Enterprise User Security Deployment Considerations
Getting Started with Enterprise User Security
11-25
Enterprise User Security Deployment Considerations
Consider the following issues before deploying Enterprise User Security:
■
Security Aspects of Centralizing Security Credentials
■
Security of Password-Authenticated Enterprise User Database Login
Information
■
Considerations for Defining Database Membership in Enterprise Domains
■
Considerations for Choosing Authentication Types between Clients, Databases,
and Directories for Enterprise User Security
Security Aspects of Centralizing Security Credentials
Beyond the general benefits that flow from the centralization of enterprise users and
their associated credentials, there are a number of security-related benefits and risks
that should be reviewed.
Security Benefits Associated with Centralized Security Credential Management
Centralizing management makes it easier and faster to administer users,
credentials, and roles, and to quickly revoke a user's privileges on all applications
and databases across the enterprise. With centralized management, the
administrator can delete a user in one place to revoke all global privileges,
minimizing the risk of retaining unintended privileges.
Centralizing management makes it possible to centralize an organization's security
expertise. Specialized, security-aware administrators can manage all aspects of
enterprise user security, including directory security, user roles and privileges, and
database access. This is a substantial improvement over the traditional model,
where DBAs are typically responsible for everything on the databases they manage,
including security.
Security Risks Associated with Centralized Security Credential Management
While Oracle Internet Directory is a secure repository, there is a security challenge
and inherent risk in centralizing credentials in any publicly accessible repository.
Although centralized credentials can be protected at least as securely as distributed
credentials, the very nature of centralization increases the consequences of
inadvertent credential exposure to unauthorized parties. It is therefore imperative
to limit the privileges of administrators, to set restrictive Access Control Lists
(ACLs) in the directory, and to implement good security practices in the protection
of security credentials when they are temporarily outside of the directory.
Summary of Contents for Database Advanced Security 10g Release 1
Page 17: ...xvii ...
Page 20: ...xx ...
Page 24: ...xxiv ...
Page 42: ...xlii ...
Page 44: ......
Page 102: ......
Page 124: ......
Page 246: ...Managing Certificates 8 28 Oracle Database Advanced Security Administrator s Guide ...
Page 284: ......
Page 384: ......
Page 414: ...Physical Security D 6 Oracle Database Advanced Security Administrator s Guide ...
Page 518: ...Index 10 ...