RE: Encryption over Database Link

From: Deas, Scott <Scott.Deas_at_lfg.com>
Date: Thu, 5 Jun 2014 17:03:42 +0000
Message-ID: <C1FB7BA65B13C542B2CB1CE5DB8F74AF169AE617_at_NC2PWEX501.us.ad.lfg.com>

Thanks everyone for the quick replies, and no worries, you aren’t hassling me, this is exactly the type of feedback I want to hear.

So yes, we’ve being put into a position to “make something work”.

Some backstory that I omitted from my original post:

-We’re moving an existing database to a hosted solution at the vendor
-db links are in place now between local databases and existing database that is being sent out to vendor (it’s just that everything’s in-house now)
-there is a dedicated network that has been setup for all communication, but I just found out yesterday that we should not consider it to be secure, and need to make sure we’re securing everything that goes across it

Regarding testing, would enabling tracing via the sqlnet.ora at both sides allow us to see if encryption existed? Would we need to configure the remote database to handle encrypted traffic (probably a dumb question)?

Thanks,
Scott

From: Niall Litchfield [mailto:niall.litchfield_at_gmail.com] Sent: Thursday, June 05, 2014 12:54 PM
To: Deas, Scott
Cc: oracle-l_at_freelists.org
Subject: Re: Encryption over Database Link

Scott

Not meaning to hassle you - not least because it sounds like you are tasked with making this work. Your requirements seem to boil down to.

please let me talk to a remote data source over the net.
make sure our comms are secure.
we have no way of knowing *they* are secure

Doesn't 3 break the business case for 1 and 2. What's the point of you securing your sql traffic to them, if they can just accept sql over the net anyway? . I suspect you (meaning your org) needs to do a business deal allowing for secure 2 way comms between you and them. Frankly the idea of connecting to a remote db that allowed just anyone to connect to it scares me silly. Notice of Confidentiality: **This E-mail and any of its attachments may contain Lincoln National Corporation proprietary information, which is privileged, confidential, or subject to copyright belonging to the Lincoln National Corporation family of companies. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. Thank You.**

--

http://www.freelists.org/webpage/oracle-l Received on Thu Jun 05 2014 - 19:03:42 CEST

This message: [ Message body ]
Next message: Deas, Scott: "RE: Encryption over Database Link"
Previous message: Kenny Payton: "Re: Encryption over Database Link"
In reply to: Niall Litchfield: "Re: Encryption over Database Link"
Next in thread: Deas, Scott: "RE: Encryption over Database Link"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message