Skip Headers
Oracle® Database Advanced Security Administrator's Guide
11g Release 1 (11.1)

Part Number B28530-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
View PDF

Index

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  R  S  T  U  W  X 

A

accounting, RADIUS, 6.3.5
activating checksumming and encryption, 4.4.1
adapters, 1.3
ALTER SYSTEM SET command
closing encryption wallets, 3.1.4
opening encryption wallets, 3.1.4, 3.2.3, 3.8.1.3
opening HSM wallets, 3.7.6
setting master encryption key, 3.1.4, 3.2.2.1, 3.7.4, 3.8.1.2
anonymous, 8.6.2.3
asynchronous authentication mode in RADIUS, 6.2.2
authentication, 1.3
configuring multiple methods, 10.3
methods, 1.2.2.2
modes in RADIUS, 6.2

B

benefits of Oracle Advanced Security, 1.2
BFILE, 3.1.2.1
browser certificates, using with Oracle Wallet Manager, 9.5.1.3.1

C

certificate, 8.2.2.2
browser, using with Oracle Wallet Manager, 9.5.1.3.1
certificate authority, 8.2.2.1
certificate revocation lists, 8.2.2.3
manipulating with orapki tool, 8.8.4
uploading to LDAP directory, 8.8.4
where to store them, 8.8.2
certificate revocation status checking
disabling on server, 8.8.3
certificate validation error message
CRL could not be found, 8.8.5.1
CRL date verification failed with RSA status, 8.8.5.1
CRL signature verification failed with RSA status, 8.8.5.1
Fetch CRL from CRL DP
No CRLs found, 8.8.5.1
OID hostname or port number not set, 8.8.5.1
challenge-response authentication in RADIUS, 6.2.2
change data capture, synchronous, 3.1.2.1
cipher block chaining mode, 1.2.1.1.3
cipher suites
Secure Sockets Layer (SSL), B.3.2.1
client authentication in SSL, 8.6.2.5
configuration files
Kerberos, B.1
configuring
Entrust-enabled Secure Sockets Layer (SSL)
on the client, G.4.3
Kerberos authentication service parameters, 7.1.7.1
Oracle server with Kerberos, 7.1.2
RADIUS authentication, 6.3.2
SSL, 8.6
on the client, 8.6.3
on the server, 8.6.2
thin JDBC support, 5
connecting
with username and password, 10.1
CRL, 8.2.2.3
CRLAdmins directory administrative group, F.6.7.1
CRLs
disabling on server, 8.8.3
where to store them, 8.8.2
cryptographic hardware devices, 8.2.2.5

D

Data Encryption Standard (DES), 4.1.3
DES encryption algorithm, 1.2.1.1.2
DES40 encryption algorithm, 4.1.4.1
Triple-DES encryption algorithm, 1.2.1.1.3, 4.1.4
data integrity, 1.2.1.2, 1.2.1.2
database links
RADIUS not supported, 6.1
DES. See Data Encryption Standard (DES)
Diffie-Hellman, 8.6.2.3
Diffie-Hellman key negotiation algorithm, 4.3

E

encryption, 1.4
encryption and checksumming
activating, 4.4.1
client profile encryption, A.2.2
negotiating, 4.4.2
parameter settings, 4.4.4
server encryption level setting, A.2.1
ENCRYPTION_WALLET_LOCATION parameter, 3.2.1.1, 3.3.1.1, 3.5.1, 3.7.1, 3.8.1.1
Entrust Authority
creating database users, G.4.6
Entrust Authority for Oracle, G.2.1
Entrust Authority Software
authentication, G.3, G.4
certificate revocation, G.1.3
components, G.2, G.2.1.1
configuring
client, G.4.4
server, G.4.5
Entelligence, G.2.1.3
etbinder command, G.4.5.1
issues and restrictions, G.5
key management, G.1.2
profiles, G.4.1
administrator-created, G.4.1
user-created, G.4.1.2
Self-Administration Server, G.2.1.2
versions supported, G.2
Entrust, Inc., G
Entrust-enabled SSL
troubleshooting, G.6
Entrust/PKI Software, 1.2.2.2.4
error messages
ORA-12650, 4.4.1, 4.4.2.1, 4.4.2.2, A.2.1.5, A.2.1.6, A.2.1.7, A.2.1.8
ORA-28890, G.6
etbinder command, G.4.5.1
external large objects (BFILE), 3.1.2.1

