| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Advanced Security
Brian Peasland wrote:
>> The applications (from vendors) don't allow for field encryption.
>> Row restriction is not needed.
>> I feel that auditing allows us to look in the barn and see who took >> the horse. I want to keep anyone from looking in the barn. This is >> data which MUST be protected. It is enough to allow identity theft.
>> Web pages using HTTPS protect the contents between clients and >> webpages. ASO protects the content between the database and the web >> server. >> >> The issue is connection from >> 1) application fat clients, >> 2) ODBC clients, >> 3) and SQLPlus clients. >> >> We have the DB server configured to use ASO with "request" and the web >> servers set to "required". They are ok. >> >> I have been told that ASO is not needed since to sniff the packets, >> you would need to tap into a box which receives the packets. Is this >> nonsense or is there another reason to use it?
You win!!!
That is my point, but my security (and network) guys seem to think that it is not a big deal.
The referenced document you sent contains the following quote:
Over the Internet and in wide area network environments, both public carriers and private networks route portions of their network through insecure land lines, vulnerable microwave and satellite links, or a number of servers— exposing valuable data to interested third parties. In local area network environments within a building or campus, the potential exists for insiders with access to the physical wiring to view data not intended for them, and network sniffers can be installed to eavesdrop on network traffic.
How can a person in Washington intercept traffic between Atlanta and Augusta?
If I can answer this question, then I may get an appropriate response from the security guys.
Thanks,
Evan Received on Tue Sep 12 2006 - 16:39:51 CDT
 |
 |