Saturday Sep 19, 2015

Meet the Oracle Advanced Security Team at OpenWorld 2015 - October 25-29 in San Francisco

Once again, I am excited to present a public session about Oracle Advanced Security at this year's Oracle OpenWorld conference in San Francisco. Please join me Wednesday, October 28th at 4:15-5:00 in Moscone South #104 to learn more about what's new with Oracle Advanced Security, best practices for deployment, and what's coming in the next release of Oracle Database. More details about this session are available in the OpenWorld content catalog here (search for session identifier CON8563). The extended Oracle Advanced Security team also will be available to answer your questions at our OpenWorld DEMOgrounds booth during regular exhibition hours. We hope to see you there!

Deploying TDE for Existing Data with Near-Zero Downtime Using Data Pump and Data Guard

There are many ways to deploy TDE tablespace encryption for existing clear data. A few common approaches include running standard SQL commands, using Oracle Data Pump export/import, and employing Oracle Online Table Redefinition. Additionally, we recently published two new white papers that add to this growing repertoire of options. These papers describe an innovative technique that combines usage of Data Pump and Data Guard together to achieve near-zero downtime. To learn more, download the white papers here (11gR2) and here (12c).

Monday Apr 28, 2014

How to Take an Inventory of TDE Encrypted Objects

Database administrators who manage multiple Oracle Databases may need to take a quick inventory of the TDE encrypted objects in a given database. Taking an inventory may be necessary not only for fulfilling day-to-day DBA responsibilities but also for attestation as part of periodic IT security audits.

Fortunately, listing out the TDE encrypted objects in an Oracle Database is straightforward using simple SQL queries. These queries leverage the built-in DBA_* views, and you need to have the correct database privileges to use them (e.g. have DBA role, hold individual select privileges, be logged in as SYSDBA, etc.):

  • dba_encrypted_columns
  • dba_tables
  • dba_tablespaces
  • dba_indexes

Below are example queries that use these DBA_* views to answer basic questions about what TDE encrypted objects exist in the database:

  • What tables contain TDE encrypted columns?
    sql> select table_name, column_name from dba_encrypted_columns;

  • What tables are stored in TDE encrypted tablespaces?
    sql> select a.table_name, a.tablespace_name from dba_tables a, dba_tablespaces b where a.tablespace_name = b.tablespace_name and b.encrypted = 'YES';

  • What indexes are stored in TDE encrypted tablespaces?
    sql> select a.index_name, a.tablespace_name from dba_indexes a, dba_tablespaces b where a.tablespace_name = b.tablespace_name and b.encrypted = 'YES' and index_name not like 'SYS_IL%';

  • What are all of the TDE encrypted objects including tables, indexes and columns?
    [Use a combination of the above queries]

About

Blog covering Oracle Advanced Security for Oracle Database Enterprise Edition. Specific topics include Transparent Data Encryption (TDE) and Data Redaction.

Search

Categories
Archives
« June 2016
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  
       
Today