RE: encryption

• From: "TJ Kiernan" <tkiernan@xxxxxxxxxxx>
• To: "Zelli, Brian" <Brian.Zelli@xxxxxxxxxxxxxxx>, <andy@xxxxxxxxxxxxxxx>
• Date: Tue, 19 Mar 2013 12:23:16 -0500

I would strongly recommend the 2nd edition of Expert Oracle Database 
Architecture.  Chapter 16 is all about encryption, and it first draws the 
distinction between encrypting data at rest (on disk) and data in motion 
(network traffic).  Tom breaks down the difference between the two, the 
advantages & gotchas (such as CPU overhead and encrypting indexed columns and 
losing range scans), tablespace-level encryption (available in 11g TDE), and a 
how-to setup TDE.  If reading is not your thing, the Oracle has some webcasts 
on the subject as well.  They're marketing material, but there's some good 
background "what problems can we solve with encryption" information as well.

"Encrypt THE DATABASES," is potentially a very tall order, and you need to 
understand the risks that your security team is trying to mitigate before you 
can make any sort of recommendation on the appropriate course of action (what 
Ryan said).  Is there data that internal users shouldn't access 
(PCI/HIPAA/HITECH Act)?  That may be Virtual Private Database (included in EE) 
instead of encryption and possibly Database Vault.  What about encrypting 
backups? 

This is a big subject.  Too big for an email list, imho.  Mitigating your risks 
will certainly cost time and almost certainly money.  Understand the objectives 
so you can find the best tools for the job.

Thanks,
T. J.
 


-----Original Message-----
From: Zelli, Brian [mailto:Brian.Zelli@xxxxxxxxxxxxxxx] 
Sent: Tuesday, March 19, 2013 11:44 AM
To: TJ Kiernan; andy@xxxxxxxxxxxxxxx
Cc: gints.plivna@xxxxxxxxx; oracle-l@xxxxxxxxxxxxx
Subject: RE: encryption

Ok, our "security" team is telling us we have to encrypt the databases.    If 
people have sqlplus or sqldev access or what sucks is MS Access front ends to 
databases it would not be encrypted?  
Or would they need something on their machine to de-crypt?

ciao,
Brian

----------------------------------
Brian Zelli
Senior Database Administrator
Enterprise Apps/Sys Integration
Roswell Park Cancer Institute
(716) 845-4460
brian.zelli@xxxxxxxxxxxxxxx
----------------------------------


--
//www.freelists.org/webpage/oracle-l

• References:
  • RE: encryption
    • From: TJ Kiernan
  • RE: encryption
    • From: Zelli, Brian

Other related posts:

• » encryption- Zelli, Brian
• » Re: encryption- Gints Plivna
• » Re: encryption- Ryan January
• » RE: encryption- TJ Kiernan
• » Re: encryption- Tim Gorman
• » RE: encryption- Zelli, Brian
• » RE: encryption- TJ Kiernan
• » Re: encryption- Hans Forbrich
• » RE: encryption- TJ Kiernan
• » Re: encryption- Andy Klock
• » RE: encryption- TJ Kiernan
• » RE: encryption- Zelli, Brian
• » Re: encryption- Ryan January
• » Re: encryption- Hans Forbrich
• » RE: encryption - TJ Kiernan
• » RE: encryption- Upendra N
• » Re: encryption- Steve Montgomerie
• » Re: encryption- wblanchard

1. Home
2. oracle-l
3. Archive
4. 03-2013

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---