Week 3 Written Assignment Encrypting in the Database

In our readings we have learned the importance of encryption of sensitive data across database
environments. Lets consider the data stored in the database. What about the three approaches to
remedy clear text data being stored in the databases data files and in subsequent copies used for
redundancy or copied to backup media? This assignment looks at encryption methods related to
securing sensitive data in the database.

For this assignment you are required to do BOTH Part A and Part B

Part A

Note: Dont forget about the Oracle documentation.

http://www.oracle.com/webfolder/technetwork/tutorials/obe/db/11g/r1/prod/security/tde/tde.htm.

Submit short answers that discuss the following questions:

1. What is Transparent Data Encryption used in Oracle?

2. What are the datatypes for columns that can be encrypted? How would you create an
encrypted column in a new or existing table? What are the pros and cons of column
encryption? Hint: look at primary keys and applications such as CRM.
3. When might you use the tablespace encryption?
4. What laws or regulation considerations should you consider when looking at encryption
methods?

Part B Lab Create Profiles and Roles

In addition to your text and notes, links to tutorials are provided in the left navigation panel
under Oracle and SQL/PL Resources
Your mission is to develop a single SQL script that will perform all the following tasks:

Phase 1. Create three (3) users (schema) as follows:

User Password Other Parameters

Tablespace: USERS
DBSEC_ADMIN is481admin
Temporary tablespace: TEMP

DBSEC_CLERK is481clerk Same as above

DBSEC_DEV is481$dev Same as above

Phase 2. Create three profiles as specified in the following table:

Profile Resources Password
PASSWORD_LIFE_TIME= 1
SESSIONS_PER_USER=5
month
DBSEC_ADMIN_PROF CONNECT_TIME=8 hours
PASSWORD_GRACE_TIME=7
IDLE_TIME=1 hour
days
PASSWORD_LIFE_TIME= 1
CONNECT_TIME=2 hours
month
DBSEC_DEV_PROF IDLE_TIME=2 hours
PASSWORD_GRACE_TIME=14
CPU_PER_CALL=1 minute
days
FAILED_LOGIN_ATTEMPTS=3
SESSIONS_PER_USER=1
PASSWORD_LIFE_TIME= 1
CPU_PER_CALL=5 seconds
month
CONNECT_TIME=8 hours
DBSEC_CLERK_PROF PASSWORD_LOCK_TIME=3
IDLE_TIME=30 minutes
days
LOGICAL_READS_PER_CALL=10 0
PASSWORD_GRACE_TIME=14
Database Blocks
days

Phase 3. Create roles with the following privileges:

Role Name Privileges

DBSEC_ADMIN_ROLE SELECT and ALTER on all DBSEC tables
DBSEC_CLERK_ROLE SELECT, INSERT, and UPDATE on all DBSEC tables
SELECT, INSERT, UPDATE and DELETE on all DBSEC
DBSEC_SUPERVISOR_ROLE
tables
DBSEC_QUERY_ROLE SELECT only on CUSTOMER table owned by DBSEC

Phase 4. Assign roles and profile to the users as in the following table:

User Name Role Profile

DBSEC_ADMIN DBSEC_ADMIN_ROLE DBSEC_ADMIN_PROF
DBSEC_CLERK DBSEC_CLERK_ROLE DBSEC_CLERK_PROF
DBSEC_ADMIN_ROLE plus
DBSEC_DEV DBSEC_DEV_PROF
DBSEC_SUPERVISOR_ROLE

5. Connect as DBSEC_CLERK/is481clerk.

6. Perform a simple query on SUPPLIER table owned by DBSEC.

Tips:
 1. DBSEC tables refer to the tables you created under previous project. DBSEC is the
owner of those data.

2. When you need to connect to SYSTEM user, please use a syntax so that it will ask the
user to type the password. A typical example will be: "connect system;"

3. For step 6 above, you may have to specify the table name as "dbsec.supplier."

Submission Requirement:

The SQL script files will be required and the screen capture of the creation.

Grading Rubric

Criteria Excellent Competent Needs Total

Improvement Points
Possible
Overview of (10-9 points) ( 8-7 points) (6-0 points) 10
TDE Meets Provides Insufficiently
Proficient overview of provides
criteria and TDE and explanation of
substantiated usage TDE and usage
with evidence
to support use
of TDE
Column (10-9 points) ( 8-7 points) (6-0 points) 10
Encryption Discusses the Discusses the Insufficiently
data types that data types that describes the
should be should be data types that
encrypted with encrypted with should be
the pros and the pros and encrypted.
cons. Meets cons but does
Proficient not supply
criteria and reasons behind
substantiated selection.
with evidence
to support
selection.
Tablespace (10-9 points) ( 8-7 points) (6-0 points) 10
Encryption Meets Provides Insufficiently
Proficient reasoning for provides
 criteria and the pros and reasoning for
substantiated cons of the pros and
with evidence tablespace cons tablespace
to support encryption encryption.
reasoning for
the pros and
cons of
tablespace
encryption
Laws & (10-9 points) ( 8-7 points) (6-0 points) 10
Regulation Meets Provides an Insufficiently
Considerations Proficient explanation of provides an
criteria and the explanation of
substantiated relationship of the relationship
with evidence encryption of encryption
to explain the with law and with law and
relationship of regulation regulation
encryption
with law and
regulation.
Creation of (20-18 points) (17-15 points) (14-0 points) 20
Profiles Submission Submission Submission
includes both includes both does not
script file and script file and include both
screen capture. screen capture script file and
with errors. screen capture
with errors.
Creation of (20-18 points) (17-15 points) (14-0 points) 20
Roles Submission Submission Submission
includes both includes both does not
script file and script file and include both
screen capture. screen capture script file and
with errors. screen capture
with errors.
Assigned (20-18 points) (17-15 points) (14-0 points) 20
profiles and Submission Submission Submission
roles to includes both includes both does not
accounts script file and script file and include both
screen capture. screen capture script file and
with errors. screen capture
with errors.