Table of Contents
Advertisement
Enterprise User Security Deployment Considerations
Consider the following issues before deploying Enterprise User Security:
Security Aspects of Centralizing Security Credentials
Beyond the general benefits that flow from the centralization of enterprise users and
their associated credentials, there are a number of security-related benefits and risks
that should be reviewed.
Security Benefits Associated with Centralized Security Credential Management
Centralizing management makes it easier and faster to administer users,
credentials, and roles, and to quickly revoke a user's privileges on all applications
and databases across the enterprise. With centralized management, the
administrator can delete a user in one place to revoke all global privileges,
minimizing the risk of retaining unintended privileges.
Centralizing management makes it possible to centralize an organization's security
expertise. Specialized, security-aware administrators can manage all aspects of
enterprise user security, including directory security, user roles and privileges, and
database access. This is a substantial improvement over the traditional model,
where DBAs are typically responsible for everything on the databases they manage,
including security.
Security Risks Associated with Centralized Security Credential Management
While Oracle Internet Directory is a secure repository, there is a security challenge
and inherent risk in centralizing credentials in any publicly accessible repository.
Although centralized credentials can be protected at least as securely as distributed
credentials, the very nature of centralization increases the consequences of
inadvertent credential exposure to unauthorized parties. It is therefore imperative
to limit the privileges of administrators, to set restrictive Access Control Lists
(ACLs) in the directory, and to implement good security practices in the protection
of security credentials when they are temporarily outside of the directory.
Security Aspects of Centralizing Security Credentials
Security of Password-Authenticated Enterprise User Database Login
Information
Considerations for Defining Database Membership in Enterprise Domains
Considerations for Choosing Authentication Types between Clients, Databases,
and Directories for Enterprise User Security
Enterprise User Security Deployment Considerations
Getting Started with Enterprise User Security 11-25
Advertisement
Chapters
Table of Contents
Troubleshooting
