Re: VPN to database?

Paul,

We use Advanced Security. the product is pricey and difficult to setup; but once in place it's in solid footing.

Advanced security does not replace VPN per se; it's purpose is slightly different and broader in scope. If you take VPN away, how do you suppose you will connect to the DB server, directly? Hardly. So, VPN _may_ be required regardless.

Some of the uses of AS are (not exhaustive)

1. Encryption and Checksumming of Net8 connection between the db server and the app servers (and any other users connected to the db server directly). This is the bare minimum security manadated by HIPAA and unfortunately Oracle does not provide a solution as a part of the base product. You may not need it, though; since using intelligent subnets and using firewalls around the db servers can limit threats to an acceptable degree.
2. Single signon. We use it in our app servers (running IIS) where the authentication is done using certificates. Again, this is necessary due to the refusal of the Development group to introduce database userids and eliminate the application authentication.

The second part can be addressed in a different way. Using an application user security model where the users supply their userid and password to the database for authentication will eliminate the need to have a Windows user to be authenticated. A simple mechanism will be to authenticate the user agaist the database as the very first step. If authentication fails, the app will not proceed further. This will eliminate the authentication of the user by Windows. This model has been in use on a different app here and works great; but on the other app, the manager insists on one authentication on Windows and then another on the database, hence single signon.

HTH. Arup Nanda
www.proligence.com

• Original Message ----- To: "Multiple recipients of list ORACLE-L" <ORACLE-L_at_fatcity.com> Sent: Friday, October 24, 2003 10:09 PM

> Thanks, everyone, for your helpful responses.
>
> A talk with our Oracle sales droid has pointed me in the direction of
> Oracle Advanced Security for authentication, encryption, and integrity.
> Anyone have experience using this? We are considering using Entrust
> SSL authentication as we already use Entrust to authenticate users of
> our app. Would Advanced Security replace a VPN, or coexist with it?
>
>
>
> =====
> Paul Baumgartel
> Transcentive, Inc.
> www.transcentive.com
>
> __________________________________
> Do you Yahoo!?
> The New Yahoo! Shopping - with improved product search
> http://shopping.yahoo.com
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Paul Baumgartel
> INET: treegarden_at_yahoo.com
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Arup Nanda
  INET: orarup_at_hotmail.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).