introduction to oracle security
DESCRIPTION
Introduction to Oracle Security. 中原大學應用數學系 劉 立 民. Know your threats. Erasing your data Changing your data in an undetectable manner Reading your data to compromise your organization ’ s position Destroying your data. Internal and External threats. Internal threats Behind your firewall - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/1.jpg)
Introduction to Oracle Security
中原大學應用數學系劉 立 民
![Page 2: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/2.jpg)
Know your threats
Erasing your data Changing your data in an
undetectable manner Reading your data to compromise
your organization’s position Destroying your data
![Page 3: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/3.jpg)
Internal and External threats
Internal threats Behind your firewall Can access your network
External threats Hacker (white hat) Cracker (black hat) Gray hat
![Page 4: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/4.jpg)
Top security myths Myth: Hackers cause most security
breaches. In fact, 80% of data loss is to caused by insiders.
Myth: Encryption makes your data secure. In fact, encryption is only one approach to
securing data. Security also requires access control, data integrity, system availability, and auditing.
Myth: Firewalls make your data secure. In fact, 40% of Internet break-ins occur in spite
of a firewall being in place.
![Page 5: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/5.jpg)
Who can do what
Authentication The process used to determine that a
user is who he or she claims to be Authorization
Authorization is based on matching an identity with a list of rights, priviliges, or areas of access
![Page 6: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/6.jpg)
Typical E-Commerce Architecture
![Page 7: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/7.jpg)
Dimensions of Data Security
![Page 8: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/8.jpg)
Fundamental Data Security Requirements
Confidentiality
Integrity
Availability
![Page 9: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/9.jpg)
Confidentiality
Privacy of Communications Secure Storage of Sensitive Data Authenticated Users Granular Access Control
![Page 10: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/10.jpg)
Integrity System and object privileges control access
to application tables and system commands, so that only authorized users can change data.
Referential integrity is the ability to maintain valid relationships between values in the database, according to rules that have been defined.
A database must be protected against viruses designed to corrupt the data.
The network traffic must be protected from deletion, corruption, and eavesdropping.
![Page 11: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/11.jpg)
Availability
![Page 12: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/12.jpg)
Security Requirements in the Internet Environment
Promises and Problems of the Internet
Increased Data Access Much More Valuable Data Larger User Communities Hosted Systems and Exchanges
![Page 13: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/13.jpg)
Data Security Risks Data Tampering Eavesdropping and Data Theft Falsifying User Identities Password-Related Threats Unauthorized Access to Tables and
Columns Unauthorized Access to Data Rows Lack of Accountability Complex User Management Requirements
![Page 14: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/14.jpg)
A Matrix of Security Risks and Solutions
![Page 15: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/15.jpg)
A Matrix of Security Risks and Solutions (Con’t)
![Page 16: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/16.jpg)
A Matrix of Security Risks and Solutions (Con’t)
![Page 17: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/17.jpg)
The System Security Team
![Page 18: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/18.jpg)
Security Oracle on UNIX
How the Oracle database runs PMON, SMON, DBWR, DBW0, LGWR,
RECO, CKPT, ARCH Installing Oracle on UNIX
Create a group named oinstall for installation
Create an account called oracle to install/own the software
![Page 19: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/19.jpg)
Oracle’s recommended groups ORA_ALL: all users allowed to access the
ORACLE_HOME directory ORADBA: users to map to the OSDBA role. ORAOPER: users to map to OSOPER role. ORASTARTUP: users who will need to start
up an instance. ORAOWNER: users who will have full
access to the operating system file.
![Page 20: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/20.jpg)
Oracle’s group hierarchy
ORA_ALL
ORASTARTUP
ORAOPER ORAOWNER
ORADBA
![Page 21: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/21.jpg)
Set file permissions Change the group of the ORACLE_HOME
directory to ORA_ALL and set the permission to 750 to restricts anyone who has not explicitly been added to the ORA_ALL group.
Change the group of all files and directories under ORACLE_HOME to ORAOWNER and set permission to 775.
For the ORACLE_HOME/rdbms/log and audit directories, set the permission to 750.
For the oracle executable file change the group to ORASTARTUP and set the permissions to 6710.
![Page 22: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/22.jpg)
Advantages gained from the architecture Denies access to all users, yet allows you
to grant limited access to SQL*PLUS users Provides the ability to name OSDBA and
OSOPER users who do not have free reign over the file system.
