Using OAS data integrity for securing data in motion
Using data integrity guarantees that the packets will not be altered during transmission and reception. Data integrity can be used against replay attacks and MITM attacks, where the attacker may send crafted packets to obtain or modify different information from the database. Oracle provides SHA1 and MD5 hash functions for data integrity. Similarly with network encryption, if you want to use data integrity, an OAS license must be purchased. In the following recipe we will configure SHA1 for data integrity and we will demonstrate its utility against the Oracle Hijacking scenario.
Getting ready
The steps from this recipe will be performed on nodeorcl1 and nodeorcl5.
How to do it...
Open the
$ORACLE_HOME/network/admin/sqlnet.oraconfiguration file onnodeorcl1. Similarly with network encryption, data integrity also has desired checksum behavior which can be specified by usingSQLNET.CRYPTO_CHECKSUM_SERVER. Set the value torequiredas follows...
