Encryption is the method to convert information into secret codes to protect from the bad guys. The real meaning of the information is hidden and the process of encrypting and decrypting data is called cryptography. The formulas used for cryptography are called encryption algorithms, or ciphers.
Encryption plays a vital role in protecting information. It provides the following primary benefits.
- Confidentiality encodes the message's content.
- Authentication verifies the origin of a message.
- Integrity proves the contents of a message have remained the same since it was sent.
- Nonrepudiation prevents senders from denying they sent the encrypted message.
Oracle database provides network encryption to protect data while traveling through the network. It offers native data network encryption and integrity to ensure that is secure from the bad guys. Oracle Native network encryption converts plaintext data into unintelligible ciphertext based on a key. In a symmetric cryptosystem, the same key is used both for encryption and decryption of the same data. Oracle Database provides the Advanced Encryption Standard (AES) symmetric cryptosystem for protecting the confidentiality of Oracle Net Services traffic.
Oracle Database supports the Federal Information Processing Standard (FIPS) encryption algorithm, Advanced Encryption Standard (AES). AES is a highly supported algorithm all over the works. It defines three standard key lengths of 128-bit, 192-bit, and 256-bit.
Encrypting network data provides data privacy so that unauthorized parties cannot view plaintext data as it passes over the network.
Oracle database native encryption is easy to deploy and follows the step-by-step guide to deploy it.
All configurations are done in the "sqlnet.ora" files on the client and server.
Set the following parameters in the sqlnet.ora file of the server.
Set the following parameters in the sqlnet.ora file of the client.
Following are the acceptable values for SQLNET.ENCRYPTION_[SERVER|CLIENT]
- ACCEPTED: It is the most relaxed and default parameter if the parameter is not set. The client or server will allow both encrypted and non-encrypted connections.
- REJECTED: It is the plain-text-only parameter and both client and server will refuse encrypted traffic.
- REQUESTED: It is a relaxed and somewhat secure way for encryption. The client or server will request encrypted traffic whenever possible but will accept non-encrypted traffic if encryption is not possible.
- REQUIRED: It is the highly restricted value for the parameter, the client or server will only accept encrypted traffic.
Set the following parameters in sqlnet.ora of the server to encrypt Oracle database network traffic using the AES256 algorithm.
Set the following parameters in sqlnet.ora of the client to encrypt Oracle database network traffic using the AES256 algorithm.
The above configuration will discard any unencrypted traffic. To get a lit bit of relaxed configuration we can use the following parameters in the sqlnet.ora file of the server. It will prefer a client to use an encrypted connection to the server but will accept a non-encrypted connection too.
It is highly advised to upgrade the Oracle database client version to support encryption. I have noticed a lot of incidents in the database due to clients not supporting the encryption. The output of the encrypted connection has been attached below. Executed command below to find if encryption is enabled while connecting to the database.
0 comments:
Post a Comment