RE: Best Practice - Oracle Network thru Firewall

Hi,

Interesting topic. As you say VPN may be expensive and also may not give you the needed security. I mean: can you trust the entire source network(s) or only the clients that want to connect? With CMAN I see the problem that you probably would have to expose it through a hole in the firewall..I would not know then if CMAN can be considered 'stronger' than the listener (my guess is that it is not).

I wonder if anybody sells reverse proxies, possibly with password authentication, that can be used with Oracle traffic in a scalable and secure way (and maybe also certified).
Similar objects (typically HW) are common for web applications and often used to add HTTPS support to 'old' web applications that can only use HTTP, so they maybe available for Oracle*net too.

Cheers,
L.

-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Tony Jambu Sent: Tuesday, March 14, 2006 12:50 AM
To: Richard Ji
Cc: stephen booth; Oracle-L_at_freelists.org Subject: Re: Best Practice - Oracle Network thru Firewall

Richard

It is a number of external clients. VPN maybe a very expensive option. Using a white list is also not an OPTION as some client use DHCP. I had intended to use ssh tunneling and do some more research into Oracle's CMAN. If there are any one using Oracle's CMAN for this purpose, I would love to hear from you. Thomas La Porte gave me some leads on this.

ta
tony

At 05:49 AM 11/03/2006, Richard Ji wrote:
>Is it just one client(site) needs to connect from outside through the
>FW? Then you should just establish a VPN as others pointed out. Even
>if it's for remote users, VPN is still a good way to go instead of
>having to punch a hole on FW for SQL*Net traffic or tunneling via SSH.
>
>Richard Ji
>
>>

--
http://www.freelists.org/webpage/oracle-l


--
http://www.freelists.org/webpage/oracle-l