Network Encryption for Oracle Database Connections

Network Encryption for Oracle Database Connections

Native Network Encryption is used to send and received data in encrypted format.
It is used to configure with parameters at SQLNET.ORA file of both Server and Client Side

Note:
Network encryption (native network encryption, network data integrity, and SSL/TLS) and strong authentication services (Kerberos, PKI, and RADIUS)
are no longer part of Oracle Advanced Security and are available in all licensed editions of all supported releases of the Oracle database.
No Separate licensed is required for configure Native Network Encryption.

Configure the SQLNET file for Network Encryption

Following parameter are used to configure encryption:

--On the server:
SQLNET.ENCRYPTION_SERVER = [accepted | rejected | requested | required]
SQLNET.ENCRYPTION_TYPES_SERVER = (valid_encryption_algorithm [,valid_encryption_algorithm])

--On the client:
SQLNET.ENCRYPTION_CLIENT = [accepted | rejected | requested | required]
SQLNET.ENCRYPTION_TYPES_CLIENT = (valid_encryption_algorithm [,valid_encryption_algorithm])

Parameter Values of ENCRYPTION_SERVER | ENCRYPTION_CLIENT
ACCEPTED : Both allow encrypted and non-encrypted connections. This is the default.
REJECTED : Both allow un-encrypted traffic only.
REQUESTED : Both request encrypted traffic but also accept non-encrypted traffic if encryption is not possible.
REQUIRED : Both accept encrypted traffic only.

Parameter values of ENCRYPTION_TYPES_SERVER | ENCRYPTION_TYPES_CLIENT:
These encryption are supported: (AES256, RC4_256, AES192, 3DES168, AES128, RC4_128, 3DES112, RC4_56, DES, RC4_40, DES40)

Example of Configuring SQLNET file
Note: Default is accepted state, it consider both encrypted or non encrypted data

-- At Server Side
SQLNET.ENCRYPTION_SERVER=REQUIRED
SQLNET.ENCRYPTION_TYPES_SERVER=(AES256)

--At Client Side
SQLNET.ENCRYPTION_CLIENT=REQUIRED
SQLNET.ENCRYPTION_TYPES_CLIENT=(AES256)

Note:
If you want to support multiple encryption method then used by placing comma in between them

SQLNET.ENCRYPTION_TYPES_SERVER= (AES256, RC4_256, AES192, 3DES168, AES128, RC4_128, 3DES112, RC4_56, DES, RC4_40, DES40)

USE OF NETMGR
You can also used NETMGR instead of Direct entry into the SQLNET.ORA file.
You need to set at both side client and Server side

At Server NETMGR
1. Open the NETMGR —> Expand the + buttons and Select PROFILE –> At Right Side Window, Select Network Security from drop down box
2. Go to Encryption Tab –> Select SERVER –> Choose option as REQUIRED –> Choose the encryption type AES256

Encryption

At Client NETMGR
1. Open the NETMGR —> Expand the + buttons and Select PROFILE –> At Right Side Window, Select Network Security from drop down box
2. Go to Encryption Tab –> Select Client –> Choose option as REQUIRED –> Choose the encryption type AES256

EncryptionClient

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.