Index

A B C D E F G H I J K L M N O P R S T U W X

A

accounting, RADIUS, 6.3.5

activating checksumming and encryption, 4.4.1

adapters, 1.3

ALTER SYSTEM SET command

closing encryption wallets, 3.2.7.1

opening encryption wallets, 3.2.3, 3.2.7.1, 3.4.1.3

opening HSM wallets, 3.2.6.6

setting master encryption key, 3.2.2.1, 3.2.6.4, 3.4.1.2

anonymous, 8.6.2.3

asynchronous authentication mode in RADIUS, 6.2.2

authentication, 1.3

configuring multiple methods, 10.3

methods, 1.2.2.2

modes in RADIUS, 6.2

auto login wallets

and Transparent Data Encryption (TDE), 3.2.1.2, 3.2.2.2

B

benefits of Oracle Advanced Security, 1.2

BFILE, 3.2.4.7

browser certificates, using with Oracle Wallet Manager, 9.5.1.3.1

C

certificate, 8.2.2.2

browser, using with Oracle Wallet Manager, 9.5.1.3.1

certificate authority, 8.2.2.1

certificate revocation lists, 8.2.2.3

manipulating with orapki tool, 8.8.4

uploading to LDAP directory, 8.8.4

where to store them, 8.8.2

certificate revocation status checking

disabling on server, 8.8.3

certificate validation error message

CRL could not be found, 8.8.5.1

CRL date verification failed with RSA status, 8.8.5.1

CRL signature verification failed with RSA status, 8.8.5.1

Fetch CRL from CRL DP

No CRLs found, 8.8.5.1

OID hostname or port number not set, 8.8.5.1

challenge-response authentication in RADIUS, 6.2.2

change data capture, synchronous, 3.2.4.7

cipher block chaining mode, 1.2.1.1.3

cipher suites

Secure Sockets Layer (SSL), B.3.2.1

client authentication in SSL, 8.6.2.5

configuration files

Kerberos, B.1

configuring

Entrust-enabled Secure Sockets Layer (SSL)

on the client, G.4.3

Kerberos authentication service parameters, 7.1.7.1

Oracle server with Kerberos, 7.1.2

RADIUS authentication, 6.3.2

SSL, 8.6

on the client, 8.6.3

on the server, 8.6.2

thin JDBC support, 5

connecting

with username and password, 10.1

CRL, 8.2.2.3

CRLAdmins directory administrative group, F.6.7.1

CRLs

disabling on server, 8.8.3

where to store them, 8.8.2

cryptographic hardware devices, 8.2.2.5

D

Data Encryption Standard (DES), 4.1.2

DES encryption algorithm, 1.2.1.1.2

DES40 encryption algorithm, 4.1.3.1

Triple-DES encryption algorithm, 1.2.1.1.3, 4.1.3

data integrity, 1.2.1.2, 1.2.1.2

database links

RADIUS not supported, 6.1

DES. See Data Encryption Standard (DES)

Diffie-Hellman, 8.6.2.3

Diffie-Hellman key negotiation algorithm, 4.3

E

encryption and checksumming

activating, 4.4.1

negotiating, 4.4.2

parameter settings, 4.4.3

ENCRYPTION_WALLET_LOCATION parameter, 3.2.1.1, 3.2.5.1, 3.2.6.1, 3.3.1.1, 3.4.1.1

Entrust Authority

creating database users, G.4.6

Entrust Authority for Oracle, G.2.1

Entrust Authority Software

authentication, G.3, G.4

certificate revocation, G.1.3

components, G.2, G.2.1.1

configuring

client, G.4.4

server, G.4.5

Entelligence, G.2.1.3

etbinder command, G.4.5.1

issues and restrictions, G.5

key management, G.1.2

profiles, G.4.1

administrator-created, G.4.1

user-created, G.4.1.2

Self-Administration Server, G.2.1.2

versions supported, G.2

Entrust, Inc., G

Entrust-enabled SSL

troubleshooting, G.6

Entrust/PKI Software, 1.2.2.2.4

error messages

ORA-12650, 4.4.1, 4.4.2.1, 4.4.2.2, A.2.5, A.2.6, A.2.7, A.2.8

ORA-28890, G.6

etbinder command, G.4.5.1

external large objects (BFILE), 3.2.4.7

F

Federal Information Processing Standard

configuration, Preface

Federal Information Processing Standard (FIPS), 1.2.1.3, D

sqlnet.ora parameters, D.1

FIPS 140-2 Level 2 certification, E

FIPS Parameter

Configuring, E.1

FIPS. See Federal Information Processing Standard (FIPS)

