Sicherheitsmatrix der Oracle DB

  Security Feature     8i     9i     9iR2     10g R1     10g R2     11g R1  
Adv. Security Option: TDE:
  Tablespace encryption
          X
Adv. Security Option: TDE:
  SecureFile LOB encryption
          X
Adv. Security Option: TDE:
  HSM support for master key
  mgmt
          X
Adv. Security Option:
  Kerberos: Long principal
  names
          X
Adv. Security Option:
  Kerberos: Credential cache
          X
Adv. Security Option:
  Strong Authentication for
  SYSDBA and SYSOPER
  connections
          X
Standards Based Password
  Verifier (SHA-1)
          X
Support for Multi-case &
  Special Characters in
  Passwords
          X
TDE, VPD, OLS, AppContext,
  EUS managed in Enterprise
  Manager (except OWM)
          X
SYSASM instead of SYSDBA
  for managing ASM
          X
Automatic Secure
  Configuration (Auditing,
  Password expiration etc.)
          X
 
Database Vault: Privileged
  User Controls
    X   X X
Database Vault:
  Multi-factor authorization
    X   X X
Database Vault: Custom
  access control policies
    X   X X
Database Vault: Command
  Rules
    X   X X
Database Vault: Separation
  of duty
    X   X X
VPD support for column
  policies
      X X X
VPD support for column
  masking
      X X X
Enhanced policy caching for
  VPD
      X X X
OLS – Store policies and
  user authorizations in
  Oracle Internet Directory
      X X X
OLS fully supports RAC and
  TAF
        X X
DBMS_CRYPTO replaces
  DBMS_OBFUSCATION_TOOLKIT
      X X X
Enterprise Manager
  introduces a basic policy
  for helping DBA’s harden an
  Oracle installation
      X X X
Enterprise Manager helps
  with patch management
      X X X
Proxy Authentication –
  supports thin-JDBC
      X X X
‚Connect‘ role grants
  ‚create session‘ only (use
  rstrconn.sql to revert to
  old behavior)
        X X
Remote Listener admin only
  possible when Listener
  password is set
        X X
Fine Grained auditing
  supports all DML
      X X X
Extended and Uniform Audit
  Trail
      X X X
Dynamic OS auditing
  location change
      X X X
SQL capture added to
  standard auditing
      X X X
Kerberos support for
  Enterprise Users
      X X X
All PKI dependencies
  removed for Enterprise User
  Security (except dblink)
      X X X
Multiple verifier support,
  case-sensitive password
  support in EUS
      X X X
Transparent Data
  Encryption: Compliance
  enablement
        X X
 
VPD support of partitioned
  fined-grained access control
  X X X X X
Global Application Context   X X X X X
OLS supported on all
  platforms
  X X X X X
Oracle Label Security:
  Releasabilities
    X X X X
VPD support for Static and
  Dynamic Policies
    X X X X
Secure Application Roles   X X X X X
Default accounts locked on
  install
  X X X X X
Proxy Authentication –
  supports thick-JDBC
  X X X X X
Proxy Auth. – credential
  proxy of X.509 certificates
  or Distinguished Names (DN)
  X X X X X
DBA GRANT/REVOKE of Object
  Privileges
    X X X X
Password for Users SYS and
  SYSTEM at Database Creation
    X X X X
Fine Grained Auditing   X X X X X
Audit SYS user     X X X X
Password authenticated
  Enterprise User Security
  X X X X X
Strong Authentication:
  Support for RADIUS
  Authorizations
  X X X X X
Support for PKCS#12
  certificates
  X X X X X
User Migration Utility for
  migrating DB users to LDAP
    X X X X
Network encryption support
  for AES
    X X X X
Public Key Infrastructure:
  SSL Hardware Acceleration
    X X X X
 
Virtual Private Database
  (VPD) allows transparent
  fine-grained access control
X X X X X X
Application context allows
  a secure and private
  application-defined cache
  (local)
X X X X X X
Database logon triggers
  allows preliminary security
  checks and setup capability
X X X X X X
Oracle Label Security – (on
  Sun Solaris only)
X (8.1.7) X X X X X
Policy Manager for GUI
  management of Fine Grained
  Access Control
X (8.1.7) (1) X X X X  
  Oracle Label Security receives Common Criteria EAL4
  evaluation (
    target=“_new“>Status
  )  
X (8.1.7.)   X X X  
VPD support for Parallel
  Query
X X X X X X
  Database receives Common Criteria EAL4 evaluation (
    target=“_new“>Status
  )  
X (8.1.7.)   X X X  
Password complexity
  routines ensuring password
  policies
X X X X X X
User profiles supports
  password management
X X X X X X
Account locking X X X X X X
Proxy Authentication for
  OCI programs
X (8.1.7) X X X X X
DBMS_OBFUSCATION_TOOLKIT
  for stored database
  encryption and hashing
X X X X X X
Enterprise Users for
  centralized user management
  and schema separation
X X X X X X
Network encryption receives
  FIPS evaluation
X (8.1.6) X X X X X
SSL for encryption and
  strong authentication
X X X X X X
Network encryption for
  ‚thin‘ JDBC drivers
X (8.1.6) X X X X X
Unified User Model joins
  Web-based SSO with Database
  Enterprise Users
X X X X X X
  (1): OLS only  
 
 

* keine verbindliche Auflistung!

Advertisements

~ von bmaier - 21. Februar 2008.

Kommentar verfassen

Bitte logge dich mit einer dieser Methoden ein, um deinen Kommentar zu veröffentlichen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s

 
%d Bloggern gefällt das: