Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Question re Security and TDE

Question re Security and TDE

From: William Wagman <wjwagman_at_ucdavis.edu>
Date: Thu, 3 May 2007 13:46:31 -0700
Message-ID: <FE043305B38A0F448F3924429D650C2A02652A63@VEXBE2.ex.ad3.ucdavis.edu> 





Greetings,



The managers here have made a decision to implement TDE in order to
encrypt data to be in compliance with campus cyber safety policies. As I
understand TDE there are still a lot of security holes and that all it
really gains one is that data is encrypted but if someone knows what
they are doing it is still fairly easy to get at it. I am listing my
concerns here and would be interested in knowing whether or not there is
something I have missed.



    
  
  1.   Granted, data is encrypted in data files and in the backups but
anyone who has access to the database and encrypted data via SQLPLUS can
still see the data unencrypted. Sure, security within the database could
be enforced using other techniques but shouldn't this be done anyway?

  
  2.   If someone were to get hold of data files or backups they would need
the wallet in order to decrypt the data. It is a simple matter to go to
the sqlnet.ora file as the location of the wallet must be specified
there and that will point them to the location of the wallet. I think
the wallet could be stored on another machine so two machines would have
to be hacked but even so.

  
  3.   If the wallet is to be opened upon restart of the database instance
there are two choices. One, set the wallet open with auto login but then
if someone finds and steals the wallet they can decrypt the data without
need for the password. I think one almost *has* to do this in a RAC
environment since one node can decide at any time that it is going to
restart itself and one would want the wallet to open on instance
restart. The second technique is to put the sql statement alter system
set wallet open identified by password; in a startup script but then the
wallet password is in plain text in a startup script. Which is worse of
these two alternatives. I must admit, I don't know where one would put
this statement in a set of RAC startup scripts which I why I set the
wallet to auto open.






 I guess to me TDE is sort of like locking the front door of your house,
hiding the key under the mat (or maybe at a neighbor's house) and then
leaving a sign somewhere telling someone where the key is. Granted that
is a simplification.



So, I would be interested in anyone's feedback or knowing if there is
something about TDE that I have missed.



Thanks.



Bill Wagman


Univ. of California at Davis


IET Campus Data Center


wjwagman_at_ucdavis.edu


(530) 754-6208

--
http://www.freelists.org/webpage/oracle-l


Received on Thu May 03 2007 - 15:46:31 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US