Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Oracle Database Connection Encryption detection

    Posted 11-12-2020 07:48
    Edited by Christopher Detzel 11-12-2020 07:55

    Hi,

     

    We are running Imperva 13.6 Oracle agent with <enable-oracle-aso>true</enable-oracle-aso> set.

     

    Now, we assume that there is some Oracle connection that have Oracle Native Network Encryption  disabled and still managed to connect to the database. We want to detect and alert such connections. Is this possible please?

     

    Thanks and Regards,

    Dom

     

    Database Security Specialist

    Cyber Security , Cyber Protection & Design, Cyber Protective Service - DBAM

     

     


    ************** IMPORTANT MESSAGE *****************************
    This e-mail message is intended only for the addressee(s) and contains information which may be
    confidential.
    If you are not the intended recipient please advise the sender by return email, do not use or
    disclose the contents, and delete the message and any attachments from your system. Unless
    specifically indicated, this email does not constitute formal advice or commitment by the sender
    or the Commonwealth Bank of Australia (ABN 48 123 123 124 AFSL and Australian credit licence 234945)
    or its subsidiaries.
    We can be contacted through our web site: commbank.com.au.
    If you no longer wish to receive commercial electronic messages from us, please reply to this
    e-mail by typing Unsubscribe in the subject line.
    **************************************************************


  • 2.  RE: Oracle Database Connection Encryption detection

    Posted 12-11-2020 10:57
    @Dominic Tsang

    I was told that you got the answers to this question. if so, please share with the community. If not, let us know.

    Chris ​

    ------------------------------
    Christopher Detzel
    Community Manager
    Imperva
    ------------------------------



  • 3.  RE: Oracle Database Connection Encryption detection

    Posted 08-10-2021 04:42
    Edited by Kent Zhou 08-10-2021 08:26

    If the connection to your database is encrypted, you need to take additional action to decrypt traffic, otherwise SecureSphere will be unable to see data.

    SecureSphere supports the following types of database connection encryption :

    • ASO (NDE – Diffie Hellman) - Oracle only
    • Standard SSL

    ASO (NDE – Diffie Hellman) - Oracle only

    Oracle Advanced Security is an encryption protocol similar to SSL. ASO is currently supported on specific platforms including some RedHat and OEL-UEK platforms.

    To configure support for ASO in SecureSphere:

    If you are using ASO to encrypt your database connection, you must enable both ASO and EIK via the specific agent's Advanced Configuration pane in SecureSphere.

    First, to identify if your database is configured for ASO encryption, on the database server open the file sqlnet.ora, then search for the string "ENCRYPTION_SERVER" or "ASO". If neither of these strings is found, then NDS (ASO) is not configured.



    ------------------------------
    Kent Zhou
    PS
    ------------------------------