Index

A B C D E F G H I J K L M N O P R S T W X

A

accounting, RADIUS, 6.3.5

activating checksumming and encryption, 4.4.1

adapters, 1.3

ALTER SYSTEM privilege, needed for transparent data encryption, 3.1.4

anonymous, 8.6.2.3

asynchronous authentication mode in RADIUS, 6.2.2

authentication, 1.3

configuring multiple methods, 10.3

methods, 1.2.2.2

modes in RADIUS, 6.2

B

benefits of Oracle Advanced Security, 1.2

browser certificates, using with Oracle Wallet Manager, 9.5.1.3.1

C

certificate, 8.2.2.2

browser, using with Oracle Wallet Manager, 9.5.1.3.1

certificate authority, 8.2.2.1

certificate revocation lists, 8.2.2.3

manipulating with orapki tool, 8.8.4

uploading to LDAP directory, 8.8.4

where to store them, 8.8.2

certificate revocation status checking

disabling on server, 8.8.3

certificate validation error message

CRL could not be found, 8.8.5.1

CRL date verification failed with RSA status, 8.8.5.1

CRL signature verification failed with RSA status, 8.8.5.1

Fetch CRL from CRL DP

No CRLs found, 8.8.5.1

OID hostname or port number not set, 8.8.5.1

challenge-response authentication in RADIUS, 6.2.2

cipher block chaining mode, 1.2.1.1.3

cipher suites

Secure Sockets Layer (SSL), B.3.2.1

client authentication in SSL, 8.6.2.5

configuration files

Kerberos, B.1

configuring

Entrust-enabled Secure Sockets Layer (SSL)

on the client, G.4.3

Kerberos authentication service parameters, 7.1.7.1

Oracle server with Kerberos, 7.1.2

RADIUS authentication, 6.3.2

SSL, 8.6

on the client, 8.6.3

on the server, 8.6.2

thin JDBC support, 5

connecting

with username and password, 10.1

CRL, 8.2.2.3

CRLAdmins directory administrative group, F.6.7.1

CRLs

disabling on server, 8.8.3

where to store them, 8.8.2

cryptographic hardware devices, 8.2.2.5

D

Data Encryption Standard (DES), 4.1.3

DES encryption algorithm, 1.2.1.1.2

DES40 encryption algorithm, 4.1.4.1

Triple-DES encryption algorithm, 1.2.1.1.3, 4.1.4

data integrity, 1.2.1.2, 1.2.1.2

database links

RADIUS not supported, 6.1

DES. See Data Encryption Standard (DES)

Diffie-Hellman, 8.6.2.3

Diffie-Hellman key negotiation algorithm, 4.3

E

encryption, 1.4

encryption and checksumming

activating, 4.4.1

client profile encryption, A.2.2

negotiating, 4.4.2

parameter settings, 4.4.4

server encryption level setting, A.2.1

encryption, transparent data, 3

adding and removing salt, 3.2.4

ALTER SYSTEM privilege needed for, 3.1.4

benefits, 3.1.1

changing the encryption key, 3.2.8

creating an index on an encrypted column, 3.2.7

creating master key, 3.1.4

creating table with encrypted columns, 3.1.4, 3.1.4

creating tables with encrypted columns, 3.2.4, 3.2.5

disabling access to encrypted columns, 3.1.4

disabling encryption on a column, 3.2.6.3

enabling, 3.2.1

encrypting columns of existing tables, 3.1.4, 3.1.4

encryption and integrity algorithms, 3.2.9

external security module, 3.1.3

how it works, 3.1.3

managing, 3.3

opening the external security module, 3.2.2

opening the wallet, 3.2.2

overview of operations, 3.1.4

setting the master key, 3.2.3

specifying columns for encryption, 3.2.6

SQL commands, 3.2.11

storage of master key, 3.1.3

use of Oracle wallet, 3.1.3

using, 3.2

when to use, 3.1.2

ENCRYPTION_WALLET_LOCATION parameter, 3.2.2.2

Entrust Authority

creating database users, G.4.6

Entrust Authority for Oracle, G.2.1

Entrust Authority Software

authentication, G.3, G.4

certificate revocation, G.1.3

components, G.2, G.2.1.1

configuring

client, G.4.4

server, G.4.5

Entelligence, G.2.1.3

etbinder command, G.4.5.1

issues and restrictions, G.5

key management, G.1.2

profiles, G.4.1

administrator-created, G.4.1

user-created, G.4.1.2

Self-Administration Server, G.2.1.2

versions supported, G.2

Entrust, Inc., G

Entrust-enabled SSL

troubleshooting, G.6

Entrust/PKI Software, 1.2.2.2.4

error messages

ORA-12650, 4.4.1, 4.4.2.1, 4.4.2.2, A.2.1.5, A.2.1.6, A.2.1.7, A.2.1.8

ORA-28890, G.6

etbinder command, G.4.5.1

external security module, in transparent database encryption, 3.1.3

F

Federal Information Processing Standard

configuration, Preface

Federal Information Processing Standard (FIPS), 1.2.1.3, D

sqlnet.ora parameters, D.1

FIPS 140-2 Level 2 certification, E

FIPS Parameter

Configuring, E.1

FIPS. See Federal Information Processing Standard (FIPS)

