User's Manual
Security Challenges in an Enterprise Environment
Introduction to Oracle Advanced Security 1-3
the amount of information that organizations place on computers. Employee and
financial records, customer orders, product information, and other sensitive data
have moved from filing cabinets to file structures. The volume of sensitive
information on the Web has thus increased the value of data that can be
compromised.
Common Security Threats
The increased volume of data in distributed, heterogeneous environments exposes
users to a variety of security threats, including the following:
■ Eavesdropping and Data Theft
■ Data Tampering
■ Falsifying User Identities
■ Password-Related Threats
Eavesdropping and Data Theft
Over the Internet and in wide area network environments, both public carriers and
private networks route portions of their network through insecure land lines,
vulnerable microwave and satellite links, or a number of servers— exposing
valuable data to interested third parties. In local area network environments within
a building or campus, the potential exists for insiders with access to the physical
wiring to view data not intended for them, and network sniffers can be installed to
eavesdrop on network traffic.
Data Tampering
Distributed environments bring with them the possibility that a malicious third
party can compromise integrity by tampering with data as it moves between sites.
Falsifying User Identities
In a distributed environment, it is more feasible for a user to falsify an identity to
gain access to sensitive information. How can you be sure that user Pat connecting
to Server A from Client B really is user Pat?
Moreover, in distributed environments, malefactors can hijack connections. How
can you be sure that Client B and Server A are what they claim to be? A transaction
that should go from the Personnel system on Server A to the Payroll system on
Server B could be intercepted intransit and re-routed to a terminal masquerading as
Server B.