Provides the ability to grant control of files in ORACLE_HOME to individual Unix users.
Prevents users with full control of the ORACLE_HOME from deleting audit logs and manipulating or viewing the data files.
![Page 23: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/23.jpg)
Security of raw device A raw device is a partition on the hard drive that
is not mounted or controlled via the UNIX file system.
Use ls on /dev/rdsk directory to locate your raw devices.
Change permissions on raw devices#chown oracle /dev/rdsk/dks2d2s3#chgrp oinstall /dev/rdsk/dks2d2s3#chmod 700 /dev/rdsk/dks2d2s3
Use the raw devicecreate database TESTDBlogfile ‘/oracle/dbs/logfile1.f’ size 100k
‘/oracle/dbs/logfile2.f’ size 100kdatafile ‘/dev/rdsk/dks2d2s3’ size 10000k reuse;
![Page 24: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/24.jpg)
Firewalls and Oracle A firewall is a single point of control on a
network, used to prevent unauthorized clients from reaching the server.
It acts as a filter, screening out unauthorized network users from using the intranet.
Firewalls are rule-based. They have a list of rules that define which clients can connect, and which cannot.
![Page 25: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/25.jpg)
Firewall Approaches – Approach I
![Page 26: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/26.jpg)
Approach I – Pros and Cons Pros
The setup is simple Your internet computers are totally isolated from the
external computers You only require the user of a single firewall
Cons Both web server and database are open to any
attach How to make this model work
Updating patches and service packs Disabling unnecessary services Implementing strong passwords
![Page 27: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/27.jpg)
Firewall Approaches – Approach II
![Page 28: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/28.jpg)
Approach II – Pros and Cons
Pros The setup is simple Low cost of the configuration Compare to approach I, the security is
much tighter Cons
Allowing packets through the firewall into the internal network weakens the security
![Page 29: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/29.jpg)
Firewall Approaches – Approach III
![Page 30: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/30.jpg)
Approach III – Pros and Cons Pros
Compare to approach II, the security is much tighter
Cons Web server remains exposed to attach
How to make this model work Must harden the OS that the web server runs
on Many security holes are discovered every day
![Page 31: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/31.jpg)
Firewall Approaches – Approach IV
![Page 32: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/32.jpg)
Approach IV Pros
Compare to approach III, the model is more robust
It limits the ability to spoof and separated external machines from internal machines
Even if the machines in the DMZ (demilitarized zone, area between firewalls) are compromised, the setup continues to protect the internal network from servers in the DMZ.
![Page 33: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/33.jpg)
What a firewall does not prevent Firewalls cannot protect you from internal
attacks Firewalls cannot stop a hacker who can
get around your firewall. For instance, by calling into a modem on a computer that is connected to your internal network
Firewalls cannot stop a hacker attacking your laptop when it is connected to a cable modem at employee’s home
Firewalls cannot stop virus like Trojan horse inside an email.
![Page 34: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/34.jpg)
Using Oracle through a firewall
Firewalls can be implemented in two ways Firewalls using Oracle Connection
Manager in an intranet environment Firewalls using Oracle Net Firewall
Proxy in an internet environment
![Page 35: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/35.jpg)
Oracle Connection Manager in an intranet environment It can be configured to grant or deny
client access to a particular database service or a computer, based on the following criteria: Source host names or IP addresses for clients Destination host names or IP addresses for
servers Destination database service names Client use of Oracle Advanced Security
![Page 36: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/36.jpg)
Intranet Network Access Control with Oracle Connection Manager
For this configuration to work, clients require the JDBC Thin driver.
![Page 37: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/37.jpg)
Oracle Net Firewall Proxy in an internet environment
Oracle Connection Manager functionality is offered by some firewall vendors through a software component called Oracle Net Firewall Proxy.
A host computer, called an application gateway, runs the Oracle Connection Manager software.
![Page 38: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/38.jpg)
Internet Network Access Control with an Application Gateway
![Page 39: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/39.jpg)
Ensuring Security in Three-Tier Systems Proxy Authentication to Ensure Three-Tier
Security An important security feature for three-tier systems is
the ability to proxy authenticated user identity from a middle tier to the database.
Java Database Connectivity (JDBC) JDBC allows Java programs to send SQL statements to
an object-relational database such as Oracle. JDBC enables a middle tier server to access a database on behalf of a client user by establishing a lightweight session for the user.
Java applets can thus transmit data over secure channels.
