Encryption and data interference
We will have our colon examined for a compliance audit of the type PCI, and I have a question about the data file obfuscation and encryption. We have an oracle RAC, the two nodes running 10.2.0.2, and we don't use transparent encryption data. I was asked, and I could not answer, whether the data are hidden by another method. We use the DSO, and I can't find a way to browse the file system ASM to access files outside of the database. ASM offers any kind of compression or obfuscation that would make it difficult to read the files?You can even get to the data files in an ASM instance?
Thanks in advance...
Dan
Hi Dan,.
ASM does nothing but manage disks. Thus, the data files are not visible in a file system, it is true. But you can run ASMCMD and copy files on the file system. In addition, you can always run dd on raw devices themselves and access the data.
ASM offers a very light, very low obfuscation, layer at best.
If you want that data to be secure, you must implement the transparent data encryption.
Hope that helps,
-Mark
Tags: Database
Similar Questions
-
Hello
I am trying to encrypt and protect my SQLite database. To do this, I have generated a pair of public/private key using the administration Blackberry signature tool. Then, I added the .key file to my project and written the code for encryption and data protection. Then, I signed the app with Blackberry signing authority tool such as mentioned in the documentation. It was duly signed. But my application does not work on the device. It shows that my application tries to access a secure API which means that it is not properly signed.
What could be the problem?
And also I want to know what is the difference between the signing of the "Tool of signed" app within the eclipse and sign the application with "Blackberry signing authority tool '?
I sign my application with eclipse itself "tool of signed" before adding the public .key file and it worked very well.
Please suggest.
Thank you.
You must sign with both.
-
Universal Clipboard is encrypted and how the data is stored in iCloud
Hello
You need a deep understanding of the works of the new, universal Clipboard feature safety? The feature is nice, but do you copy your password by company store system administrator password... This password is moving all over the world and also through Apple servers... Don't make me happy.
Who can guarantee that the communication is encrypted and the data stored in iCloud are not used for other purpose?
Thanks and greetings
Security and privacy - Apple Support Overview iCloud
Although not listed here, all data transmitted to the Apple servers is encrypted in transit and on the server.
I can't offer any advice on the question of whether your transmissions could be intercepted and decoded.
They say they also unequivocally that they never provide encryption keys to any third party. Which has been further strengthened with their recent dealings with the FBI.
You'll have to decide for yourself if you agree with what Apple says.
-
Transparent data encryption and Performance
We started a project to encrypt our SAP database using the transparent data encryption. The project is currently mandated by corporate policy, so there is not much choice involved. The indications are:
The server O/s: HP - UX 11.31
CPU: HP Itanium
Oracle Version: 11.2.0.3 (64-bit)
DB Dimensions: Approx. 5 TB
Core SAP: 7.x
Our leadership is very concerned about the impact on performance. If you have encrypted your database, SAP or not, I am very interested in hearing if you the performance of your server data after encryption. Good news, bad news, either.
TIA,
Mike
Dear Mike,
I can give you a few comments based on direct experience, since we recently migrated from an unencrypted Oracle (11g Enterprise Edition Release 11.2.0.3.0) server to a new server with encryption TDE (same version db).
Our application is a warehouse of data with massive volumes of data (terabytes) and a few very large tables.
After having migrated to the new server, which was much more powerful than the former, we were surprised to discover that the performance was much worse (about two times slower, on average, measured on our typical user queries).
A study on the causes of degradation in performance shows that transparent data encryption are the source of the problem, causing a saturation of the individual CPU (do not look at the aggregate average load on the CPU, which is misleading).
Basically, we have been deceived by the official Oracle documentation that estimates the impact on the performance of the transparent data encryption in the order of 5 to 8%. Further investigation showed that this low impact may be true of operations that involve a small amount of data. With the full picture of the analyses on large tables however, the truth is that the performance may be (5 - 10 times) slower order that without transparent encryption of data.
If you want more information, take a look at this excellent article (in two parts):
Best,
Andrea
-
How do I encrypt a data file so that only I can retrieve the Info?
How do I encrypt a data file so that it cannot be read without permission?
I have a request where the client shouldn't have access to the data that I need to save for troubleshooting purposes. (there are trade secrets, I want to protect) My plan is to save a datalog (currently I produce a Spreadsheet tabs-delimited format) whenever the device is running and hide the files where they will not likely be found. But some sort of encryption or everything at least password protection would be better.
