RE: Monitoring Port 1521
- From: "Eric Buddelmeijer" <Eric.Buddelmeijer@xxxxxxxxxx>
- To: <dan.looby@xxxxxxxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
- Date: Sat, 21 May 2005 00:22:12 +0200
How about using ssh with port forwarding? It will certainly encrypt your
communication, even without an extra listener and any port you like. Of
course, you will have to find a way for the 'new' application to open the
ssh tunnel (automatically or not). Depends on how that application is
started.
Kind regards,
Eric.
-----Oorspronkelijk bericht-----
Van: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
Namens Daniel Looby
Verzonden: vrijdag 20 mei 2005 20:28
Aan: oracle-l@xxxxxxxxxxxxx
Onderwerp: Monitoring Port 1521
We have an application that makes use of port 1521 for an oracle listener.
The port is totally blocked outside of a domain and so the security level is
set to 'request' for encryption.
But now there is a need for a system outside of the domain to have access
via an oracle listener. But in this case we need to insure that all traffic
is encrypted.
Our DBA (hey, I'm the poor support person) worked with Oracle to try to set
up a second listener on another port with the security level set to
'encrypt'. Oracle and the DBA worked may hours attempting this, but found
they could not get multiple listeners at different security levels working
(anyone successful at this?).
Drop to Plan B. Set up a second listener (same security level) on another
port and open that port to the other system. Now the only problem is to
ensure that all traffic is encrypted. We have a 'promise' from the other
system that it will always encrypt requests.
To ensure that we are doing due diligence how can one monitor and recognize
that the traffic is actually encrypted? If we find that it isn't then we
want to re-enable our firewall to block them.
Suggestions? Solutions? Help!
Dan
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
