There is a tool Oracle Direct Connect works like these: it uses ports 80,
443 internal clients connec to oracle and support engineer can control and
access our client pc and our network!!!This is very big security problem i
think...If there are a lot of sites in internet works on this logic then we
are not safe...We have isa on win2k with sp3.Any idea how can i restrict
this kind of tools?(Our users only has protocol rules for 80 and 443).
Oracle Direst connect works details: http://metalink.oracle.com/odc/Security_10_29_02.htm