I never tried to do this before, but thought it would be pretty easy. Maybe I'm looking all just not in the right places.
Thank you
Well, you could look in something like DES, Triple, ESA, etc. It has libries lying since these writings in LabVIEW. I'm not sure about the cost.
If you want a very simple way to protect your data, just reverse all or part of the bits in each byte of the file. It's super simple and turns a nice ASCII text file noise when read from a text file.
-
Making sure that I understand Appassure encryption for data replication
Hi all
I hope I can get clarification on encryption in Appassure.
We have agents in remote offices, carrots on-site backup, then the carrots of off-site replication to our central office. These replication tasks travel via setup of vpn in each office to the central office.
We have several smaller offices and offices micro we don't have dedicated vpn and would prefer to keep it that way. Of course, be sure that the data circulating on the internet is encrypted. My understanding is given in Appassure is encrypted on the kernel and therefore when it is travelling off-site it remains encrypted.
So if we replicated offsite to a remote database to our central office without a vpn data are secure and encrypted completely during the trip. Is this the case?
In addition, my understanding is the data travelling agent to the local base are not encrypted and moves on the local network in "clear text", for lack of a better description. Is this the case?
Thank you for any information that you can provide
All data traveling between the agent and the kernel and between two nuclei is encrypted using SSL/TLS. It is a secure connection. If you use an encryption key, the data is encrypted more away when it gets to the heart the backup and is then stored encrypted. From that point on the data is encrypted with the encryption key and encrypted as part of the transfer of data from one base to another. Double is encrypted. Your data is completely safe while flight using an encryption key or not. The reason to use an encryption key is to ensure that your data is encrypted at rest.
-
Encryption of data blackBerry Z30 on Z30
Hi any body knows precisely what data gets encrypted when encryption is enabled?
Hoping to encrypt the data contained on a working application which has personal information.
THX
Model Z30Main memory where the apps are stored is called Flash, and that memory will be maintained.
So if it's encrypted your app will be too.
-
How can I get voice and data to work with the ASA 5505?
Here's the issue I'm having. Can I get a Cisco 7940 to work behind one site to another configured ASA 5505 and I can also get data to work behind it. However, when I try to create a separate Vlan for voice and data, it does not work. Our voice VLANs on our remote sites are 172.30 and data are 172.31, when I put the inside interface with 172.31 data will work and when I on it 172.30 voice will work. I upgraded to a security more license and tried vlan3 created as voice. I have the data to the top and work but I can't get vlan3 to work. Any help would be greatly appreciated. Thank you
Here is my current config:
hostname TESTvpn
activate the password xxxxxpasswd xxxxx
username admin password xxxxx privilege 15
name Corp_LAN 10.0.0.0
name 192.168.64.0 Corp_Voice
name 172.31.155.0 TESTvpnobject-group network SunVoyager
host of the object-Network 64.70.8.160
host of the object-Network 64.70.8.242the Corp_Networks object-group network
network-object Corp_LAN 255.0.0.0
object-network Corp_Voice 255.255.255.0interface vlan2
nameif outside
security-level 0
IP address dhcp setroute
No tapinterface vlan1
nameif inside
security-level 100
IP 172.31.155.1 255.255.255.0
No tapinterface vlan3
nameif Corp_Voice
security-level 100
IP 172.30.155.1 255.255.255.0
No tapoutput
interface Ethernet0/0
switchport access vlan 2
No tapinterface Ethernet0/7
switchport access vlan 3
No tapoutput
dhcpd allow inside
dhcpd address 172.31.155.10 - 172.31.155.30 inside
dhcpd dns 10.10.10.7 10.10.10.44 interface inside
dhcpd sun.ins area inside interface
dhcpd allow insideenable Corp_Voice dhcpd