G

grid computing

benefits, 1.1.1

defined, 1.1.1

GT GlossaryTitle, Glossary

H

handshake

SSL, 8.1.3

HSMs (hardware security modules)

PKCS#11 library, 3.2.6.2

sqlnet.ora file, 3.2.6.1

user_Id:password string, 3.2.6.4

I

import/export utilities, original, 3.2.4.7, 3.2.4.7

index range scans, 3.1.2.2

initialization parameter file

parameters for clients and servers using Kerberos, B.1

parameters for clients and servers using RADIUS, B.2

parameters for clients and servers using SSL, B.3

Internet Explorer certificates

using with Oracle Wallet Manager, 9.5.1.3

J

Java Byte Code Obfuscation, 5.1.4

Java Database Connectivity (JDBC)

configuration parameters, 5.2

Oracle extensions, 5.1.1

thin driver features, 5.1.2

Java Database connectivity (JDBC)

implementation of Oracle Advanced Security, 5.1

JDBC. See Java Database Connectivity

K

Kerberos, 1.2.2.2.1, 1.2.2.2.1

authentication adapter utilities, 7.2

configuring authentication, 7.1, 7.1.7.1

kinstance, 7.1.2

kservice, 7.1.2

realm, 7.1.2

sqlnet.ora file sample, A.1

system requirements, 1.4, 1.4

kinstance (Kerberos), 7.1.2

kservice (Kerberos), 7.1.2

L

LAN environments

vulnerabilities of, 1.1.3.1

large objects

BFILE, 3.2.4.7

BLOB, 3.2.4.7

CLOB, 3.2.4.7

external, 3.2.4.7

LOB, 3.2.4.7

ldap.ora

which directory SSL port to use for no authentication, 8.8.4.3

listener

endpoint

SSL configuration, 8.6.2.7

M

managing roles with RADIUS server, 6.3.9

MD5 message digest algorithm, 4.2.1

Microsoft Internet Explorer certificates

using with Oracle Wallet Manager, 9.5.1.3

N

nCipher hardware security module

using Oracle Net tracing to troubleshoot, 8.9.4

Netscape certificates

using with Oracle Wallet Manager, 9.5.1.3

Netscape Communications Corporation, 8.1

NOMAC parameter (TDE), 3.2.4.1.3

O

obfuscation, 5.1.4

okdstry

Kerberos adapter utility, 7.2

okinit

Kerberos adapter utility, 7.2

oklist

Kerberos adapter utility, 7.2

ORA-12650 error message, A.2.6

ORA-28330, 3.5

ORA-28331, 3.5

ORA-28332, 3.5

ORA-28333, 3.5

ORA-28334, 3.5

ORA-28335, 3.5

ORA-28336, 3.5

ORA-28337, 3.5

ORA-28338, 3.5

ORA-28339, 3.5

ORA-28340, 3.5

ORA-28341, 3.5

ORA-28342, 3.5

ORA-28343, 3.5

ORA-28344, 3.5

ORA-28345, 3.5

ORA-28346, 3.5

ORA-28347, 3.5

ORA-28348, 3.5

ORA-28349, 3.5

ORA-28350, 3.5

ORA-28351, 3.5

ORA-28353, 3.5

ORA-28354, 3.5

ORA-28356, 3.5

ORA-28357, 3.5

ORA-28358, 3.5

ORA-28359, 3.5

ORA-28361, 3.5

ORA-28362, 3.5

ORA-28363, 3.5

ORA-28364, 3.5

ORA-28365, 3.5

ORA-28366, 3.5

ORA-28367, 3.5

ORA-28368, 3.5

ORA-28369, 3.5

ORA-28370, 3.5

ORA-28371, 3.5

ORA-28372, 3.5

ORA-28373, 3.5

ORA-28374, 3.5

ORA-28375, 3.5

ORA-28376, 3.5

ORA-28377, 3.5

ORA-28378, 3.5

ORA-28885 error, 9.1.6