F

Federal Information Processing Standard
configuration, Preface
Federal Information Processing Standard (FIPS), 1.2.1.3, D
sqlnet.ora parameters, D.1
FIPS 140-2 Level 2 certification, E
FIPS Parameter
Configuring, E.1
FIPS. See Federal Information Processing Standard (FIPS)

G

grid computing
benefits, 1.1.1
defined, 1.1.1
GT GlossaryTitle, Glossary

H

handshake
SSL, 8.1.3
hardware security modules
See HSMs
HSMs (hardware security modules), 3.6
PKCS#11 library, 3.7.2
sqlnet.ora file, 3.7.1
user_Id:password string, 3.7.4

I

import/export utilities, original, 3.1.2.1, 3.1.2.1
index range scans, 3.4
initialization parameter file
parameters for clients and servers using Kerberos, B.1
parameters for clients and servers using RADIUS, B.2
parameters for clients and servers using SSL, B.3
Internet Explorer certificates
using with Oracle Wallet Manager, 9.5.1.3

J

Java Byte Code Obfuscation, 5.1.4
Java Database Connectivity (JDBC)
configuration parameters, 5.2
Oracle extensions, 5.1.1
Oracle O3LOGON, 5.1.2
thin driver features, 5.1.2
Java Database connectivity (JDBC)
implementation of Oracle Advanced Security, 5.1
JDBC. See Java Database Connectivity

K

Kerberos, 1.2.2.2.1, 1.2.2.2.1
authentication adapter utilities, 7.2
configuring authentication, 7.1, 7.1.7.1
kinstance, 7.1.2
kservice, 7.1.2
realm, 7.1.2
sqlnet.ora file sample, A.1
system requirements, 1.5, 1.5
kinstance (Kerberos), 7.1.2
kservice (Kerberos), 7.1.2

L

LAN environments
vulnerabilities of, 1.1.3.1
large objects
BFILE, 3.1.2.1
BLOB, 3.1.2.1
CLOB, 3.1.2.1
external, 3.1.2.1
LOB, 3.1.2.1
ldap.ora
which directory SSL port to use for no authentication, 8.8.4.3
listener
endpoint
SSL configuration, 8.6.2.7

M

managing roles with RADIUS server, 6.3.9
materialized view logs, 3.1.2.1
MD5 message digest algorithm, 4.2.1
Microsoft Internet Explorer certificates
using with Oracle Wallet Manager, 9.5.1.3

N

nCipher hardware security module
using Oracle Net tracing to troubleshoot, 8.9.4
Netscape certificates
using with Oracle Wallet Manager, 9.5.1.3
Netscape Communications Corporation, 8.1
network protocol boundaries, 1.4