dhcpd address 172.30.155.10 - 172.30.155.30 Corp_Voice
dhcpd dns 10.10.10.7 10.10.10.44 interface Corp_Voice
dhcpd interface of sun.ins of the Corp_Voice domain
enable Corp_Voice dhcpd
dhcpd option 150 ip 192.168.64.4 192.168.64.3Enable logging
exploitation forest buffer-size 10000
monitor debug logging
logging buffered information
asdm of logging of informationoutside_access_in list extended access allow all unreachable icmp
outside_access_in list extended access permit icmp any any echo response
outside_access_in list extended access permit icmp any one time exceed
access extensive list ip 172.31.155.0 inside_access_in allow 255.255.255.0 any
inside_access_in list extended access allow icmp 172.31.155.0 255.255.255.0 any
Access extensive list ip 172.30.155.0 Corp_Voice_access_in allow 255.255.255.0 any
Corp_Voice_access_in list extended access allow icmp 172.30.155.0 255.255.255.0 anyVPN access list extended deny ip 172.31.155.0 255.255.255.0 object-group SunVoyager
extended VPN ip 172.31.155.0 access list allow 255.255.255.0 anyinside_access_in access to the interface inside group
Access-group outside_access_in in interface outside
Access-group Corp_Voice_access_in in the Corp_Voice interfaceGlobal 1 interface (outside)
NAT (inside) 0-list of access VPN
NAT (inside) 1 172.31.155.0 255.255.255.0Enable http server
http 172.31.155.0 255.255.255.0 inside
http 172.30.155.0 255.255.255.0 Corp_Voice
http 192.168.64.0 255.255.255.0 Corp_Voice
http 10.0.0.0 255.0.0.0 inside
http 65.170.136.64 255.255.255.224 outside
SSH 10.0.0.0 255.0.0.0 inside
SSH 172.31.155.0 255.255.255.0 inside
SSH 65.170.136.64 255.255.255.224 outside
SSH timeout 20management-access inside
dhcpd outside auto_config
Crypto ipsec transform-set esp-3des esp-md5-hmac VPN
crypto map outside_map 1 is the VPN address
peer set card crypto outside_map 1 66.170.136.65
card crypto outside_map 1 the value transform-set VPN
outside_map interface card crypto outside
crypto isakmp identity address
crypto ISAKMP allow outside
crypto ISAKMP policy 1
preshared authentication
3des encryption
md5 hash
Group 2
lifetime 28800tunnel-group 66.170.136.65 type ipsec-l2l
IPSec-attributes tunnel-group 66.170.136.65
pre-shared-key xxxxxoutput
int eth 0/1
close
No tap
int eth 0/2
close
No tap
int eth 0/3
close
No tap
int eth 0/4
close
No tap
int eth 0/5
close
No tap
int eth 0/6
close
No tap
int eth 0/7
close
No tapPeter,
Note that access list names are case-sensitive, so you've actually done something different from what I proposed.
Please do:
no nat (Corp_Voice) 0-list of access vpn
No list of vpn access extended permitted ip TESTvpn 255.255.255.0 everything
IP 172.30.155.0 255.255.255.0 extended vpn access do not allow any list allextended VPN ip 172.30.155.0 access list allow 255.255.255.0 any
NAT (Corp_Voice) 0-list of access VPN
In the case where you did deliberately, for example to separate the 2 acl: note that acl VPN (upper case) is also used in the encryption card, where you cannot add a second LCD.
So if you want to separate you, you will need 3 access lists:
list of access data-vpn ip TESTvpn 255.255.255.0 allow one
voice-vpn ip 172.30.155.0 access list allow 255.255.255.0 any
access-list all - vpn ip TESTvpn 255.255.255.0 allow one
access-list all - vpn ip 172.30.155.0 allow 255.255.255.0 any
NAT (inside) 0-list of access vpn data
NAT (Corp_Voice) - access list 0 voice-vpn
outside_map 1 match address all vpn crypto card
Don't know if this was also clearly to my previous message, I recommend you to replace the "all" (in each of the ACL lines) to something more specific (i.e. a remote network, or group of objects that contain the remote networks).
HTH
Herbert
-
Encrypt and decrypt using the key of the table
Dear Experts,
Here is my package to encrypt and decrypt with triples in oracle 11 g.
In my package, I used encryption_key (3FECCDC7D348A85B096F0B43C4C6A38DBBD369DB37FEA435) according to this key we are encryption and decryption.
My requirement is now, I don't want to spend the encryption_key in my code.we key stored in a table (key_details) and using the key column, we her encrypt and decrypt the data.
