Host Authentication and Communication
Managing Security for Backup Networks 6-11
Automated and Manual Certificate Provisioning Mode
Oracle Secure Backup provides automated and manual modes for initializing the
security credentials for a client host that wants to join the domain. The automated
mode is easy to use, but it has potential security vulnerabilities. The manual mode is
harder to use, but it is less vulnerable to tampering.
In automated certificate provisioning mode, which is the default, adding a host to the
domain is transparent. The host generates a public key/private key pair and then
sends a certificate request, which includes the public key, to the Certification
Authority (CA). The CA issues the host an identity certificate, which it sends to the
host along with any certificates required to establish a chain of trust to the CA.
The communication between the two hosts is over a secure but non-authenticated
Secure Sockets Layer (SSL) connection. It is conceivable that a rogue host could insert
itself into the network between the CA and the host, thereby masquerading as the
legitimate host and illegally entering the domain.
In manual certificate provisioning mode, the CA does not automatically transmit
certificate responses to the host. You must transfer the certificate as follows:
1. Use the obcm utility to export a signed certificate from the CA.
2. Use a secure mechanism such as a floppy disk or USB key chain drive to transfer a
copy of the signed identity certificate from the CA to the host.
3. Use obcm on the host to import the transferred certificate into the host's wallet.
The obcm utility verifies that the certificate request in the wallet matches the
signed identity certificate.
You must balance security and usability to determine which certificate provisioning
mode is best for your administrative domain.
Oracle Wallet
Oracle Secure Backup stores every certificate in an Oracle wallet. The wallet is
represented on the operating system as a password-protected, encrypted file. Each
host in the administrative domain has its own wallet in which it stores its identity
certificate, private key, and at least one trusted certificate. Oracle Secure Backup does
not share its wallets with other Oracle products.
Besides maintaining its password-protected wallet, each host in the domain maintains
an obfuscated wallet. This version of the wallet does not require a password. The
obfuscated wallet, which is scrambled but not encrypted, enables the Oracle Secure
Backup software to run without requiring a password during system startup.
The password for the password-protected wallet is generated by Oracle Secure Backup
and not made available to the user. The password-protected wallet is not usually used
after the security credentials for the host have been established, because the Oracle
Secure Backup daemons use the obfuscated wallet.
Figure 6–4 illustrates the relationship between the certificate authority and other hosts
in the domain.
Note: To reduce risk of unauthorized access to obfuscated wallets,
Oracle Secure Backup does not back them up. The obfuscated version
of a wallet is named cwallet.sso. By default, the wallet is located in
/usr/etc/ob/wallet on Linux and UNIX and C:\Program
Files\Oracle\Backup\db\wallet on Windows.
To Next Page
Loading...
Need help?
General