RE: Question re security
Date: Thu, 16 Jan 2014 07:50:31 -0800
Message-ID: <3576924416107220860_at_unknownmsgid>
I still get questions why I need privs to install Oracle software. My answer is" if you want it installed without privs talk to Oracle, until then, that's what I need" I'm not well liked;-)
sent from my Windows Phone
Bill"shrek" thater Oracle DBA
Shrekdba_at_Gmail.com
"one ping to rule them all
One ping to find them
One ping to bring them all
And in the mutex bind them!"
From: Nuno Souto
Sent: 1/16/2014 2:42 AM
Cc: Oracle L
Subject: Re: Question re security
On 16/01/2014 5:49 PM, david_at_databasesecurity.com wrote:
Thanks! Good to see my opinion is shared by someone. The problem is when kids with no experience whatsoever of running IT sites are given free hand in coming up with security strategies and such. I mean, when a network "expert" claims a database is not secure because the listener is not using the usual 1521 port and does not ask for a password upfront, the only comment I can possibly offer is: "go take an Oracle 101 and a network 101 course and AFTER that, let's see if you still think that way".
-- Cheers Nuno Soutodbvision_at_iinet.net.au >Who here has database servers, app servers, admin and dev workstations, >each in its own subnet (4 subnets),Received on Thu Jan 16 2014 - 16:50:31 CET
>with firewalls between each subnet,
>all inside the company's intranet?
>I'd just like to know why and what security expectations, imperatives,
>constraints/conditions are being addressed/resolved by such a setup?
It depends on what you’re trying to protect. If it’s nuclear launch codes then yes – defence in depth – which this config is a typical example of – is the way to go. If the data is a list of recipes for cupcakes though this would indeed be overkill :) Cheers, David -- http://www.freelists.org/webpage/oracle-l