Page 307 - DCAP103_Principle of operating system
P. 307

Principles of Operating Systems



                   Notes         9.5.1.3 SSL Encryption in MS SQL
                                 Here, we consider SQL Server 2000 for the discussion. SQL Server uses Tabular Data Stream
                                 (TDS) packets for exchanging commands with its client counterparts. These TDS packets are
                                 handled by Net Library protocols, which enable communication between the SQL Server and
                                 its clients over a network. In SQL Server 2000, these Net Libraries can be configured using SQL
                                 Server Network Utility for Secure Socket Layer encryption that uses a Super Socket Net Library,
                                 which aids other Net Libraries.
                                 SSL encryption can be implemented between SQL Server 2000 and its clients by obtaining a
                                 certificate from an appropriate Certificate Authority and installing it on the server. Then all the
                                 clients need to be configured to trust the issuing CA. Finally, the protocol encryption has to be
                                 forced using the Server Network Utility. A detailed description of Net Libraries and implementing
                                 SSL over them is available here.


                                                              Figure 9.2: SSL Tunnel


























                                 9.5.1.4 SSL Encryption in Oracle

                                 Oracle database uses various features of the Oracle Advanced Security option to provide security
                                 to the enterprise networks. The SSL feature of the Oracle Advanced Security option enables a
                                 secure communication between Oracle Database server and client by encrypting the traffic. In
                                 addition, it also provides authentication of server or client or both. This SSL functionality can
                                 also be combined with other authentication methods supported by Oracle Advanced Security,
                                 thereby using the SSL encryption feature alone.

                                 9.5.1.5 Securing Oracle Network Traffic

                                 Oracle provides a platform independent networking infrastructure for accessing databases,
                                 which is called Net8. This Net8 product with the Oracle Advanced Security option has a
                                 feature to use Secure Shell (SSH) protocol to secure the traffic between the client and the
                                 server. Though this mechanism protects against eavesdropping, it does not protect against
                                 the attacks discussed in the previous article as the database server and database driver are
                                 separated from the SSH tunnel.







        300                               LOVELY PROFESSIONAL UNIVERSITY
   302   303   304   305   306   307   308   309   310   311   312