You can have secure connections from middle tier servers with Java Server Pages (JSPs) to the database.
![Page 40: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/40.jpg)
Overview of Oracle HTTP Server Security Oracle HTTP Server
It comes standard on the Oracle8i and Oracle9i database CDs.
It is a valuable tool for developing CGI or Java applications.
Most of the configuration options required for the Oracle HTTP Server are built during the Oracle install.
Oracle HTTP server user Apache as its engine
![Page 41: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/41.jpg)
Oracle HTTP server components
Oracle HTTP Server 1.3.12.0.3a Oracle HTTP Server Extensions 9.0.1.0.0 Oracle Mod PL/SQL Gateway 3.0.9.0.7 Apache Module for Oracle Servlet Engine 9.0.1.0.0 BC4J Runtime 5.0.0.417.1 Apache Configuration for Oracle XML Developer's Kit Oracle eBusiness Management Extensions 9.0.1.0.0 Oracle HTTP Server Extensions 9.0.1.0.0
![Page 42: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/42.jpg)
Steps for Handling URL Requests in Oracle HTTP Server
![Page 43: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/43.jpg)
Oracle web server security Ensure the data stream cannot be viewed
or tampered with by a third party You can use SSL protocol to encrypt
Consider and address authentication and authorization to ensure valid users access and manipulate the data within the stream Host-based access control
User authentication
![Page 44: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/44.jpg)
Oracle HTTP server SSL configuration
ssl.conf includes the SSL definitions and virtual host container.
It is located at: UNIX: ORACLE_HOME/Apache/Apache/conf Windows: ORACLE_HOME\Apache\Apache\
conf
![Page 45: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/45.jpg)
Understanding Host-Based Access Control You use the deny, allow, and order
directives to set this type of access control.
<Directory /internalonly/> order deny, allow deny from all allow from 192.168.1 us.oracle.com</Directory>
requests originating from any IP address in the 192.168.1.* range or with the host name us.oracle.com are allowed access to files in the directory /internalonly/
![Page 46: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/46.jpg)
Access Control for Virtual Hosts
IP-based, Name-based place the AccessConfig directive
inside a virtual host container in the server configuration file, httpd.conf ... <VirtualHost ip.address.of.host.some_domain.com> ... virtual host directives ... AccessConfig conf/access.conf </VirtualHost>
![Page 47: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/47.jpg)
Overview of Host-Based Access Control Schemes
Controlling Access by IP Address Controlling Access by Domain
Name Controlling Access by Network or
Netmask Controlling Access with
Environment Variables
![Page 48: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/48.jpg)
Controlling Access by IP Address
To configure IP address-based access control, use the syntax shown in the following example: <Directory /secure_only/> order deny,allow deny from all allow from 207.175.42.154 192.220.208.9 </Directory>
In this example, requests originating from all IP addresses except 207.175.42.154 and 192.220.208.9 are denied access to the /secure_only/ directory.
![Page 49: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/49.jpg)
Controlling Access by Domain Name
To combine domain name-based with IP address-based access control, use the syntax shown in the following example: <Directory /co_backgr/> order allow,deny allow from all # 141.217.24.179 is the IP for malicious.cracker.com deny from malicious.cracker.com 141.217.24.179 </Directory>
In this example all requests for directory /co_backgr/ are accepted except those that originate from the domain name malicious.cracker.com or the IP address 141.217.24.179.
![Page 50: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/50.jpg)
Controlling Access by Network or Netmask
You can control access based on subsets of networks, specified by IP address. <Directory /payroll/> order deny,allow deny from all allow from 10.1.0.0/255.255.0.0 </Directory>
In this example, access is allowed from a network/netmask pair.
![Page 51: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/51.jpg)
Controlling Access with Environment Variables
You can use arbitrary environment variables for access control BrowserMatch ^Mozilla netscape_browser<Directory /mozilla-area/>
order deny,allow deny from all allow from env=netscape_browser
</Directory>
In this example, allow access only to requests that come from Netscape browsers
![Page 52: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/52.jpg)
Overview of User Authentication Basic authentication that is based on
user name and password pairs. For Internet communications, SSL,
(X.509) is usually used for transmitting sensitive information such as passwords and authenticating users to Web applications and databases.
Oracle HTTP Server also supports single sign-on, which allows users to log in to multiple Web applications using a single user name and password.
