Oracle Advanced Security Administrator's Guide Release 8.1.5 A67766-01

Library Product Contents

Index

A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z 

A

accounting, RADIUS, 3-26

activating checksumming and encryption, 2-6

adapters, authentication, 1-10

application level firewalls, 9-11

architecture of SSL

in an Oracle environment, 9-3

with other authentication methods, 9-8

assigning new pincode to SecurID card, 6-15

asynchronous (challenge-response) authentication mode in RADIUS, 3-5

attack

data modification, 2-5

replay, 2-5

authenticated RPC, protocol adapter includes, 11-3

authentication, 1-5

biometric, 7-1

centralized, 1-5

authentication adapters, 1-10

authentication modes in RADIUS, 3-4

authorization, 1-9, 9-11, Glossary-1

B

benefits of Oracle Advanced Security, 1-3

biometric authentication, 7-1

C

CDS

naming adapter components, 11-4

naming adapter includes, 11-4

CDS, using to perform name lookup, 13-13

cds_attributes file, modifying for name resolution in CDS, 13-14

Cell Directory Service (CDS), naming adapter includes, 11-4

Cell Directory Service, using to perform name lookup, 13-13

CELL_NAME, DCE address parameter, 13-2

centralized authentication, 1-5

CERN proxy server, 9-11

certificate

definition, 9-5

certificate authority

definition, 9-5, Glossary-1

challenge-response (asynchronous) authentication in RADIUS, 3-5

checksumming and encryption, activating, 2-6

checksums, 1-4

cipher suites, SSL, B-8

client authentication in SSL, requiring, 9-28

combining SSL with other authentication methods, 9-8

Common Object Request Broker Architecture (CORBA), Glossary-2

confidentiality, definition, Glossary-2

configuration files

CyberSAFE, B-2

Kerberos, B-2

needed for servers in DCE, 13-3

SecurID, B-3

configuring a server, in DCE, 13-3

configuring cipher suites in SSL, 9-25

configuring clients

in SQL*Net/DCE, 13-10

to use CDS, 13-13

configuring Oracle

for Net8/DCE, 13-1

configuring RADIUS authentication, 3-9

configuring SSL, 9-12

connect to database, to verify roles, 13-8

connecting across cells, 13-5

connecting to another cell, 13-6

connecting to Oracle database

in DCE, 19

connecting to Oracle server in DCE, 21

with username/password, 21

without username and password, 21

connecting with username/password

with authentication configured, 10-2

Connection Manager, 1-11

CORBA (Common Object Request Broker Architecture), Glossary-2

creating an Oracle server account, 7-13

creating Oracle directories in CDS, 9

creating principals and accounts, 8

cryptography, definition, Glossary-3

CyberSafe, 1-7

system requirements, 1-12

CyberSAFE benefits, 1-7

CyberSafe Challenger

system requirements, 1-12

D

data

authentication, 1-5

authorization, 1-9

integrity, 1-3

privacy, 1-4

data integrity, 1-3

data modification attack, 2-5

data privacy, 1-4

data privacy and integrity, components of, 11-3

DCE address

sample for LISTENER.ORA, 13-4

DCE address, parameters, 13-2

DCE external roles, setting up, 13-6

DCE groups to Oracle roles

syntax for mapping, 13-6

DCE GSSAPI authentication adapter, 8-1

when to use, 8-1

DCE parameter SERVICE, 13-15

DCE principal, for DCE GSSAPI authentication, 8-2

DCE Secure Core services, 11-5

dce_service_name, verifying, 20

DCE.TNS_ADDRESS_OID parameter, 13-12

DCE.TNS_ADDRESS.OID

parameter in PROTOCOL.ORA, 13-14

decryption, definition, Glossary-3

defaults, encryption and checksumming, A-3

defining users, in multi-cell environment, 13-5

DES, 1-4, Glossary-3

digital signature, Glossary-3

Distributed Computing Environment

overview, 11-2

E

enabling SSL, 9-12

encrypted data, across protocols, 1-11

encryption, 1-4

public-key, Glossary-5

encryption and checksumming

activating, 2-6

negotiating, 2-7

encryption and checksumming parameters, 2-9

Enterprise Manager, 7-5

export controls, placed on encryption technology, 2-2

external authentication, 11-3

external roles, Net8t/DCE, configuring, 13-6

externally-authenticated accounts, creating and naming, 13-4

F

failure of fingerprint authentication, 7-16

false finger threshold, 7-3

fingerprint accuracy, 7-2, 7-4

fingerprint authentication failure, 7-16

firewalls, and SSL, 9-11

G

Global Directory Service (GDS), 11-4

H

handshake, SSL, 9-7

hash

used by the Biometric Authentication Adapter, 7-3

used in the Biometric Authentication Service, 7-2

high security threshold, 7-3

HTTPS, 9-7

I

identity, definition, Glossary-3

Identix Biometric, system requirements, 1-12

Identix TouchNet II Desktop Sensor, 7-15

Identix TouchNet II Hardware Interface, 7-4

IIOP (Internet Inter-ORB Protocol), Glossary-4

secured by SSL, 9-7

initial ticket, Glossary-3

installing key of server, 9

integrity, definition, Glossary-4

internet, 9-7

Internet Domain Service (DNS), 11-4

Internet Inter-ORB Protocol (IIOP), Glossary-4