G

grid computing

benefits, 1.1.1

defined, 1.1.1

GT GlossaryTitle, Glossary

H

handshake

SSL, 8.1.3

I

initialization parameter file

parameters for clients and servers using Kerberos, B.1

parameters for clients and servers using RADIUS, B.2

parameters for clients and servers using SSL, B.3

Internet Explorer certificates

using with Oracle Wallet Manager, 9.5.1.3

J

Java Byte Code Obfuscation, 5.1.4

Java Database Connectivity (JDBC)

configuration parameters, 5.2

Oracle extensions, 5.1.1

Oracle O3LOGON, 5.1.2

thin driver features, 5.1.2

Java Database connectivity (JDBC)

implementation of Oracle Advanced Security, 5.1

JDBC. See Java Database Connectivity

K

Kerberos, 1.2.2.2.1, 1.2.2.2.1

authentication adapter utilities, 7.2

configuring authentication, 7.1, 7.1.7.1

kinstance, 7.1.2

kservice, 7.1.2

realm, 7.1.2

sqlnet.ora file sample, A.1

system requirements, 1.5, 1.5

kinstance (Kerberos), 7.1.2

kservice (Kerberos), 7.1.2

L

LAN environments

vulnerabilities of, 1.1.3.1

ldap.ora

which directory SSL port to use for no authentication, 8.8.4.3

listener

endpoint

SSL configuration, 8.6.2.7

M

managing roles with RADIUS server, 6.3.9

master key of database server, storage in transparent database encryption, 3.1.3

master key, in transparent data encryption

setting and resetting, 3.2.3

MD5 message digest algorithm, 4.2.1

Microsoft Internet Explorer certificates

using with Oracle Wallet Manager, 9.5.1.3

N

nCipher hardware security module

using Oracle Net tracing to troubleshoot, 8.9.3

Netscape certificates

using with Oracle Wallet Manager, 9.5.1.3

Netscape Communications Corporation, 8.1

network protocol boundaries, 1.4

O

obfuscation, 5.1.4

okdstry

Kerberos adapter utility, 7.2

okinit

Kerberos adapter utility, 7.2

oklist

Kerberos adapter utility, 7.2

ORA-12650 error message, A.2.1.6

ORA-28885 error, 9.1.6

ORA-40300 error message, 8.9.3.1

ORA-40301 error message, 8.9.3.1

ORA-40302 error message, 8.9.3.1

Oracle Advanced Security

checksum sample for sqlnet.ora file, A.1

configuration parameters, 5.2

disabling authentication, 10.2

encryption sample for sqlnet.ora file, A.1

Java implementation, 5.1, 5.1.3

SSL features, 8.1.2

Oracle Applications wallet location, 9.4.11

Oracle Connection Manager, 1.4

Oracle Internet Directory

Diffie-Hellman SSL port, 8.8.4.3

Oracle parameters

authentication, 10.4

Oracle Password Protocol, 5.1.3

Oracle wallet

used in transparent data encryption, 3.1.3

Oracle Wallet Manager

importing PKCS #7 certificate chains, 9.5.1.2

orapki

adding a root certificate to a wallet with, F.3.2

adding a trusted certificate to a wallet with, F.3.2

adding user certificates to a wallet with, F.3.2

creating a signed certificate for testing, F.2

creating a wallet with, F.3.1

creating an auto login wallet with, F.3.1

exporting a certificate from a wallet with, F.3.3

exporting a certificate request from a wallet with, F.3.3

viewing a test certificate with, F.2

viewing a wallet with, F.3.1

orapki tool, 8.8.4

OS_AUTHENT_PREFIX parameter, 10.4.3

OSS.SOURCE.MY_WALLET parameter, 8.6.2.2, 8.6.3.3

P

paragraph tags

GT GlossaryTitle, Glossary

parameters

authentication

Kerberos, B.1

RADIUS, B.2

Secure Sockets Layer (SSL), B.3

configuration for JDBC, 5.2

encryption and checksumming, 4.4.4

PKCS #11 devices, 8.2.2.5

PKCS #11 error messages

ORA-40300, 8.9.3.1

ORA-40301, 8.9.3.1

ORA-40302, 8.9.3.1

PKCS #7 certificate chain, 9.5.1.2

difference from X.509 certificate, 9.5.1.2

Public Key Infrastructure (PKI)

