11g new feather (10)

Improved Database Security Oracle Database 10gR2 dramatically improved the options for encrypting sensitive data both within Oracle database tables and indexes, as well as outside the database (i.e. RMAN backups and DataPump export files) with Transparent Data Encryption (TDE). Oracle Database 11g continues to expand the use of TDE within the database. For example, it’s now possible to encrypt data at the tablespace level as well as the table and index level. Also, logical standby databases can utilize TDE to protect data that’s been transferred from its corresponding primary standby database site. Moreover, secured storage of the TDE master encryption key is insured by allowing it to be stored externally from the database server in a separate Hardware Security Module. Secure By Default. Oracle Database 11g also implements a new set of out-of-the-box security enhancements that are collectively called Secure By Default. These security settings can be enabled during database creation via the Database Configuration Assistant (DBCA), or they can be enabled later after the database has been created. Here’s a sample of these new security features: Every user account password is now checked automatically to ensure sufficient password complexity is being used. To further strengthen password security, the DEFAULT user profile now sets standard values for password grace time, life time, and lock time, as well as for the maximum number of failed login attempts. Auditing will be turned on by default for over twenty of the most sensitive DBA activities (e.g. CREATE ANY PROCEDURE, GRANT ANY PRIVILEGE, DROP USER, and so forth). Also, the AUDIT_TRAIL parameter is set to DB by default when the database is created, so this means that a database “bounce” will no longer be required to activate auditing. Fine-Grained Access Control (FGAC) is now available for network callouts when using raw TCP (e.g. via the UTL_TCP package), FGAC will be able to construct Access Control Lists (ACLs) to provide fine-grained access to external network services for specific Oracle Database 11g database user accounts. Enterprise Manager now provides interfaces for direct management of the External Security Module (ESM), Fine-Grained Auditing (FGA) policies, and Row-Level Security (RLS) policies. Finally, an RMAN recovery catalog can now be secured via Virtual Private Catalog to prevent unauthorized users from viewing backups that are registered within the catalog.