Re: Encryption over Database Link
Date: Thu, 5 Jun 2014 12:57:51 -0400
Message-Id: <7DB7B087-015F-49E4-B8F9-6AA48616CA92_at_gmail.com>
Even uglier take a look at ssh tunnels. Cheap and works but you’d want a good amount of monitoring wrapped around such a solution and the source side would need pretty fast cpu’s or multiple tunnels. A VPN solution seems to be your best bet. That would also allow you to control other types of traffic. Advanced Security can be expensive but would get you encrypted SQLNet but would need to be licensed on both sides.
ssh -f oracle_at_10.0.0.28 -L 1569:10.0.0.28:1560 -N -C -c blowfish-cbc
On Jun 5, 2014, at 12:34 PM, Chris Taylor <christopherdtaylor1994_at_gmail.com> wrote:
> I wonder if you could setup a VPN connector on the remote host and use a VPN connection from the your server into the remote host and route your sqlnet connection (via tns) over the VPN tunnel into the remote server?
>
> Chris
>
>
> On Thu, Jun 5, 2014 at 11:29 AM, Deas, Scott <Scott.Deas_at_lfg.com> wrote:
> Hello,
>
>
>
> We have a requirement that we create database links to a database at an external site. The network will be public, meaning we need to ensure all communication across said network needs to be encrypted.
>
>
>
> We have no control over the destination database, we are passing SQL to the destination database and pulling back results, but need to make sure that all transmissions across the link will be encrypted (not just user authentication).
>
>
>
> The local databases will be 10.2.0.4 on AIX and 11.2.0.4 on Linux. The destination database will be 11.2.0.3 on AIX. All are Enterprise Edition. I’ve read through some of the documentation for Advanced Security, and we do have some licenses available, so if that’s the best solution, we can implement it at the local databases, but destination database will not have Advanced Security installed, so any solutions that require it on both sides would not work.
>
>
>
> Additionally (and most obviously), we want to avoid any changes to the code utilizing these links, so any suggestions creating views on top of tables using DBMS_CRYPTO to encrypt and then decrypt at the local database won’t work. We really just need to implement a secure way to transfer packets been the two sites.
>
>
>
> Thanks,
> Scott
>
>
>
> Notice of Confidentiality: **This E-mail and any of its attachments may contain
> Lincoln National Corporation proprietary information, which is privileged, confidential,
> or subject to copyright belonging to the Lincoln National Corporation family of
> companies. This E-mail is intended solely for the use of the individual or entity to
> which it is addressed. If you are not the intended recipient of this E-mail, you are
> hereby notified that any dissemination, distribution, copying, or action taken in
> relation to the contents of and attachments to this E-mail is strictly prohibited
> and may be unlawful. If you have received this E-mail in error, please notify the
> sender immediately and permanently delete the original and any copy of this E-mail
> and any printout. Thank You.**
>
>
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Jun 05 2014 - 18:57:51 CEST