Ray Daoud wrote:
> I need to support campus-wide access (and sometimes external access) to some
> sensitive Oracle databases.
The key to doing this in a secure way is to use a firewall with a SQL*Net /
Net8 proxy. Oracle has collaborated with a few firewall vendors to enable
them to build these. An application proxy with detailed SQL*Net protocol
knowledge will provide you with much better security and access control
than a stateful inspection / packet filter type of firewall -- for example
you scan specify exactly which SIDs can be accessed through the proxy, you
can keep detailed transaction logs, etc.
The one I have the most experience with with the SQL*Net proxy in NAI's
Gauntlet firewall. You need *both* Oracle and Gauntlet knowledge to
configure it, but once done it works extremely well and gives you excellent
granulariy of control over what SQL*Net connections are permitted.
(Starting in Gauntlet 5.5, I beleive, this also support Net8). It does
support Oracle Advanced Networking.
Richard
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
