerful | 54 Part I Oracle Database Security New Features systems in an organization that use keys. In an HSM device the keys are processed using specialty hardware that offers speedy cryptographic processing and network access and handles keys in a tamper-resistant platform that generates keys within the device so file system copies never exist. Keys themselves are never removed from the device in an unencrypted form and the table keys are sent to the HSM device for decryption over a secure channel. Since such keys are becoming increasingly critical for organizations and are being used in more applications each year building a key management strategy early in a cryptography program can be a very sound investment. Secondly most networked HSM devices provide a central mechanism for managing who has access to which keys. This provides capabilities around separation-of-duties and span-of-control each examined in any system security audit. Since the keys in question can provide such things as the functionality of TDE and the security for your SSL-protected communications they provide an extra layer of defense for key storage. Currently supported HSM vendors include the following SafeNet acquired Ingrian LUNA SA version Ingrian DataSecure Platform models i116 i421 and i426 as well as previous models i110 i311 and i321 nCipher acquired certain assets from NeoScale netHSM 500 2000 nShield PCI 500 2000 and 4000 NetApp OpenKey Client with PKCS 11 API for the LKM-Appliance KM-500 RSA RKM for the Datacenter Module for Oracle 11g TDE Thales e-Security acquired nCipher nuBridges Utimaco Including a vendor-specific library to the host operating system accomplishes the implementation of an HSM device. opt oracle extapi 32 hsm HSM_VENDOR_NAME VERSION The directory opt oracle is important it must exist create one if it doesn t and make sure that the file ownership is oracle and filesystem permissions allow read and write access to the directory or set it up as specified by .
đang nạp các trang xem trước