Re: Question re security

From: Nuno Souto <dbvision_at_iinet.net.au>
Date: Sat, 18 Jan 2014 15:04:23 +1100
Message-ID: <52D9FD47.70600_at_iinet.net.au>

On 18/01/2014 3:39 AM, Adric Norris wrote:

> I'm not saying this isn't a valid opinion, and I've certainly seen it
> expressed numerous times, but it only takes about 3 seconds for nmap
> (or similar utilities) to identify the changed port. This might
> provide a small amount of protection, against the fire-and-forget
> script kiddies, but is unlikely to deter a motivated attacker in the
> slightest.
>

Given a lot of auditors and sec experts seem to think that it's the insiders that are the biggest danger, I doubt any normal office worker will know what nmap is, much less how to sniff a network. As for true hackers, that is what firewalls and other such devices are there to stop or make life difficult. If they bypass those, it'll be child's play to break into everything else, let alone Oracle connections and/or pwds...

> Enabling network encryption, on the other hand, can provide quite a
> bit of protection against network sniffing.

It'll also significantly slow down the interaction between databases and j2ee apps with the usual "half the db cached in memory" approach. I think if one needs to run encryption everywhere in a non-mil or non-bank site, something is wrong with security approach for the intranet. Let's not get extreme paranoid.

-- 
Cheers
Nuno Souto
dbvision_at_iinet.net.au

--
http://www.freelists.org/webpage/oracle-l

Received on Sat Jan 18 2014 - 05:04:23 CET

This message: [ Message body ]
Next message: Nuno Souto: "Re: Question re security"
Previous message: Adric Norris: "verifying network encryption on 11gR2?"
In reply to: Adric Norris: "Re: Question re security"
Next in thread: D'Hooge Freek: "Re: Question re security"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message