O

obfuscation, 5.1.4
okdstry
Kerberos adapter utility, 7.2
okinit
Kerberos adapter utility, 7.2
oklist
Kerberos adapter utility, 7.2
ORA-12650 error message, A.2.1.6
ORA-28330, 3.9
ORA-28331, 3.9
ORA-28332, 3.9
ORA-28333, 3.9
ORA-28334, 3.9
ORA-28335, 3.9
ORA-28336, 3.9
ORA-28337, 3.9
ORA-28338, 3.9
ORA-28339, 3.9
ORA-28340, 3.9
ORA-28341, 3.9
ORA-28342, 3.9
ORA-28343, 3.9
ORA-28344, 3.9
ORA-28345, 3.9
ORA-28346, 3.9
ORA-28347, 3.9
ORA-28348, 3.9
ORA-28349, 3.9
ORA-28350, 3.9
ORA-28351, 3.9
ORA-28353, 3.9
ORA-28354, 3.9
ORA-28356, 3.9
ORA-28357, 3.9
ORA-28358, 3.9
ORA-28359, 3.9
ORA-28361, 3.9
ORA-28362, 3.9
ORA-28363, 3.9
ORA-28364, 3.9
ORA-28365, 3.9
ORA-28366, 3.9
ORA-28367, 3.9
ORA-28368, 3.9
ORA-28369, 3.9
ORA-28370, 3.9
ORA-28371, 3.9
ORA-28372, 3.9
ORA-28373, 3.9
ORA-28374, 3.9
ORA-28375, 3.9
ORA-28376, 3.9
ORA-28377, 3.9
ORA-28378, 3.9
ORA-28885 error, 9.1.6
ORA-40300 error message, 8.9.4.1
ORA-40301 error message, 8.9.4.1
ORA-40302 error message, 8.9.4.1
Oracle Advanced Security
checksum sample for sqlnet.ora file, A.1
configuration parameters, 5.2
disabling authentication, 10.2
encryption sample for sqlnet.ora file, A.1
Java implementation, 5.1, 5.1.3
SSL features, 8.1.2
Oracle Applications wallet location, 9.4.11
Oracle Connection Manager, 1.4
Oracle Internet Directory
Diffie-Hellman SSL port, 8.8.4.3
Oracle parameters
authentication, 10.4
Oracle Password Protocol, 5.1.3
Oracle Wallet Manager
importing PKCS #7 certificate chains, 9.5.1.2
orapki
adding a root certificate to a wallet with, F.3.2
adding a trusted certificate to a wallet with, F.3.2
adding user certificates to a wallet with, F.3.2
creating a signed certificate for testing, F.2
creating a wallet with, F.3.1
creating an auto login wallet with, F.3.1
exporting a certificate from a wallet with, F.3.3
exporting a certificate request from a wallet with, F.3.3
viewing a test certificate with, F.2
viewing a wallet with, F.3.1
orapki tool, 8.8.4
original import/export utilities, 3.1.2.1, 3.1.2.1
OS_AUTHENT_PREFIX parameter, 10.4.3
OSS.SOURCE.MY_WALLET parameter, 8.6.2.2, 8.6.3.3

P

paragraph tags
GT GlossaryTitle, Glossary
parameters
authentication
Kerberos, B.1
RADIUS, B.2
Secure Sockets Layer (SSL), B.3
configuration for JDBC, 5.2
encryption and checksumming, 4.4.4
PKCS #11 devices, 8.2.2.5
PKCS #11 error messages
ORA-40300, 8.9.4.1
ORA-40301, 8.9.4.1
ORA-40302, 8.9.4.1
PKCS #7 certificate chain, 9.5.1.2
difference from X.509 certificate, 9.5.1.2
Public Key Infrastructure (PKI)
certificate, 8.2.2.2
certificate authority, 8.2.2.1
certificate revocation lists, 8.2.2.3
PKCS #11 hardware devices, 8.2.2.5
wallet, 8.2.2.4
public key infrastructure (PKI), 1.2.2.2.3, 1.2.2.2.4

R

RADIUS, 1.2.2.2.2, 1.2.2.2.2
accounting, 6.3.5
asynchronous authentication mode, 6.2.2
authentication modes, 6.2
authentication parameters, B.2
challenge-response
authentication, 6.2.2
user interface, C.1, C.2
configuring, 6.3.2
database links not supported, 6.1
location of secret key, 6.3.2.3
smartcards and, 1.2.2.2.2, 6.2.2, 6.3.2.3, C.1
sqlnet.ora file sample, A.1
synchronous authentication mode, 6.2.1
system requirements, 1.5
RC4 encryption algorithm, 1.2.1.1.1, 4.1.5
realm (Kerberos), 7.1.2
restrictions, 1.6
revocation, G.1.3
roles
managing with RADIUS server, 6.3.9
RSA Security, Inc. (RSA), 1.2.1.1.1

