Oracle7 Server Distributed Systems Volume I: Distributed Data
Oracle Secure Network Services
Secure Network Services, an optional product, allows customers to protect the valuable data travelling across their networks from eavesdropping and data modification by unauthorized third parties. System architects are free to build sophisticated, distributed networks of Oracle7 databases without having to worry about the security of their data as it fans out across the globe. Even connections to third-party data repositories can be encrypted with Secure Network Services.
Unlike many competing products, the Oracle client library encrypts login passwords before they are transmitted across the network. This makes Oracle client-server applications more secure than most traditional host-based systems that used insecure terminal emulation protocols such as TELNET for PC-to-server communication. In addition, Oracle's sophisticated network authentication architecture allows for the installation of Oracle Authentication Adapters that enable Oracle to take advantage of sophisticated network security systems such as Kerberos, Cybersafe Challenger and SecureID Smart Cards, and biometric identification devices.
Secure Network Services Ensures Tamper-Proof Data
To detect modification or replay of data during transmission, the optional Secure Network Services can generate a cryptographically secure message digest and include it with each SQL*Net packet sent across the network. Upon reception at the destination, an integrity check is immediately performed on each packet.
This makes it virtually impossible for an intruder to alter data or commands without detection, and ensures that any attempt to do so is immediately reported to the user and written to the system log files.
Secure Network Services Provides High-Speed Global Data Encryption
To protect data from unauthorized viewing, the optional Secure Network Services includes an encryption module that uses the RSA Data Security RC4(tm) encryption algorithm. Using a secret, randomly-generated 40-bit key for every SQL*Net session, all user network traffic is fully safeguarded, including all data values, SQL statements, and stored procedure calls and results.
Use of the encryption module can be requested or required by either the client, the server, or both for guaranteed data protection. Oracle's highly optimized implementation provides a high degree of security for an almost imperceptible performance penalty. Since Secure Network Services Version 1.0 meets the new U.S. government export guidelines for encryption products, it is available in all but a few countries, allowing most companies to safeguard their entire worldwide operations with this software. Version 1.1 also includes DES encryption for domestic users, with crypto-algorithm negotiation between client and server at connect time.
Secure Network Services is fully supported by the Oracle MultiProtocol Interchange, making secure data transfer a reality across network protocol boundaries. Clients using LAN protocols, such as NetWare (SPX/IPX), can now securely share data with large servers using different network protocols like LU6.2, TCP/IP, or DECnet. To eliminate potential weak points in the network infrastructure and to maximize performance, Interchanges pass encrypted data from protocol to protocol without the cost and exposure of decryption and re-encryption.