-----------------------------------
create the table key_details
(
Identification number,
VARCHAR2 (48) key
);
insert into key_details values(1,'3FECCDC7D348A85B096F0B43C4C6A38DBBD369DB37FEA435');
-------------------------------------
CREATE or REPLACE PACKAGE encr_decr
AS
FUNCTION encrypt (p_plainText VARCHAR2) RETURN RAW DETERMINISTIC;
FUNCTION decrypt (p_encryptedText RAW) RETURN VARCHAR2 DETERMINISTIC;
END;
/
CREATE or REPLACE PACKAGE encr_decr BODY
AS
encryption_type PLS_INTEGER: = DBMS_CRYPTO. ENCRYPT_3DES
+ DBMS_CRYPTO. CHAIN_ECB
+ DBMS_CRYPTO. PAD_PKCS5;
encryption_key RAW (48): = UTL_RAW.cast_to_raw ('3FECCDC7D348A85B096F0B43C4C6A38DBBD369DB37FEA435');
FUNCTION encrypt (p_plainText VARCHAR2) RETURN RAW DETERMINISTIC
IS
encrypted_raw RAW (2000);
BEGIN
encrypted_raw: = DBMS_CRYPTO. ENCRYPT
(
SRC = > UTL_RAW. CAST_TO_RAW (p_plainText),
Typ = > encryption_type,.
key = > encryption_key
);
RETURN encrypted_raw;
END encrypt;
FUNCTION decrypt (p_encryptedText RAW) RETURN VARCHAR2 DETERMINISTIC
IS
decrypted_raw RAW (2000);
BEGIN
decrypted_raw: = DBMS_CRYPTO. DECRYPT
(
SRC = > p_encryptedText,
Typ = > encryption_type,.
key = > encryption_key
);
RETURN (UTL_RAW. CAST_TO_VARCHAR2 (decrypted_raw));
END decrypt;
END;
/
Help, please.
create or replace package body encr_decr
as
encryption_type pls_integer: = dbms_crypto.encrypt_3des
+ dbms_crypto.chain_ecb
+ dbms_crypto.pad_pkcs5;
gross encryption_key (48);
--
function encrypt (p_plaintext varchar2)
gross return deterministic
is
Start
Return dbms_crypto.encrypt (CBC-online utl_i18n.string_to_raw (p_plaintext)
typ-online encryption_type
key-online encryption_key
);
end encrypt;
--
function decrypt (gross p_encryptedtext) return varchar2 deterministic
is
Start
Return utl_i18n.raw_to_char (dbms_crypto.decrypt (src-online p_encryptedtext
typ-online encryption_type
key-online encryption_key
)
);
put an end to decrypt;
Start
Select the key in encryption_key
of key_details
where id = 1;
end;
/
-
Oracle transparent encryption of the data (encryption of data in Table)
Hello
I use Oracle Database 10.2.0.1 in windows server. I need to encrypt a column of a table in my database. That any demand prior to this and how do I encrypt the data of an existing
column in a table.
Kind regards
007If I select * from
the output of the encrypted column must be encrypted. Read post Osama mustafa on DBMS_CRYPTO
-
PGP Whole Disk Encryption and Boot Camp Partition
I use the PGP 10.0 Beta for the last two weeks (it is now been shipped and is the current version), and one of the new features is Whole Disk Encryption on Boot Camp partitions. It works fine - except for the fact that VMWare Fusion 3.0.1 can not load the Boot Camp partition is encrypted (it starts initially, but does not advance beyond what I suppose is the PGP bootloader).
I know that I can create a virtual machine and run Windows to work around the problem - I'm just curious to know if this is something that VMWare are willing to study and operate now PGP 10.0 has been shipped.
It seems to be fixed/supported in a future version?
Thank you very much .
This looked interesting so I tried myself. I downloaded a demo of PGP 10.0 and encrypted to my hard drive which has OS X 10.5.8 and a Windows 7 Boot Camp partition.
After starting the machine virtual Boot Camp in Fusion, I see a black screen that says bootguard _
I guess that's also what you see?
You're right - it's the PGP bootloader which replaced the Windows loader in the MBR of the physical disk. Fusion accesses the data in the partition through Mac OS X, which already has access to the decrypted data. The boot loader assumes that the drive is always encrypted and fails when he tries to decrypt again.
Fortunately, Boot Camp VMs include a copy of the MBR (with the boot code and the partition table) in a separate file, so it's very easy to fix:
#. Start the machine virtual of Boot Camp (not native!) with a Windows CD/DVD installation (or ISO image).
#. Go to the repair command prompt.
#. Run the fixmbr command in Windows XP or bootrec /fixmbr in Windows Vista or Windows 7 to replace the MBR code.
In this way, your Boot Camp virtual machine will use the default Windows boot loader to access the already decrypted data, while the native Boot Camp startup will use code PGP MBR (which is always the physical disk) to access the prompt for the PGP password and decrypt the drive.