S

salt (TDE)
adding, 3.2.7
removing, 3.2.7
See also TDE (transparent data encryption)
secret key
location in RADIUS, 6.3.2.3
Secure Sockets Layer (SSL), 1.2.2.2.3
architecture, 8.3.1
authentication parameters, B.3
authentication process in an Oracle environment, 8.1.3
cipher suites, B.3.2.1
client authentication parameter, B.3.4
client configuration, 8.6.3
combining with other authentication methods, 8.3, 8.3
configuring, 8.6
configuring Entrust-enabled SSL on the client, G.4.3
enabling, 8.6
enabling Entrust-enabled SSL, G.4
handshake, 8.1.3
industry standard protocol, 8.1
requiring client authentication, 8.6.2.5
server configuration, 8.6.2
sqlnet.ora file sample, A.1
system requirements, 1.5
version parameter, B.3.3
wallet location, parameter, B.3.5
SecurID, 6.2.1
token cards, 6.2.1
security
Internet, 1.1.2
Intranet, 1.1.2
threats, 1.1.3
data tampering, 1.1.3.2
dictionary attacks, 1.1.3.4
eavesdropping, 1.1.3.1
falsifying identities, 1.1.3.3
password-related, 1.1.3.4
Security Sockets Layer (SSL)
use of term includes TLS, 8.1.1
single sign-on (SSO), 1.2.2.2.4, G.1.1
smartcards, 1.2.2.2.2
and RADIUS, 1.2.2.2.2, 6.2.2, 6.3.2.3, C.1
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 7.1.7.1
SQLNET.AUTHENTICATION_SERVICES parameter, 6.3.2.1, 7.1.7.1, 8.6.2.6, 8.6.2.6, 8.6.3.6, 8.6.3.6, 10.2, 10.3
SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 4.4.4.2
SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 4.4.4.2
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 4.4.4.2, A.2.1.8
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 4.4.4.2, A.2.1.7
SQLNET.CRYPTO_SEED parameter, A.2.2
SQLNET.ENCRYPTION_CLIENT parameter, 4.4.4.1, A.2.1.2
SQLNET.ENCRYPTION_SERVER parameter, 4.4.4.1, A.2.1.1
SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 4.4.4.1, A.2.1.6
SQLNET.ENCRYPTION_TYPES_SERVER parameter, 4.4.4.1, A.2.1.5
SQLNET.FIPS_140 parameter, D.1.6
SQLNET.KERBEROS5_CC_NAME parameter, 7.1.7.3
SQLNET.KERBEROS5_CLOCKSKEW parameter, 7.1.7.3
SQLNET.KERBEROS5_CONF parameter, 7.1.7.3
SQLNET.KERBEROS5_CONF_MIT parameter, 7.1.7.3
SQLNET.KERBEROS5_KEYTAB parameter, 7.1.7.3
SQLNET.KERBEROS5_REALMS parameter, 7.1.7.3
sqlnet.ora file
Common sample, A.1
FIPS 140-1 parameters, D.1
Kerberos sample, A.1
Oracle Advanced Security checksum sample, A.1
Oracle Advanced Security encryption sample, A.1
OSS.SOURCE.MY_WALLET parameter, 8.6.2.2, 8.6.3.3
parameters for clients and servers using Kerberos, B.1
parameters for clients and servers using RADIUS, B.2
parameters for clients and servers using SSL, B.3
RADIUS sample, A.1
sample, A.1
SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 7.1.7.1
SQLNET.AUTHENTICATION_SERVICES parameter, 7.1.7.1, 8.6.2.6, 8.6.2.6, 8.6.3.6, 8.6.3.6, 10.2, 10.3
SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 4.4.4.2
SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 4.4.4.2
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 4.4.4.2, A.2.1.8
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 4.4.4.2, A.2.1.7
SQLNET.CRYPTO_SEED parameter, A.2.2
SQLNET.ENCRYPTION_CLIENT parameter, A.2.1.2
SQLNET.ENCRYPTION_SERVER parameter, 4.4.4.1, A.2.1.1
SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 4.4.4.1, A.2.1.6
SQLNET.ENCRYPTION_TYPES_SERVER parameter, 4.4.4.1, A.2.1.5
SQLNET.FIPS_140 parameter, D.1.6
SQLNET.KERBEROS5_CC_NAME parameter, 7.1.7.3
SQLNET.KERBEROS5_CLOCKSKEW parameter, 7.1.7.3
SQLNET.KERBEROS5_CONF parameter, 7.1.7.3
SQLNET.KERBEROS5_CONF_MIT parameter, 7.1.7.3
SQLNET.KERBEROS5_KEYTAB parameter, 7.1.7.3
SQLNET.KERBEROS5_REALMS parameter, 7.1.7.3
SSL sample, A.1
SSL_CLIENT_AUTHENTICATION parameter, 8.6.2.5
SSL_CLIENT_AUTHETNICATION parameter, 8.6.3.3
SSL_VERSION parameter, 8.6.2.4, 8.6.3.5
Trace File Set Up sample, A.1
sqlnet.ora file, TDE (transparent data encryption), 3.2.1.1, 3.2.2.1, 3.3.1.1, 3.5.1, 3.7.1, 3.8.1.1, 3.9
SQLNET.RADIUS_ALTERNATE parameter, 6.3.2.3
SQLNET.RADIUS_ALTERNATE_PORT parameter, 6.3.2.3
SQLNET.RADIUS_ALTERNATE_RETRIES parameter, 6.3.2.3
SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter, 6.3.2.3
SQLNET.RADIUS_SEND_ACCOUNTING parameter, 6.3.5.1
SSL. See Secure Sockets Layer (SSL)
SSL wallet location, 9.4.2.1, 9.4.11
SSL_CLIENT_AUTHENTICATION parameter, 8.6.2.5, 8.6.3.3
SSL_VERSION parameter, 8.6.2.4, 8.6.3.5
SSO. See single sign-on (SSO)
SSO wallets, 9.4.14
synchronous authentication mode, RADIUS, 6.2.1
synchronous change data capture, 3.1.2.1
system requirements, 1.5
Kerberos, 1.5
RADIUS, 1.5
SSL, 1.5

