1.4 If I Had a Hammer...
Oracle provides many software tools, operating system files, and database constructs that help you protect your data. Some tools, delivered with the basic Oracle system, you are likely to use every day; others you might use only in certain environments and situations to impose a higher level of security on your system. There are also "add-on" tools you can purchase from Oracle at additional cost that provide higher levels of data protection. This section takes a quick look at the various available tools and examines what each of these tools provides for you.
1.4.1 What's "Free"?
There are two particular products delivered with the basic Oracle8 product set that will help you implement better database security. They are the Oracle Enterprise Manager (OEM) and the Oracle Security Server (OSS) Manager.
Oracle Corporation currently delivers the OEM with the base product set. The OEM is a set of utilities which are personal computer-based and use a graphical user interface (GUI). These utilities provide a way to manage one or more of your databases from a single computer. The components of the OEM are easy to use and let you perform many of your day-to-day DBA functions either interactively or on an automatic, scheduled basis.
The OEM is delivered with Oracle8 and includes the following features:
A set of database administration tools
An event monitor you can configure to watch for specific situations within your databases
A job scheduler to perform maintenance tasks on a scheduled basis
A graphical interface to the Recovery Manager tools (not available in Oracle7)
| || |
The OEM is supported to work with Oracle version 7.1.6 databases and higher.
Chapter 13, describes the OEM.
Although the Recovery Manager is listed as a part of the OEM, you can use this product as a stand-alone utility.
The Oracle Security Server Manager is also delivered with Oracle's base product set, starting with the first delivery of Oracle8. The OSS can be used to implement a more complex security structure for more sensitive data. The OSS was originally supposed to be bundled inside the OEM toolkit. However, in version 8.0.4 of the Windows NT product set, the OSS is installed separately and appears as a separate set of menu options. The OSS lets you implement the following security features:
All of these features are implemented "stand-alone." In other words, you do not have to have any third-party products (e.g., Kerberos) or any other Oracle-supplied products (e.g., the Advanced Networking Option) to use this utility. Although OSS is new with Oracle8, you can use its features with Oracle7 databases as well. Chapter 15 describes the OSS.
1.4.2 What Isn't Free?
Oracle markets several additional, extra-cost products you can use to enhance your security:
- Trusted Oracle
Provides multi-level security (MLS) primarily within government agencies where data access is based on security clearance levels.
- Advanced Networking Option
Used to encrypt and decrypt all data that is transferred over SQL*Net or Net8 to and from a database.
- Oracle Application Server (formerly Web Application Server)
Used to serve a broad spectrum of applications for Web-based interaction. With each new version of the Oracle Application Server, new security features are introduced or current features are enhanced.
Chapter 17 briefly describes these products.