![]() The encrypted key store format is platform independent.īackups of Oracle Secure Backup administrative data must not be encrypted with an automatically generated key. Best practise is to schedule frequent catalog backups of your Oracle Secure Backup administrative server using the OSB-CATALOG-DS dataset provided as this includes a backup of you key stores. If the key stores are lost, then all data would also be lost. The encrypted key stores are extremely valuable, because they enable encryption and decryption of all tapes. The encryption keys are retained in memory only so long as needed to perform the encryption or decryption. ![]() When a backup or restore job is started, the encryption key is passed over a SSL connection to the client that is encrypting or decrypting data. All keys and wallet-protected key stores for all clients are stored on this protected computer. The administrative server is considered a secure host. The encryption keys are stored in a mechanism that is protected by the Oracle Secure Backup wallet. The data is encrypted before it leaves the client. Once backup encryption is enabled, all data is encrypted using the defined encryption algorithm. Oracle Secure Backup provides an interwoven encryption security model that mainly controls user-level access, host authentication, and key management. The default rekeyfrequency policy for a client is inherited from the global rekeyfrequency policy. This ensures that if a key or wallet and the associated backup tape are compromised, then only older data could be unencrypted. Older keys are retained in a wallet-protected key store. For example, the policy might require that a different set of keys be generated every 30 days. If you select this option, then you must also select an encryption algorithm option and enter a passphrase in the specify passphrase field.Ī client rekeyfrequency policy defines when a different key is generated. This option specifies a backup encrypted by Oracle Secure Backup with a user-supplied one-time passphrase. This option specifies that the backup is not encrypted, overriding the host-required encryption setting This option specifies that the backup is not encrypted. This option specifies that the backup is encrypted. While enabling encryption for backups, you can select one of the following options: For example, if you enable backup encryption at the global level, and your file-system backup job disables encryption, then the backup is still encrypted because the setting at the higher level (global level) takes precedence. If the host and global encryption policies are set to allowed, then backup encryption will only be performed if it is configured at the backup level.Īn encryption setting specified at a higher level always takes precedence over a setting made at a lower level. If the host encrypted setting is allowed, then backups on the host will not be encrypted unless configured as part of the backup job itself or if the global encryption policy is set to required. If the host encryption setting is required, then all backup operations on the host will be encrypted regardless of whether or not encryption was configured at the backup level. ![]() This global policy is defined using Oracle Secure Backup defaults and policies. If backup encryption is set to required at the global level, then all backup operations within the administrative domain will be encrypted. The encryption policies are explained under " About Backup Encryption Policies" You can specify encryption settings at the following levels, from highest to lowest precedence. This section consists of the following topics, that explain backup encryption in detail:Ībout Backup Encryption for File-System BackupsĪbout Backup Encryption for Oracle Database Backups You can select the required algorithm and encryption options to complete the encryption process. You can encrypt data at the global level, client level, and job level by setting appropriate encryption policies. To ensure security of backup data stored on tapes, Oracle Secure Backup provides backup encryption. Data center security policies enable you to restrict physical access to active data. Data is vital to an organization and it must be guarded against malicious intent while it is in an active state, on production servers, or in preserved state, on backup tapes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |