RE: Question re security

  • From: bill thater <shrekdba@xxxxxxxxx>
  • To: Nuno Souto <dbvision@xxxxxxxxxxxx>
  • Date: Thu, 16 Jan 2014 07:50:31 -0800

I still get questions why I need privs to install Oracle software. My
answer is" if you want it installed without privs talk to Oracle, until
then, that's what I need" I'm  not well liked;-)

sent from my Windows Phone
Bill"shrek" thater  Oracle DBA
Shrekdba@xxxxxxxxx
"one ping to rule them all
One ping to find them
One ping to bring them all
And in the mutex bind them!"
------------------------------
From: Nuno Souto
Sent: 1/16/2014 2:42 AM
Cc: Oracle L
Subject: Re: Question re security

  On 16/01/2014 5:49 PM, david@xxxxxxxxxxxxxxxxxxxx wrote:

Thanks!  Good to see my opinion is shared by someone.
The problem is when kids with no experience whatsoever of running IT sites
are given free hand in coming up with security strategies and such.
I mean, when a network "expert" claims a database is not secure because the
listener is not using the usual 1521 port and does not ask for a password
upfront, the only comment I can possibly offer is:
"go take an Oracle 101 and a network 101 course and AFTER that, let's see
if you still think that way".

-- 
Cheers
Nuno Soutodbvision@xxxxxxxxxxxx



 >Who here has database servers, app servers, admin and dev workstations,
 >each in its own subnet (4 subnets),
>with firewalls between each subnet,
>all inside the company's intranet?

>I'd just like to know why and what security expectations, imperatives,
>constraints/conditions are being addressed/resolved by such a setup?

It depends on what you’re trying to protect. If it’s nuclear launch codes
then yes – defence in depth – which this config is a typical example of –
is the way to go. If the data is a list of recipes for cupcakes though this
would indeed be overkill
:)
 Cheers,
 David

Other related posts: