Re: SQL*NET/orasrv security problem
Date: Thu, 7 Apr 1994 11:26:37
Message-ID: <ks.48.000B718F_at_ic.uva.nl>
In article <ks.45.000F01C3_at_ic.uva.nl> I wrote:
>Maybe tcp wrapper can be used to restrict incoming tcp calls on port 1525 to
>certain IP addresses only? I'll ask Wietse Venema, the author.
Wietse Vemema <wietse_at_wzv.win.tue.nl> replied (in Dutch) that tcp wrapper is
suitable for processes that are started for an individual client. The
securelib library (SunOS 4.x) is suitable for daemons that serve more than one
client. Both can be found on ftp.win.tue.nl in /pub/security.
On reading the securelib.README file I thought this could indeed be a simple solution to Gunnar's problem.
As an alternative Wietse mentioned a filtering bridge or router that protect the serverfrom clients in "wrong" networks. There exist low-cost solutions for this(drawbridge from net.tamu.edu, karlbridge from ?? see archie listings), and of course commercial routers. These allow filtering per host or network port.
Regards,
Karel
| Karel Sprenger | Email: ks_at_ic.uva.nl | | Informatiseringscentrum | phone: +31-20-525 2302 | | Universiteit van Amsterdam | +31-20-525 2741 || Turfdraagsterpad 9, NL-1012 XT AMSTERDAM | fax : +31-20-525 2084 | | *** PGP Public Key available on request *** | home : +31-20-675 0989 | Received on Thu Apr 07 1994 - 11:26:37 CEST