ORA-40300 error message, 8.9.4.1

ORA-40301 error message, 8.9.4.1

ORA-40302 error message, 8.9.4.1

Oracle Advanced Security

checksum sample for sqlnet.ora file, A.1

configuration parameters, 5.2

disabling authentication, 10.2

encryption sample for sqlnet.ora file, A.1

Java implementation, 5.1, 5.1.3

SSL features, 8.1.2

Oracle Applications wallet location, 9.4.11

Oracle Internet Directory

Diffie-Hellman SSL port, 8.8.4.3

Oracle parameters

authentication, 10.4

Oracle Password Protocol, 5.1.3

Oracle Wallet Manager

importing PKCS #7 certificate chains, 9.5.1.2

orapki

adding a root certificate to a wallet with, F.3.2

adding a trusted certificate to a wallet with, F.3.2

adding user certificates to a wallet with, F.3.2

changing the wallet password with, F.3.1

creating a local auto login wallet with, F.3.1

creating a signed certificate for testing, F.2

creating a wallet with, F.3.1

creating an auto login wallet with, F.3.1

exporting a certificate from a wallet with, F.3.3

exporting a certificate request from a wallet with, F.3.3

viewing a test certificate with, F.2

viewing a wallet with, F.3.1

orapki tool, 8.8.4

original import/export utilities, 3.2.4.7, 3.2.4.7

OS_AUTHENT_PREFIX parameter, 10.4.3

OSS.SOURCE.MY_WALLET parameter, 8.6.2.2, 8.6.3.3

P

paragraph tags

GT GlossaryTitle, Glossary

parameters

authentication

Kerberos, B.1

RADIUS, B.2

Secure Sockets Layer (SSL), B.3

configuration for JDBC, 5.2

encryption and checksumming, 4.4.3

PKCS #11 devices, 8.2.2.5

PKCS #11 error messages

ORA-40300, 8.9.4.1

ORA-40301, 8.9.4.1

ORA-40302, 8.9.4.1

PKCS #7 certificate chain, 9.5.1.2

difference from X.509 certificate, 9.5.1.2

Public Key Infrastructure (PKI)

certificate, 8.2.2.2

certificate authority, 8.2.2.1

certificate revocation lists, 8.2.2.3

PKCS #11 hardware devices, 8.2.2.5

wallet, 8.2.2.4

public key infrastructure (PKI), 1.2.2.2.3, 1.2.2.2.4

R

RAC (Real Application Clusters)

and TDE (transparent data encryption), 3.2.7

RADIUS, 1.2.2.2.2, 1.2.2.2.2

accounting, 6.3.5

asynchronous authentication mode, 6.2.2

authentication modes, 6.2

authentication parameters, B.2

challenge-response

authentication, 6.2.2

user interface, C.1, C.2

configuring, 6.3.2

database links not supported, 6.1

location of secret key, 6.3.2.3

smartcards and, 1.2.2.2.2, 6.2.2, 6.3.2.3, C.1

sqlnet.ora file sample, A.1

synchronous authentication mode, 6.2.1

system requirements, 1.4

RC4 encryption algorithm, 1.2.1.1.1, 4.1.4

realm (Kerberos), 7.1.2

restrictions, 1.5

revocation, G.1.3

roles

managing with RADIUS server, 6.3.9

RSA Security, Inc. (RSA), 1.2.1.1.1

S

salt (TDE)

adding, 3.2.4.4

removing, 3.2.4.4

See also TDE (transparent data encryption)

