Hello,
I need to support campus-wide access (and sometimes external access) to some
sensitive Oracle databases.
I would be interested in feedback on what is the best way to protect Oracle 7
SQL*Net and Oracle 7 with the Advanced Networking Option. [I presume the same
answer would apply to Oracle 8 (& the Advanced Security Option), if we ever
upgrade].
Specifically, I am really curious as to what depth do Oracle packets get
inspected and validated as proper SQL*Net packets by firewalls.
Do stateful inspection firewalls [CheckPoint's Firewall-1 and CISCO's PIX]
know anything really about SQL*net? They talk about having access to all
seven layers of the packet, but I doubt they really use all that information.
How much more checking do proxy based solutions do for Oracle packets?
If Oracle data is encrypted (via the Advanced Networking Option) do
proxy based firewalls support this and do they in fact offer any
additional protection over stateful inspection? I.E. if encrypted,
is there much more than state that can be maintained? If there is
only state, than the only advantage that the firewall gives me for
this protocol, is protection from denial of service attacks?
All suggestions are welcomed.
TIA,
--ray
-----------------------------------------------------------------
Ray Daoud Computing Center
Security Analyst McGill University
[EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
