RE: Monitoring Port 1521

How about using ssh with port forwarding? It will certainly encrypt your communication, even without an extra listener and any port you like. Of course, you will have to find a way for the 'new' application to open the ssh tunnel (automatically or not). Depends on how that application is started.

Kind regards,
Eric.

-----Oorspronkelijk bericht-----

Van: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] Namens Daniel Looby
Verzonden: vrijdag 20 mei 2005 20:28
Aan: oracle-l_at_freelists.org
Onderwerp: Monitoring Port 1521

We have an application that makes use of port 1521 for an oracle listener. The port is totally blocked outside of a domain and so the security level is set to 'request' for encryption.

But now there is a need for a system outside of the domain to have access via an oracle listener. But in this case we need to insure that all traffic is encrypted.

Our DBA (hey, I'm the poor support person) worked with Oracle to try to set up a second listener on another port with the security level set to 'encrypt'. Oracle and the DBA worked may hours attempting this, but found they could not get multiple listeners at different security levels working (anyone successful at this?).

Drop to Plan B. Set up a second listener (same security level) on another port and open that port to the other system. Now the only problem is to ensure that all traffic is encrypted. We have a 'promise' from the other system that it will always encrypt requests.

To ensure that we are doing due diligence how can one monitor and recognize that the traffic is actually encrypted? If we find that it isn't then we want to re-enable our firewall to block them.

Suggestions? Solutions? Help!

Dan

--

http://www.freelists.org/webpage/oracle-l

--

http://www.freelists.org/webpage/oracle-l Received on Fri May 20 2005 - 18:26:59 CDT