Arup,
Thanks for the info. Can you elaborate a little on your understanding
of how a client would connect their own reporting tool _directly_ to
our database?
Paul
--- Arup Nanda [EMAIL PROTECTED] wrote:
Paul,
We use Advanced Security. the product is pricey and difficult to
setup; but
Jared,
Is that the book from sans.org?
Thanks,
Paul
--- Jared Still [EMAIL PROTECTED] wrote:
Yes, I will ditto the recommendation for Pete Finnigan's book.
Jared
On Fri, 2003-10-24 at 10:29, DENNIS WILLIAMS wrote:
Paul - We have some of the similar issues here
Yes: https://store.sans.org/store_item.php?item=80
On Mon, 2003-10-27 at 09:49, Paul Baumgartel wrote:
Jared,
Is that the book from sans.org?
Thanks,
Paul
--- Jared Still [EMAIL PROTECTED] wrote:
Yes, I will ditto the recommendation for Pete Finnigan's book.
Jared
On
Never mind, I see that it is. Thanks.
--- Paul Baumgartel [EMAIL PROTECTED] wrote:
Jared,
Is that the book from sans.org?
Thanks,
Paul
--- Jared Still [EMAIL PROTECTED] wrote:
Yes, I will ditto the recommendation for Pete Finnigan's book.
Jared
On Fri, 2003-10-24 at
We are an Application Service Provider--we maintain a set of servers in
a colocation facility and our customers use our application via the
Web. Security is a paramount concern, of course, and only our Web
server has a public IP address, with the application and database
servers completely
We're doing it as I write this for a convention taking place
half-way across the country.
The setup is
Client: Browser (IE), Cisco VPN Client, Adobe Acrobat, JInitiator
Middle tier: 9iAS rel2 Forms and Reports Server on Win2K
Db tier: Oracle 8.1.7 on Win2K
All servers are on our private
We use VPN access for work at home off hours support. Typical configuration:
Client: Broadband internet access(Comcast or the like) with NetScreen VPN
Client
Not sure what the firewall is. 2 3 tier clients work just spiffy.
Dick Goulet
Senior Oracle DBA
Oracle Certified 8i DBA
I can tell you right now, i'm VPN'd to a client overseas and have
NOT been able to get OCI to work over the protocol. I can telnet/ssh
to the machine where the Oracle server runs (its Solaris) and work
via a sql*plus window, but nothing runs locally (i.e., Toad or windows
version of sql*plus
Boss
Is this a firewall issue?
Dennis Williams
DBA
Lifetouch, Inc.
[EMAIL PROTECTED]
-Original Message-
Sent: Friday, October 24, 2003 10:45 AM
To: Multiple recipients of list ORACLE-L
I can tell you right now, i'm VPN'd to a client overseas and have
NOT been able to get OCI to
No problem here, except that it's slower if your expecting a ton of data.
Dick Goulet
Senior Oracle DBA
Oracle Certified 8i DBA
-Original Message-
Sent: Friday, October 24, 2003 11:45 AM
To: Multiple recipients of list ORACLE-L
I can tell you right now, i'm VPN'd to a client overseas
Are you tunneling sqlnet through ssh?
http://www.akadia.com/services/ssh_install_and_use.html
On Fri, 2003-10-24 at 08:44, Todd Boss wrote:
I can tell you right now, i'm VPN'd to a client overseas and have
NOT been able to get OCI to work over the protocol. I can telnet/ssh
to the machine
No, but (and forgive me for asking) why does that matter?
Is sqlnet tunneling important for security reasons, or important
for connectivity? I'm able to telnet to the box straight away.
I figured that, once VPN was connected, I'd be able to run whatever
applications I wanted locally. After not
You're going through a firewall that allows port 22 to go
through and connect to your ssh daemon via the VPN.
Port 15xx is likely being blocked, as well as the range
of ports used to create the sqlnet connections.
I'm not a security guru, but I doubt that the firewall admins
are opening all the
Jared,
I'm no network guru, so take this with a ton of salt, but this is how I
believe our network admin has it setup. The VPN tunnel comes in thru the outer
firewall on a specific port to the vpn server in the DMZ. The vpn server then spreads
the ports out as needed to the inner
Paul - We have some of the similar issues here (network/firewall/VPN/Oracle
Net). Based on your description of your business, you probably have some
competent network engineers on staff. My experience is that they routinely
handle issues like this, and you probably won't need to get involved in
I don't know. After hearing the explanation, it very well may be.
Our network guy is out (honeymoon). And my experience w/ VPN is
slim. For some reason I never considered it to be just another
protocol but rather to be a magical way that I could just
appear to be on the local net to all these
Todd
I like your magical way. Isn't that the goal with all technology
including databases? To the users it just magically works, but we elves down
in the boiler room have to make the magic. If you do a great job they never
know you're there.
Well with a last name like yours -- hey! Where I
Paul, our favorite health care company (we both used to work there)
is using Cisco VPN with SecurID tokens to grant remote access.
Once you log in, you are a part of the LAN and can use tnsnames.ora on
your local machine to connect to the PULSE database. No adjustments are
needed on the oracle
Yes, I will ditto the recommendation for Pete Finnigan's book.
Jared
On Fri, 2003-10-24 at 10:29, DENNIS WILLIAMS wrote:
Paul - We have some of the similar issues here (network/firewall/VPN/Oracle
Net). Based on your description of your business, you probably have some
competent network
I suppose it could be setup that way, but ours is not.
The only way to connect to a database from a local app
through the vpn ( for me anyway ) is to tunnel sqlnet
through ssh.
We could set it up to allow a certain range of ports
through, just as we do for other apps, but I don't
see any point
Thanks, everyone, for your helpful responses.
A talk with our Oracle sales droid has pointed me in the direction of
Oracle Advanced Security for authentication, encryption, and integrity.
Anyone have experience using this? We are considering using Entrust
SSL authentication as we already use
Paul,
We use Advanced Security. the product is pricey and difficult to setup; but
once in place it's in solid footing.
Advanced security does not replace VPN per se; it's purpose is slightly
different and broader in scope. If you take VPN away, how do you suppose you
will connect to the DB
22 matches
Mail list logo