secret key

location in RADIUS, 6.3.2.3

Secure Sockets Layer (SSL), 1.2.2.2.3

architecture, 8.3.1

authentication parameters, B.3

authentication process in an Oracle environment, 8.1.3

cipher suites, B.3.2.1

client authentication parameter, B.3.4

client configuration, 8.6.3

combining with other authentication methods, 8.3, 8.3

configuring, 8.6

configuring Entrust-enabled SSL on the client, G.4.3

enabling, 8.6

enabling Entrust-enabled SSL, G.4

handshake, 8.1.3

industry standard protocol, 8.1

requiring client authentication, 8.6.2.5

server configuration, 8.6.2

sqlnet.ora file sample, A.1

system requirements, 1.4

version parameter, B.3.3

wallet location, parameter, B.3.5

SecurID, 6.2.1

token cards, 6.2.1

security

Internet, 1.1.2

Intranet, 1.1.2

threats, 1.1.3

data tampering, 1.1.3.2

dictionary attacks, 1.1.3.4

eavesdropping, 1.1.3.1

falsifying identities, 1.1.3.3

password-related, 1.1.3.4

Security Sockets Layer (SSL)

use of term includes TLS, 8.1.1

single sign-on (SSO), 1.2.2.2.4, G.1.1

smartcards, 1.2.2.2.2

and RADIUS, 1.2.2.2.2, 6.2.2, 6.3.2.3, C.1

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 7.1.7.1

SQLNET.AUTHENTICATION_SERVICES parameter, 6.3.2.1, 7.1.7.1, 8.6.2.6, 8.6.2.6, 8.6.3.6, 8.6.3.6, 10.2, 10.3

SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 4.4.3.2

SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 4.4.3.2

SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 4.4.3.2, A.2.8

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 4.4.3.2, A.2.7

SQLNET.ENCRYPTION_CLIENT parameter, 4.4.3.1, A.2.2

SQLNET.ENCRYPTION_SERVER parameter, 4.4.3.1, A.2.1

SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 4.4.3.1, A.2.6

SQLNET.ENCRYPTION_TYPES_SERVER parameter, 4.4.3.1, A.2.5

SQLNET.FIPS_140 parameter, D.1.5

SQLNET.KERBEROS5_CC_NAME parameter, 7.1.7.3

SQLNET.KERBEROS5_CLOCKSKEW parameter, 7.1.7.3

SQLNET.KERBEROS5_CONF parameter, 7.1.7.3

SQLNET.KERBEROS5_CONF_MIT parameter, 7.1.7.3

SQLNET.KERBEROS5_KEYTAB parameter, 7.1.7.3

SQLNET.KERBEROS5_REALMS parameter, 7.1.7.3

sqlnet.ora file

Common sample, A.1

FIPS 140-1 parameters, D.1

Kerberos sample, A.1

Oracle Advanced Security checksum sample, A.1

Oracle Advanced Security encryption sample, A.1

OSS.SOURCE.MY_WALLET parameter, 8.6.2.2, 8.6.3.3

parameters for clients and servers using Kerberos, B.1

parameters for clients and servers using RADIUS, B.2

parameters for clients and servers using SSL, B.3

RADIUS sample, A.1

sample, A.1

SQLNET.AUTHENTICATION_KERBEROS5_SERVICE parameter, 7.1.7.1

SQLNET.AUTHENTICATION_SERVICES parameter, 7.1.7.1, 8.6.2.6, 8.6.2.6, 8.6.3.6, 8.6.3.6, 10.2, 10.3

SQLNET.CRYPTO_CHECKSUM_CLIENT parameter, 4.4.3.2

SQLNET.CRYPTO_CHECKSUM_SERVER parameter, 4.4.3.2

SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT parameter, 4.4.3.2, A.2.8

SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER parameter, 4.4.3.2, A.2.7