certificate, 8.2.2.2

certificate authority, 8.2.2.1

certificate revocation lists, 8.2.2.3

PKCS #11 hardware devices, 8.2.2.5

wallet, 8.2.2.4

public key infrastructure (PKI), 1.2.2.2.3, 1.2.2.2.4

R

RADIUS, 1.2.2.2.2, 1.2.2.2.2

accounting, 6.3.5

asynchronous authentication mode, 6.2.2

authentication modes, 6.2

authentication parameters, B.2

challenge-response

authentication, 6.2.2

user interface, C.1, C.2

configuring, 6.3.2

database links not supported, 6.1

location of secret key, 6.3.2.3

smartcards and, 1.2.2.2.2, 6.2.2, 6.3.2.3, C.1

sqlnet.ora file sample, A.1

synchronous authentication mode, 6.2.1

system requirements, 1.5

RC4 encryption algorithm, 1.2.1.1.1, 4.1.5

realm (Kerberos), 7.1.2

restrictions, 1.6

revocation, G.1.3

roles

managing with RADIUS server, 6.3.9

RSA Security, Inc. (RSA), 1.2.1.1.1

S

salt, in transparent data encryption, 3.2.4

secret key

location in RADIUS, 6.3.2.3

Secure Sockets Layer (SSL), 1.2.2.2.3

architecture, 8.3.1

authentication parameters, B.3

authentication process in an Oracle environment, 8.1.3

cipher suites, B.3.2.1

client authentication parameter, B.3.4

client configuration, 8.6.3

combining with other authentication methods, 8.3, 8.3

configuring, 8.6

configuring Entrust-enabled SSL on the client, G.4.3

enabling, 8.6

enabling Entrust-enabled SSL, G.4

handshake, 8.1.3

industry standard protocol, 8.1

requiring client authentication, 8.6.2.5

server configuration, 8.6.2

sqlnet.ora file sample, A.1

system requirements, 1.5

version parameter, B.3.3

wallet location, parameter, B.3.5

SecurID, 6.2.1

token cards, 6.2.1

security

Internet, 1.1.2

Intranet, 1.1.2

threats, 1.1.3

data tampering, 1.1.3.2

dictionary attacks, 1.1.3.4

eavesdropping, 1.1.3.1

falsifying identities, 1.1.3.3

password-related, 1.1.3.4

Security Sockets Layer (SSL)

use of term includes TLS, 8.1.1

single sign-on (SSO), 1.2.2.2.4, G.1.1

smartcards, 1.2.2.2.2

and RADIUS, 1.2.2.2.2, 6.2.2, 6.3.2.3, C.1

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 7.1.7.1

SQLNET.AUTHENTICATION_SERVICES parameter, 6.3.2.1, 7.1.7.1, 8.6.2.6, 8.6.2.6, 8.6.3.6, 8.6.3.6, 10.2, 10.3

SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 4.4.4.2

SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 4.4.4.2

SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 4.4.4.2, A.2.1.8

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 4.4.4.2, A.2.1.7

SQLNET.CRYPTO_SEED parameter, A.2.2

SQLNET.ENCRYPTION_CLIENT parameter, 4.4.4.1, A.2.1.2

SQLNET.ENCRYPTION_SERVER parameter, 4.4.4.1, A.2.1.1

SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 4.4.4.1, A.2.1.6

SQLNET.ENCRYPTION_TYPES_SERVER parameter, 4.4.4.1, A.2.1.5

SQLNET.FIPS_140 parameter, D.1.6

SQLNET.KERBEROS5_CC_NAME parameter, 7.1.7.3

SQLNET.KERBEROS5_CLOCKSKEW parameter, 7.1.7.3

SQLNET.KERBEROS5_CONF parameter, 7.1.7.3

SQLNET.KERBEROS5_CONF_MIT parameter, 7.1.7.3

SQLNET.KERBEROS5_KEYTAB parameter, 7.1.7.3

SQLNET.KERBEROS5_REALMS parameter, 7.1.7.3

sqlnet.ora file

Common sample, A.1

FIPS 140-1 parameters, D.1

Kerberos sample, A.1

Oracle Advanced Security checksum sample, A.1

Oracle Advanced Security encryption sample, A.1

OSS.SOURCE.MY_WALLET parameter, 8.6.2.2, 8.6.3.3

parameters for clients and servers using Kerberos, B.1

parameters for clients and servers using RADIUS, B.2

parameters for clients and servers using SSL, B.3

RADIUS sample, A.1

sample, A.1

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 7.1.7.1

SQLNET.AUTHENTICATION_SERVICES parameter, 7.1.7.1, 8.6.2.6, 8.6.2.6, 8.6.3.6, 8.6.3.6, 10.2, 10.3

SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 4.4.4.2

SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 4.4.4.2

SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 4.4.4.2, A.2.1.8

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 4.4.4.2, A.2.1.7

SQLNET.CRYPTO_SEED parameter, A.2.2

SQLNET.ENCRYPTION_CLIENT parameter, A.2.1.2

SQLNET.ENCRYPTION_SERVER parameter, 4.4.4.1, A.2.1.1

SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 4.4.4.1, A.2.1.6

SQLNET.ENCRYPTION_TYPES_SERVER parameter, 4.4.4.1, A.2.1.5

SQLNET.FIPS_140 parameter, D.1.6

SQLNET.KERBEROS5_CC_NAME parameter, 7.1.7.3

SQLNET.KERBEROS5_CLOCKSKEW parameter, 7.1.7.3

SQLNET.KERBEROS5_CONF parameter, 7.1.7.3

SQLNET.KERBEROS5_CONF_MIT parameter, 7.1.7.3

SQLNET.KERBEROS5_KEYTAB parameter, 7.1.7.3

SQLNET.KERBEROS5_REALMS parameter, 7.1.7.3

SSL sample, A.1

SSL_CLIENT_AUTHENTICATION parameter, 8.6.2.5

SSL_CLIENT_AUTHETNICATION parameter, 8.6.3.3

SSL_VERSION parameter, 8.6.2.4, 8.6.3.5

Trace File Set Up sample, A.1

SQLNET.RADIUS_ALTERNATE parameter, 6.3.2.3

SQLNET.RADIUS_ALTERNATE_PORT parameter, 6.3.2.3

SQLNET.RADIUS_ALTERNATE_RETRIES parameter, 6.3.2.3

SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter, 6.3.2.3

SQLNET.RADIUS_SEND_ACCOUNTING parameter, 6.3.5.1

SSL. See Secure Sockets Layer (SSL)

SSL wallet location, 9.4.2.1, 9.4.11

SSL_CLIENT_AUTHENTICATION parameter, 8.6.2.5, 8.6.3.3

SSL_VERSION parameter, 8.6.2.4, 8.6.3.5

SSO. See single sign-on (SSO)

SSO wallets, 9.4.14

synchronous authentication mode, RADIUS, 6.2.1

system requirements, 1.5

Kerberos, 1.5

RADIUS, 1.5

SSL, 1.5

T

tables, with encrypted columns, 3.2.4

thin JDBC support, 5

TLS See Secure Sockets Layer (SSL)

token cards, 1.2.2.2.2

trace file

set up sample for sqlnet.ora file, A.1

transparent data encryption, 3

adding and removing salt, 3.2.4

ALTER SYSTEM privilege needed for, 3.1.4

benefits, 3.1.1

changing the encryption key, 3.2.8

creating an index on an excrypted column, 3.2.7

creating master key, 3.1.4

creating table with encrypted columns, 3.1.4, 3.1.4

creating tables with encrypted columns, 3.2.4, 3.2.5

disabling access to encrypted columns, 3.1.4

disabling encryption on a column, 3.2.6.3

enabling, 3.2.1

encrypting columns of existing table, 3.1.4

encrypting columns of existing tables, 3.1.4

encryption and integrity algorithms, 3.2.9

external security module, 3.1.3

how it works, 3.1.3

managing, 3.3

opening the external security module, 3.2.2

opening the wallet, 3.2.2

overview of operations, 3.1.4

setting the master key, 3.2.3

specifying columns for encryption, 3.2.6

SQL commands, 3.2.11

storage of master key, 3.1.3

use of Oracle wallet, 3.1.3

using, 3.2

when to use, 3.1.2

Triple-DES encryption algorithm, 1.2.1.1.3

troubleshooting, 7.4

Entrust-enabled SSL, G.6

W

wallet, 8.2.2.4

automatic login feature enabled in transparent data encryption, 3.2.2.1

wallets

auto login, 9.4.14

changing a password, 9.4.13

closing, 9.4.4

creating, 9.4.2

deleting, 9.4.12

managing, 9.4

managing certificates, 9.5

managing trusted certificates, 9.5.2

opening, 9.4.3

Oracle Applications wallet location, 9.4.11

saving, 9.4.9

setting location, 8.6.2.2

SSL wallet location, 9.4.2.1, 9.4.11

SSO wallets, 9.4.14

X

X.509 certificate

difference from PKCS #7 certificate chain, 9.5.1.2

X.509 PKI certificate standard, G.1.1