Tim, not it's not enough. redaction is to protect pii going across the network,
but it is easily cracked with just connect privs. SQL Net encryption is a must,
along with secure coding practices to protect against sql injection. If you are
going to be a collaborate16, come to my holistic database security
presentation, we go through attack surface, attack vectors and mitigations. -Rob
===================================
Robert P. LockardOracle ACEWinner of the 2015 Oracle Developers Choice Award
for Database DesignPresident Oraclewizard.com, Inc.
"When given the choice between two evils, I always take the one I have not
tried." Mae West
(cell) 571.276.4790
(office) 410.766.6960
(fax) 410.766.0332
twitter @navonpilot
youtube https://www.youtube.com/user/n4281k
blog: http://www.oraclewizard.com
-----Original Message-----
From: Tim Gorman [mailto:tim@xxxxxxxxx]
Sent: Thursday, March 10, 2016 09:38 AM
To: rob@xxxxxxxxxxxxxxxx, oracle-l@xxxxxxxxxxxxx
Subject: Re: Oracle Advanced Security and Redaction
Are encryption and redaction enough to protect the full life-cycle of
environments (i.e. prod, dev, test, train, patch, etc), or just production
environments?
In other words, once mechanisms for encryption (data at-rest and
data-inflight) and/or redaction are implemented, is personally-identifiable
information ("PII") protected across the board?
On 3/10/16 06:51, rob@xxxxxxxxxxxxxxxx wrote:
And from my Reading, it appears you need OAS to use redaction. -Rob
Oracle Advanced SecurityOracle Advanced Security helps you protect sensitive
information and comply with various privacy and compliance regulations
including breach notification laws and the Payment Card Industry Data Security
Standard (PCI-DSS) by enabling encryption inside the database that is
transparent to applications and enabling redaction of sensitive data before it
leaves the database.
Oracle Advanced Security provides two primary security features: Transparent
Data Encryption and Data Redaction. Data Redaction is new in Oracle Advanced
Security with the release of Oracle Database 12c and provides the ability to
redact sensitive information such as credit card data and social security
numbers before the information leaves the database and is displayed by
applications. Transparent Data Encryption provides encryption of data stored in
the database, exported from the database using DataPump, or disk-based backups
using Oracle RMAN.
===================================
Robert P. Lockard Oracle ACEWinner of the 2015 Oracle Developers Choice Award
for Database Design President Oraclewizard.com, Inc.
"When given the choice between two evils, I always take the one I have not
tried." Mae West
(cell) 571.276.4790
(office) 410.766.6960
(fax) 410.766.0332
twitter @navonpilot
youtube https://www.youtube.com/user/n4281k
blog: http://www.oraclewizard.com/
-----Original Message-----
From: Hans Forbrich [mailto:fuzzy.graybeard@xxxxxxxxx]
Sent: Thursday, March 10, 2016 08:41 AM
To:oracle-l@xxxxxxxxxxxxx
Subject: Re: The issue about using wireshark to dissect Oracle TNS protocol
packet
Side note: do you know that Encrypted SQL*Net does not require an extra license?
From http://docs.oracle.com/database/121/DBLIC/options.htm#DBLIC143 we read ;
"Network encryption (native network encryption and SSL/TLS) and strong
authentication services (Kerberos, PKI, and RADIUS) are no longer part of
Oracle Advanced Security and are available in all licensed editions of all
supported releases of the Oracle database."
A discuiion on how to accomlish this is at
https://docs.oracle.com/cd/B28359_01/server.111/b28337/tdpsg_network_secure.htm#CHDHFHIE
/Hans