SQLNET.ENCRYPTION_CLIENT parameter, A.2.2

SQLNET.ENCRYPTION_SERVER parameter, 4.4.3.1, A.2.1

SQLNET.ENCRYPTION_TYPES_CLIENT parameter, 4.4.3.1, A.2.6

SQLNET.ENCRYPTION_TYPES_SERVER parameter, 4.4.3.1, A.2.5

SQLNET.FIPS_140 parameter, D.1.5

SQLNET.KERBEROS5_CC_NAME parameter, 7.1.7.3

SQLNET.KERBEROS5_CLOCKSKEW parameter, 7.1.7.3

SQLNET.KERBEROS5_CONF parameter, 7.1.7.3

SQLNET.KERBEROS5_CONF_MIT parameter, 7.1.7.3

SQLNET.KERBEROS5_KEYTAB parameter, 7.1.7.3

SQLNET.KERBEROS5_REALMS parameter, 7.1.7.3

SSL sample, A.1

SSL_CLIENT_AUTHENTICATION parameter, 8.6.2.5

SSL_CLIENT_AUTHETNICATION parameter, 8.6.3.3

SSL_VERSION parameter, 8.6.2.4, 8.6.3.5

Trace File Set Up sample, A.1

sqlnet.ora file, TDE (transparent data encryption), 3.2.2.1, 3.2.5.1, 3.2.6.1, 3.4.1.1, 3.5

SQLNET.RADIUS_ALTERNATE parameter, 6.3.2.3

SQLNET.RADIUS_ALTERNATE_PORT parameter, 6.3.2.3

SQLNET.RADIUS_ALTERNATE_RETRIES parameter, 6.3.2.3

SQLNET.RADIUS_ALTERNATE_TIMEOUT parameter, 6.3.2.3

SQLNET.RADIUS_SEND_ACCOUNTING parameter, 6.3.5.1

SSL. See Secure Sockets Layer (SSL)

SSL wallet location, 9.4.2.1, 9.4.11

SSL_CLIENT_AUTHENTICATION parameter, 8.6.2.5, 8.6.3.3

SSL_VERSION parameter, 8.6.2.4, 8.6.3.5

SSO. See single sign-on (SSO)

SSO wallets, 9.4.14

synchronous authentication mode, RADIUS, 6.2.1

synchronous change data capture, 3.2.4.7

system requirements, 1.4

Kerberos, 1.4

RADIUS, 1.4

SSL, 1.4

T

tablespace encryption

creating encrypted tablespaces, 3.2.5.3

editing the sqlnet.ora file, 3.2.5.1

opening wallet, 3.2.5.2

setting tablespace key, 3.2.5.1

tablespace master encryption key, 3.2.5.1, 3.2.5.2

TDE (transparent data encryption)

and Oracle RAC (Real Application Clusters), 3.2.7

concepts, 3.1

figure, 3.1.2.2

HSMs (hardware security modules)

PKCS#11 library, 3.2.6.2

user_Id:password string, 3.2.6.4

managing, 3.3

backing up and recovering keys, 3.3.2

managing wallets, 3.3.1

reference, 3.6

restrictions, 3.2.4.7

tablespace encryption

creating encrypted tablespaces, 3.2.5.3

opening wallet, 3.2.5.2

setting tablespace key, 3.2.5.1

troubleshooting, 3.5

using, 3.2

creating tables, 3.2.4.1

editing the sqlnet.ora file, 3.4.1.1

encrypting columns, 3.2.4.2

opening wallet, 3.2.3

setting master encryption key, 3.2.2

thin JDBC support, 5

TLS See Secure Sockets Layer (SSL)

token cards, 1.2.2.2.2

trace file

set up sample for sqlnet.ora file, A.1

transparent data encryption

See TDE

transportable tablespaces, 3.2.4.7

Triple-DES encryption algorithm, 1.2.1.1.3

troubleshooting, 7.4

Entrust-enabled SSL, G.6

U

utilities, import/export, 3.2.4.7

W

wallet, 8.2.2.4

wallets

auto login, 3.2.1.2, 3.2.2.2, 9.4.14

changing a password, 9.4.13

closing, 3.2.6.6, 3.2.7.1, 9.4.4

creating, 9.4.2

deleting, 9.4.12

managing, 9.4

managing certificates, 9.5

managing trusted certificates, 9.5.2

opening, 3.2.3, 3.2.6.6, 3.2.7.1, 3.4.1.3, 3.6.2, 9.4.3

Oracle Applications wallet location, 9.4.11

saving, 9.4.9

setting location, 8.6.2.2

SSL wallet location, 9.4.2.1, 9.4.11

SSO wallets, 9.4.14

X

X.509 certificate

difference from PKCS #7 certificate chain, 9.5.1.2

X.509 PKI certificate standard, G.1.1