Showing posts with label security. Show all posts
Showing posts with label security. Show all posts

Thursday, February 8, 2024

Oracle Zero Data Loss Recovery Appliance Cyber Security Architecture

 Separation of Duty

Ensuring that backup data is validated is key to being prepared for a future recovery, which means that all data, including TDE databases, must be validated for recoverability at each step of the workflow into the Cyber Vault.



Multi-layer anomaly detection in the architecture ensures that data is valid at all points in the Oracle ecosystem. Each zone indicated above will perform independent checks to prevent invalid or compromised data from entering or exiting the zone and ultimately the Cyber Vault.
  • Zone 1
    • RMAN will do consistency checks at the database to ensure the backup data is valid before being sent to the Recovery Appliance in the production data center
  • Zone 2
    • The Recovery Appliance in the production data center performs checks to ensure that the data is valid and complete.
    • Data is validated when the RMAN database backup arrives on the Recovery Appliance in the production data center. 
    • Data replicated from the Recovery Appliance in the production data center is validated again before being sent to the Recovery Appliance in the Cyber Vault. 
    • Regular automated validation is scheduled within the Recovery Appliance in the production data center to ensure ongoing validity as the data ages.
  • Zone 3
    • The Recovery Appliance in the Cyber Vault performs checks to ensure that the data is valid and complete
    • Data is validated upon arrival into the Recovery Appliance in the Vault from the Recovery Appliance in the production data center.

Friday, March 5, 2021

Stop Hardcoding your TDE keystore-password

When you encrypt your databases, you will often end up needing the keystore password to perform certain operations. For instance, cloning an encrypted PDB will require the keystore password:

CREATE PLUGGABLE DATABASE ... KEYSTORE IDENTIFIED BY S3cr3t;

Tuesday, October 9, 2012

Secure External Password Store (SEPS) - keeping the password secret from other users on the client OS.

One of the problem is hard coded oracle passwords in batch scripts executed by schedulers. Often used is using function to get a password from a file located on the system. This file could be encrypted or plain text. With this function it is possible to hide the password in script and on OS platform. Do you know

Secure External Password Store