K

Kerberos, 1-7, Glossary-4

system requirements, 1-12

kinstance (CyberSafe), 4-3, 4-8

kinstance (Kerberos), 5-3

kservice (CyberSafe), 4-8

kservice (Kerberos), 5-2

L

LAN environments

vulnerabilities of, 1-2

limitations of SSL, 9-11

listener endpoint, setting on server when configuring SSL, 9-29

LISTENER.ORA

parameters, description, 13-4

loading Oracle service names into CDS, 13-16

logging in

when SecurID is in next code mode, 6-16

with PINPAD card, 6-17

with standard card, 6-16

logging into Oracle

using DCE authentication, 21

using SecurID authentication, 6-13

M

managing roles with RADIUS server, 3-28

mapping DCE groups

to Oracle roles, 13-6

MD5 algorithm, 1-4

used by the Biometric Authentication Service, 7-2

MultiProtocol Interchange, not supported, 11-5

multi-threaded server

not supported, 11-5

N

Net8, Glossary-5

Net8 Native Authentication, 7-15

Netscape Communications Corporation, 9-2

O

Oracle Connection Manager, 1-11

Oracle Enterprise Manager, 7-5

Oracle parameter SID, 13-15

Oracle parameters

necessary for authentication, 1-13

Oracle service names, registering in CDS, 11-4

Oracle Wallet Manager, starting, 9-30

OS_AUTHENT_PREFIX parameter, 1-14

OS_ROLES parameter, setting, 13-6

P

parameters

authentication, B-1

Kerberos, B-2

RADIUS, B-4

encryption and checksumming, 2-9

SecurID, B-3

performance of SSL compared to Net8, 9-11

PINPAD cards

using SecurID, 6-14

prerequisites, for Biometric Authentication Service installation, 7-5

principal, in Kerberos, Glossary-5

privileges, 9-11

products not yet supported, 1-15

PROTOCOL, DCE address parameter, 13-2

PROTOCOL.ORA

DCE address parameters in, 13-10

parameter for CDS, 13-12

public-key encryption, Glossary-5

public/private key pairs, definition, Glossary-5

R

RADIUS, 1-7

accounting, 3-26

asynchronous (challenge-response) authentication mode, 3-5

authentication modes, 3-4

authentication parameters, B-4

challenge-response (asynchronous) authentication, 3-5

challenge-response (asynchronous) authentication, customizing challenge-response user interface, C-1

configuring, 3-9

location of secret key, 3-20

smartcards and, 1-7, 3-4, 3-7, 3-22, C-2

synchronous authentication mode, 3-4

system requirements, 1-12

RC4 encryption algorithm, 1-4

realm (CyberSafe), 4-3

realm (Kerberos), 5-3, Glossary-6

rejected PIN code, reasons for, 6-16

REMOTE_OS_AUTHENT parameter, 1-13

setting, 13-4

replay attack, 2-5

required SSL version, setting on server, 9-28

requiring client authentication in SSL, 9-28

roles, 9-11

managing with RADIUS server, 3-28

roles, external, mapping to DCE groups, 13-6

RSA encryption, 1-4

S

sample DCE address, in TNSNAMES.ORA, 13-15

secret key, 7-5

location in RADIUS, 3-20

SecurID, 3-4, 3-5

system requirements, 1-12

SecurID authentication, parameters, B-3

SecurID cards, types of, 6-13

security between Oracle and non-Oracle clients and servers, 9-7

security policy, 7-3

security, protocol adapter includes, 11-3

SERVER_PRINCIPAL

DCE address parameter, 13-2

DCE parameter, 13-15

service name, in Kerberos, Glossary-6

service table, in Kerberos, Glossary-6

service ticket, Glossary-6

SERVICE, DCE address parameter, 13-2

session key, Glossary-6

single sign-on, 11-3, 21

smartcard, definition, Glossary-7

smartcards, 1-8, 3-4

and RADIUS, 1-7, 3-4, 3-7, 3-22, C-2

smit utility

restarting cdsadv service, 13-14

SQL*Net, level required by Biometric Athentication Service, 7-5

sqlnet.ora file

modifying so CDS can resolve names, 13-17

sample, A-2

SSL, 1-7

cipher suites, B-8

configuring, 9-25

client authentication parameter, B-9

components in an Oracle environment, 9-5

handshake, 9-7

requiring client authentication, 9-28

system requirements, 1-12

version parameter, B-9

wallet location, parameter, B-10

standard cards, using SecurID, 6-14

synchronous authentication mode, RADIUS, 3-4

System Environment Variable, 7-15

system requirements, 1-11, 11-2

CyberSafe, 1-12

Identix Biometric, 1-12

Kerberos, 1-12

RADIUS, 1-12

SecurID, 1-12

SSL, 1-12

T

threshold level, 7-3, 7-5

ticket, Glossary-7

ticket, initial, Glossary-3

tnnfg utility, sample of usage, 13-16

TNSNAMES.ORA

loading into CDS using tnnfg, 13-16

modifying to load connect descriptors into CDS, 13-15

renaming, 13-16

token cards, 1-8, Glossary-7

TouchNet II, 7-4

trustpoints

adding, 9-39

definition, 9-39, Glossary-7

U

user account, 7-14

V

verifying DCE groups are mapped to OS roles, 13-8

viewing mapping in CDS namespace, for listener endpoint, 20

W

wallet resource locator, definition, Glossary-8

wallets

definition, 9-6, Glossary-7

setting location, 9-24, 9-33

WAN environments

vulnerabilities of, 1-2

WRL, Glossary-8

X

X.509 certificate, Glossary-8

Prev

Copyright © 1999 Oracle Corporation. All Rights Reserved.

Library Product Contents