T

tablespace encryption, 3.4
creating encrypted tablespaces, 3.5.3
editing the sqlnet.ora file, 3.5.1
opening wallet, 3.5.2
setting tablespace key, 3.5.1
tablespace master encryption key, 3.2.1, 3.5.1, 3.5.2, 3.7.4, 3.7.5
TDE (transparent data encryption)
concepts, 3.1
basic commands, 3.1.4
figure, 3.1.3
HSMs (hardware security modules), 3.6
PKCS#11 library, 3.7.2
user_Id:password string, 3.7.4
managing, 3.3
backing up and recovering keys, 3.3.2
managing wallets, 3.3.1
reference, 3.10
restrictions, 3.1.2.1
tablespace encryption, 3.4
creating encrypted tablespaces, 3.5.3
opening wallet, 3.5.2
setting tablespace key, 3.5.1
troubleshooting, 3.9
tutorial, 3.8
using, 3.2
creating tables, 3.2.4
editing the sqlnet.ora file, 3.2.1.1, 3.3.1.1, 3.8.1.1
enabling, 3.2.1
encrypting columns, 3.2.5
opening wallet, 3.2.3
setting master encryption key, 3.2.2
thin JDBC support, 5
TLS See Secure Sockets Layer (SSL)
token cards, 1.2.2.2.2
trace file
set up sample for sqlnet.ora file, A.1
transparent data encryption
See TDE
transportable tablespaces, 3.1.2.1
Triple-DES encryption algorithm, 1.2.1.1.3
troubleshooting, 7.4
Entrust-enabled SSL, G.6

U

utilities, import/export, 3.1.2.1

W

wallet, 8.2.2.4
wallets
auto login, 9.4.14
changing a password, 9.4.13
closing, 3.1.4, 3.7.6, 9.4.4
creating, 9.4.2
deleting, 9.4.12
managing, 9.4
managing certificates, 9.5
managing trusted certificates, 9.5.2
opening, 3.1.4, 3.2.3, 3.7.6, 3.8.1.3, 3.10.3, 9.4.3
Oracle Applications wallet location, 9.4.11
saving, 9.4.9
setting location, 8.6.2.2
SSL wallet location, 9.4.2.1, 9.4.11
SSO wallets, 9.4.14

X

X.509 certificate
difference from PKCS #7 certificate chain, 9.5.1.2
X.509 PKI certificate standard, G.1.1