Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Simple question (I think)

RE: Simple question (I think)

From: Peter McLarty <Peter_McLarty_at_technologyonecorp.com>
Date: Thu, 3 Aug 2006 12:18:23 +1000
Message-ID: <1BFEF5A6856E7C4D89A3DEE609AF884B4BAEED@brimail05.technologyonecorp.com> 





You should just need to allow 1521 or whatever your listener is on. Depending on your firewall some have Oracle ports in them to proxy your connection across. 
 


This is not all that uncommon and the only system as far as your firewall is concerned that is getting to your database is the DMZ system. 1521 and nearly everything else should be still blocked on the external side of your DMZ
 


Good rule of thumb don't allow an untrusted system to access right across the DMZ over your firewall. You have limited trust of the DMZ server so you provide it with limited access. 
 


You want to give the connection limited access to the schema as well to reduce the likelihood of damage if your external system connects badly. i.e. has been compromised.
 


If you can encrypt the traffic across the wall to the db server that can be good
 


Technet has a fair amount about security so that is likely worth a read may not provide specifics but may help you with your firewall admin
 


Cheers
 


Peter
 
 






From: oracle-l-bounce_at_freelists.org on behalf of Jared Still
Sent: Thu 3/08/2006 4:22 AM


To: zanenj_at_noord-holland.nl


Cc: oracle-l_at_freelists.org


Subject: Re: Simple question (I think)





On 8/2/06, Zanen, dhr. J.A. (Jack) van <zanenj_at_noord-holland.nl> wrote: 



        Hi All,
        

	This is what needs to be done:
	We have a website in a DMZ that needs to access data in our databases
	that are behind a firewall.
	I have never had to deal with DMZ, firewall issues before, so I ask this 
	list for some advice






Neither have I.



Which is why I would start with MetaLink Note 152133.1.





        SECOND question.
        

	Is this a good way to go through the firewall? Or are there issues with
	this way of doing it. Furthermore hwo did you solve this.







Poking holes in your firewall is not generally considered a good practice. 



See the note I mentioned, then do further searches on MetaLink.





-- 



Jared Still


Certifiable Oracle DBA and Part Time Perl Evangelist




--



http://www.freelists.org/webpage/oracle-l
Received on Wed Aug 02 2006 - 21:18:23 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US