Re: Question regarding Oracle listener port change

From: Andy Wattenhofer <watt0012_at_umn.edu>
Date: Fri, 5 Apr 2019 09:33:39 -0500
Message-ID: <CAFU3ey4YW_zBxR6R1EJfgQoeDVaWH5LK-0hQbkwdRmuEzsgMtQ_at_mail.gmail.com>

That's not a problem that is unique to government, in my experience. It seems to be more a function of size and bureaucracy. In some cases I would even say that private sector is worse, given the profit motive and the fact that security doesn't deliver profit.

Andy

On Fri, Apr 5, 2019 at 9:02 AM Bill Ferguson <wbfergus_at_gmail.com> wrote:

> I tried using a different port roughly 10 years back, and the rest of my
> organization really got their feathers ruffled. and I finally had to switch
> it back to 1521. The overwhelming majority of "DBA's" within my Federal
> Government organization, don't know anything about Oracle, like most of
> their software, and install everything with the defaults. I've tried
> getting the higher level "management" to issue a few basic security
> mandates about changing the ports, not installing with (or at least
> de-activating) default settings, etc., and it just falls on deaf ears. When
> I try doing a mass email to alert the other Oracle "DBA's", I'd usually get
> an official slap on the wrist and told to quit rocking the boat.
>
> Anyway, I think this is a huge part of the problem with security of
> Government databases. The people that brown-nosed their way into the
> positions where they can dictate the policy and direction of the
> organization have absolutely no idea of what they placed in charge of, and
> what would be the most common-sense way of approaching the issue. But it is
> partly because of these security failures that I never mention which
> Department or Agency I work for. It could possibly open us up to a more
> concentrated attack, and I also do not want any of opinions to be
> considered as indicative of the official position or opinion of the group I
> work for (big legal headaches there).
>
> bill Ferguson
>
> On Thu, Mar 28, 2019 at 5:48 PM DRCDBA (Gmail) <drcdba_at_gmail.com> wrote:
>
>> Personally I don't keep any database - internal or external facing - on
>> port 1521. Just don't like default settings I guess!
>>
>> On Mar 28, 2019, at 5:12 PM, Mark W. Farnham <mwf_at_rsiz.com> wrote:
>>
>> I’m just curious.
>>
>>
>>
>> Doesn’t everyone with a public network wan change the 1521 port and put a
>> honey pot on 1521 to absorb attack vectors?
>>
>>
>>
>> Do folks actually leave it as 1521 for systems that allow
>> off-closed-campus access?
>>
>>
>>
>> mwf
>>
>>
>>
>> *From:* oracle-l-bounce_at_freelists.org [
>> mailto:oracle-l-bounce_at_freelists.org <oracle-l-bounce_at_freelists.org>] *On
>> Behalf Of *Rakesh Ra
>> *Sent:* Wednesday, March 27, 2019 9:18 AM
>> *To:* Shane Borden
>> *Cc:* Oracle-L Freelists
>> *Subject:* Re: Question regarding Oracle listener port change
>>
>>
>>
>> Hi All,
>>
>>
>>
>> Just to keep you all updated, the reason for port 1521 working was , we
>> had teleran software installed which was internally swapping the port from
>> 1521 to 1621. Below is the snippet from teleran logs.
>>
>>
>>
>>
>>
>>
>>
>> managettds.log:03/23/2019 20:05:19:589 TT03235 <INFO> (genericdb)
>> Connecting to Knowledge Base: jdbc:oracle:thin:_at_//xxxxx-scan:1521/<SID>
>>
>> managettds.log:03/23/2019 20:05:29:312 TT00712 <INFO> (ttsystem) Swapping
>> Oracle port from 1521 to 1621
>>
>>
>>
>>
>>
>> Regards,
>>
>> Rakesh RA
>>
>>
>>
>> On Tue, Mar 26, 2019 at 5:32 PM Shane Borden <sborden76_at_gmail.com> wrote:
>>
>> Did you change the ports on both the scan and the local listener? Update
>> the database parameters and re-register?
>>
>> Shane Borden
>> sborden76_at_gmail.com
>> Sent from my iPhone
>>
>> > On Mar 26, 2019, at 7:50 AM, Rakesh Ra <rakeshra.tr_at_gmail.com> wrote:
>> >
>> > Hi All,
>> >
>> > We have full rack exadata server X5 version with 11.2.0.4 version DB
>> running on it.. We changed the port number of scan and local listener from
>> 1521 to 1621.
>> > I tried connecting to the database remotely using scan and default
>> service with port 1521 , connection is going through. I also tried
>> connecting to the database using scan and default service using 1621 port
>> as well. With that also I am able to connect. Should I ideally get my
>> connection request with port 1521 rejected with some TNS errors?? Or is
>> this is expected??
>> >
>> > Regards,
>> > Rakesh RA
>>
>>
>
> --
> -- Bill Ferguson
>

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Apr 05 2019 - 16:33:39 CEST

This message: [ Message body ]
Next message: Paul Drake: "Re: Oracle JAVA licensing"
Previous message: Bill Ferguson: "Re: Oracle JAVA licensing"
In reply to Bill Ferguson: "Re: Question regarding Oracle listener port change"
Next in thread: Paul Drake: "Re: Question regarding Oracle listener port change"
Reply: Paul Drake: "Re: Question regarding Oracle listener port change"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message