-
Use to encrypt and decrypt in Scenerio
Hello
I'm new to ODI Env.I just need to clarify a thing of ODI Scenerio is that what is the use of Encrypt and decrypt when we right click on the generated Scenrio recently? If I encrypt also I can able to run and remove the scenario and what ever.please suggest me and so I have can use this concept in my Production.Hello
Encrypt a script/procedure/KM helps protect the valuable code.
An encrypted script or KM or a procedure cannot be read or modified if it is not decrypted. Orders generated in the newspaper by a scenario Encrypted KM or procedure are unreadable.
Oracle Data Integrator uses a personal encryption key-based encryption algorithm. This key can be saved in a file and reused to perform encryption or decryption operations.
P.S:there is impossible to decipher a procedure without the encryption key or encrypted KM. Therefore, it is strongly recommended to keep this key in a safe place. It is also advisable to use a unique key for all developments.
Thank you
Guru -
Develop the encryption Transparent data with Oracle 10 g XE
Currently I develop an application that will require encrypted in some tables columns, I will recommended to the customer buying an Oracle database for the application and that you have installed Oracle 10 g XE to begin development, I found that I can't create tables with columns TDE tho I can't create a portfolio. I searched the forums and found that a portfolio manager is not available with Oracle XE.
My plan was to develop the application and then provide scripts for creating the DBA of the customer so that they can create data tables in their Oracle database... Can I develop the application without transparent data encryption and then say s/n, which must be implemented in the version of the application? The application needs to know the password of portfolio/TDE to encrypt/decrypt the columns!
Any ideas how I could go on the development of the customer Oracle XE database without access to CDW?The T in TDE is transparent, so that your application should need not even be aware that all columns or storage are encrypted. Transparent data encryption are generally implemented in systems that were never designed to encrypt data, so in theory it should be 'perfectly safe' to develop not encrypted and have the client encrypt the columns during installation.
Of course, when marketing people start talking about things that are 'perfectly safe', it is always a sign of coming danger. Although I have never heard of a case where encrypt a column caused a problem for an application, I would be very doubtful to the development in an environment different from that of production. This includes the exact version of the database (I guess that the customer has installed the last patchsets, so they run 10.2.0.4, for example) as well as editing. If you decide to rely on the fact that everything should go smoothly when you promote to a different version of a different edition of the database with a different schema definition, even if it would normally, you virtually guarantee that you will end up with a problem that will be difficult to solve.
In your case, I would use XE to the development. It would be much safer to develop against the personal edition. It's not free, but it's the database licensed Enterprise edition to run on developer machines. It is not free, but it is much less than an enterprise edition license.
Justin
-
I replaced my original Apple Watch with a watch of S2. When I install and associate the new watch and my iPhone 7 more, is there any way I can restore all applications, configuration info and data between the original and the new shows, so I don't have to start from scratch?
Try this procedure
Cancel the twinning of your iPhone - Apple and Apple Watch Support
-
Cannot delete items in documents and data for each application
I want to delete unnecessary files in several applications under general > use storage and iCloud > manage storage, but the section documents and data for the respective applications will not operate.
I have it several times but it doesn't work.
Can someone help me?
Thanks in advance
Omari says:
I want to delete unnecessary files in several applications under general > use storage and iCloud > manage storage, but the section documents and data for the respective applications will not operate.
I have it several times but it doesn't work.
Explain what you do and what happens when you try to delete the data.
Maybe you are looking for
-
Download the opening, where?
I need to download the opening of a second computer. I paid for this 4 years ago... its applications not in what either? Help! Thank you
-
I Keynote 6.6.2 and normally when I have a picture on a slide and assign iris on, image 'blooming' (it appears from the outside to the middle), but I have an image which, with the same settings, disappears in the middle. Any ideas why that may happen
-
I forgot the responses of the security issue
I forgot my security question answers and is not an emergency email. What should I do?
-
Acer Aspire HD E1 graphics driver - 571-4000
Hello, I tried to update the HD Graphics 4000 driver in my Acer Aspire E1-571 and I'm able to get the latest version of the driver works very well from the Acer support page. However, this driver is almost 3 and a half years now or dates from 2012 wi
-
Need to recover vista for a new hard drive
I have a computer fujitsu laptop with vista installed and no recovery disk is available.The hard drive is dead and must be replaced, is there a way to find newmedia, so I can get the vista installation? I have the product key.