Oracle 8i Security: New Features and Secure Solutions - CGISecurity
Oracle 8i Security: New Features and Secure Solutions - CGISecurity
Oracle 8i Security: New Features and Secure Solutions - CGISecurity
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
LEADING-EDGE AUTHENTICATION SOLUTIONS<br />
User authentication becomes increasingly important in today’s distributed enterprises <strong>and</strong> Internet<br />
environments where thous<strong>and</strong>s of users access data from varied locations. <strong>Oracle</strong> provides four<br />
categories of authentication with Release 8.1.6: internal, where users are identified by passwords stored<br />
inside the data server; OS authentication, where the database relies on identity authenticity provided by<br />
the underlying operating system; global, where users <strong>and</strong> schemas are stored <strong>and</strong> retrieved from a<br />
central data repository outside the database; external, where the RDBMS defers to <strong>Oracle</strong> Advanced<br />
<strong>Security</strong> for third-party authentication through outside mechanisms such as Kerberos or token cards.<br />
<strong>Oracle</strong> Advanced <strong>Security</strong> supports a number of third-party authentication solutions that provide<br />
assurance of known user identities <strong>and</strong>, in some cases, provide the additional benefit of single sign-on.<br />
Kerberos, CyberSafe <strong>and</strong> Distributed Computing Environment (DCE) support allow <strong>Oracle</strong><strong>8i</strong> data<br />
servers to defer authentication to a third party server whose sole purpose is authentication, thus<br />
providing a centralized authentication model <strong>and</strong> eliminating the need for password administration on<br />
every database. <strong>Oracle</strong><strong>8i</strong> allows strong authentication with token cards <strong>and</strong> biometric devices by<br />
supporting <strong>Security</strong> Dynamics <strong>and</strong> Identix, respectively. With the introduction of RADIUS support in<br />
<strong>Oracle</strong><strong>8i</strong>,external authentication extends to st<strong>and</strong>ard-based, flexible solutions.<br />
The RADIUS (Remote Authentication Dial-In User Service) protocol is a st<strong>and</strong>ard for remote<br />
authentication <strong>and</strong> controlled access to networks. RADIUS is a lightweight protocol for user<br />
authentication, authorization, <strong>and</strong> accounting between a network client <strong>and</strong> an authentication server.<br />
This Internet Engineering Task Force (IETF) st<strong>and</strong>ard was created by Lucent Technologies (formerly<br />
Livingston Enterprises) as an open security st<strong>and</strong>ard designed to be flexible, open <strong>and</strong> scaleable.<br />
RADIUS has gained widespread acceptance in the industry, <strong>and</strong> has been implemented by nearly all<br />
organizations that allow users to access the network remotely. Virtually every user who has dialed in to<br />
a network remotely has most likely used RADIUS to do so. Many enterprises have st<strong>and</strong>ardized on<br />
RADIUS because of its acceptance by the industry, its flexibility, <strong>and</strong> its ability to centralize all user<br />
information, easing <strong>and</strong> reducing the total cost of user administration.<br />
RADIUS Support in <strong>Oracle</strong> Advanced <strong>Security</strong><br />
<strong>Oracle</strong> has built support for RADIUS into <strong>Oracle</strong> Advanced <strong>Security</strong> to satisfy the requirement of<br />
integrating into complex environments <strong>and</strong> exp<strong>and</strong>ing security features for <strong>Oracle</strong> users. In particular,<br />
support for RADIUS provides three principal solutions to <strong>Oracle</strong> users:<br />
• Any RADIUS-compliant token, smart card, or biometric device can authenticate <strong>Oracle</strong> users<br />
• Integration into existing environments<br />
• Enhanced features including challenge-response <strong>and</strong> accounting<br />
RADIUS-Compliant Devices Authenticate <strong>Oracle</strong> Users<br />
With RADIUS support built in, <strong>Oracle</strong> Advanced <strong>Security</strong> extends the number of supported<br />
authentication methods. RADIUS allows <strong>Oracle</strong> to support one authentication protocol on the <strong>Oracle</strong><strong>8i</strong><br />
server, while authentication server vendors supply the specific authentication servers. With minimal<br />
development effort required by the authentication server provider, more authentication solutions – such<br />
as smart cards – are available with enhanced features, such as accounting <strong>and</strong> challenge-response.<br />
Page 14 Paper 269