Hello all, I am looking for all the ways that I can make connections to oracle databases through TOAD to be more secure. Using oracle IDs and Passwords to authenticate via the TNS or DIRECT methods isn't secure enough. If those credentials are compromised by individuals who somehow manages to gain access to the network, they will be able to easily login to the databases using the credentials. What additional security measures / technologies can I implement which will require additional authentication when accessing databases through TOAD for Oracle? I am using version 17. Thanks!
Great question, and one that applies to ALL applications that touch the database/s, not only Toad.
The best way to secure connections to the database is at the database level, not at the application level. e.g. TNSnames and SQL*net are NOT Quest or Toad protocols, they are Oracle's. Check with the Oracle team, or your DBAs, on ways that you can harden the connectivity to the database, for example, using wallets, etc.
One way you can do this is with LDAP, but the setup is complex and costly. Another way is with TLS, but your users must have digital certificates for client authentication.
Cheers,
Russ
Hello in Oracle standard edition, since 11g release, it is possible to activate the network security (for free) provided by oracle. this feature permits to encrypt network request from your client to your database. But you have to consider that all the oracle clients side (especially in java) don't support this feature : so you have to choose the not mandatory level for database side in such case. Then the request between Toad and your database can be encrypted and secured by this way. It's a feature based on Oracle Net Service to paramterize in sqlnet.ora.
Anglais
in 19c it is more simple because : Support for Oracle Native Encryption and SSL Authentication for Different Users Concurrently
In previous releases (à la 19c), Oracle Database prevented the use of both Oracle native encryption (also called Advanced Networking Option (ANO) encryption) and Secure Sockets Layer (SSL) authentication together. link : Changes in This Release for Oracle Database Security Guide
example: in sqlnet.ora server side The SQLNET.ENCRYPTION_TYPES_SERVER parameter in the sqlnet.ora file specifies the encryption algorithms that the server accepts for incoming connections. Here are some of the authorized protocols you can set for this parameter:
- AES256: Advanced Encryption Standard with a 256-bit key.
- AES192: Advanced Encryption Standard with a 192-bit key.
- AES128: Advanced Encryption Standard with a 128-bit key.
- 3DES168: Triple Data Encryption Standard with a 168-bit key.
- DES: Data Encryption Standard (less secure and generally not recommended).
These protocols help secure communications between the client and the server by using different levels of encryption.
for 11gr2 for the level for both sides : Configuring Network Data Encryption and Integrity for Oracle Servers and Clients