![Page 53: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/53.jpg)
Basic Authentication and Authorization with mod_auth Authentication Configuration Directives
![Page 54: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/54.jpg)
Using Secure Sockets Layer (SSL) to Authenticate Users
mod_ossl is the Oracle Secure Sockets Layer (SSL) implementation in use with the Oracle database
mod_ossl replaces mod_ssl in the Oracle HTTP Server distribution.
A tool is provided to enable you to migrate from mod_ssl to mod_ossl, and convert your text certificates to Oracle wallets.
![Page 55: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/55.jpg)
Differences between mod_ossl and mod_ssl
![Page 56: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/56.jpg)
The mod_ssl directives
SSLRandomSeed SSLCertificateFile SSLCertificateKeyFile SSLCertificateChainFile SSLCACertificateFile SSLCACertificatePath SSLVerifyDepth
![Page 57: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/57.jpg)
SSL Secures Internet and Oracle Communications
![Page 58: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/58.jpg)
PKI Implementation in Oracle Advanced Security
Public Key Infrastructure (PKI) approach is an emerging means of achieving security and single sign-on, adding extra value to the Oracle Advanced Security option. Components of Oracle Public Key
Infrastructure-Based Authentication PKI Integration and Interoperability
![Page 59: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/59.jpg)
Components of Oracle Public Key Infrastructure-Based Authentication
Secure Sockets Layer Oracle Call Interface Trusted Certificates X.509 Version 3 Certificates Oracle Wallets Oracle Wallet Manager Oracle Enterprise Login Assistant Oracle Internet Directory Oracle Enterprise Security Manager
![Page 60: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/60.jpg)
Oracle Wallets An Oracle wallet is a container in which
certificates and trusted certificates are stored and managed
There is no need for real time checking with the certificate authority.
These data structures securely store a user private key, a user certificate, and a set of trusted certificates.
![Page 61: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/61.jpg)
Proxy Authentication in a Multi-tier Environment
![Page 62: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/62.jpg)
PKI Integration and Interoperability
PKCS #12 Support
Wallets Stored in Oracle Internet
Ditrcotry
Multiple Certificate Support
Strong Wallet Encryption
![Page 63: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/63.jpg)
Oracle PKI Implementation Summary PKI provides an important security
infrastructure to a network. SSL secures not only Oracle Net, but
also other protocols such as IIOP (Internet Inter-ORB Protocol), giving Oracle the ability to work with thin clients and Enterprise JavaBeans (EJB).
Certificates not only authenticate clients to servers, but they also authenticate servers to other servers.
![Page 64: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/64.jpg)
Public-Key Encryption Also called asymmetric encryption involves a pair of keys
a public key a private key
Each public key is published, and the corresponding private key is kept secret.
Based on modular arithmetic
![Page 65: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/65.jpg)
How PKI works
Knapsack problem
![Page 66: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/66.jpg)
How PKI works (Con’t) Create a new Knapsack values ( 642, 2311, 18 )
X: 1 4 6 12 25 51 105 210 421 850 Yi = (Xi * 642) % 2311 Y: 642 257 1541 771 2184 388 391 782 2206 304
[public key] Encode and encrypt message with the public
key An encrypted value 4895 can be derived very quickly
( 4895 * 18 ) % 2311 => 292292 = 1 4 6 12 25 51 105 210 421 8504895 = 642 257 1541 771 2184 388 391 782 2206 304
0 0 1 0 1 1 0 1 0 0
![Page 67: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/67.jpg)
Certificate Authorities
A certificate authority (CA) is a trusted third party which certifies that other entities--users, databases, administrators, clients, servers--are who they say they are.
A certificate authority might be an external company that offers certificate services, or an internal organization
![Page 68: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/68.jpg)
Certificates A certificate is like an electronic passport
which proves the identity of a user or device that seeks to access the network.
The certificate ensures that the entity's information is correct and that the public key actually belongs to that entity.
A certificate is created when an entity's public key is signed by a trusted identity (a certificate authority).
![Page 69: Introduction to Oracle Security](https://reader035.vdocuments.net/reader035/viewer/2022062309/5681449a550346895db143b2/html5/thumbnails/69.jpg)
Information kept in a certificate the certificate user’s name an expiration date a unique serial number assigned to the
certificate by the CA the user’s public key information about the rights and uses
associated with the certificate the name of the certificate authority that
issued the certificate the CA’s signature an algorithm identifier that identifies which
algorithm was used to sign the certificate