This discussion is archived
5 Replies Latest reply: Feb 5, 2013 7:18 PM by Sunthar Tharmalingam RSS

restricting access to a set of computers

949210 Newbie
Currently Being Moderated
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
PL/SQL Release 10.2.0.1.0 - Production
"CORE     10.2.0.1.0     Production"
TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
NLSRTL Version 10.2.0.1.0 - Production
on windows server 2003
database resides on a static ip(say x.x.x.x) that we use using "remote desktop connection"
it can be accessed from any machine with an internet connection
how to restrict access to this ip to only a set of computers(of our workplace) that are connected in a LAN
there is no VPN here
there is an idle static ip available (say y.y.y.y) which physically exists in our workplace, can it be put to use, to help me perform this task
thank you for the suggestions

Edited by: 946207 on Feb 1, 2013 3:07 PM
  • 1. Re: restricting access to a set of computers
    EdStevens Guru
    Currently Being Moderated
    946207 wrote:
    Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
    PL/SQL Release 10.2.0.1.0 - Production
    "CORE     10.2.0.1.0     Production"
    TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
    NLSRTL Version 10.2.0.1.0 - Production
    on windows server 2003
    database resides on a static ip(say x.x.x.x) that we use using "remote desktop connection"
    it can be accessed from any machine with an internet connection
    how to restrict access to this ip to only a set of computers(of our workplace) that are connected in a LAN
    there is no VPN here
    there is an idle static ip available (say y.y.y.y) which physically exists in our workplace, can it be put to use, to help me perform this task
    thank you for the suggestions

    Edited by: 946207 on Feb 1, 2013 3:07 PM
    IP filtering is best done at the router, controlled by the Net Administrator. I would NOT be looking to oracle for a solution to this problem, especially since it seems that the access you are wanting to control is Remote Desktop.
  • 2. Re: restricting access to a set of computers
    Justin Cave Oracle ACE
    Currently Being Moderated
    Are you asking how to restrict what machines can remote desktop in to the machine? Or how to restrict what machines can connect to the database? For the latter, you can use the sqlnet.invited_nodes parameter in the sqlnet.ora file. For the former, you'd want to post in a Windows security forum somewhere since that isn't an Oracle question.

    In either case, is there a reason that you don't have at least a firewall to protect your internal network from the world? That's a pretty basic step in setting up a private network that is vaguely secure. Even if you set sqlnet.invited_nodes, I would never want my Oracle database exposed to the world.

    Justin
  • 3. Re: restricting access to a set of computers
    949210 Newbie
    Currently Being Moderated
    Ed Stevens wrote:
    especially since it seems that the access you are wanting to control is Remote Desktop.
    database access has to be limited to the computers that are within our workplace(not remote desktop)
    1)i am aware of invited nodes list but how to specify ip's in tcp.invited_nodes list considering
    each machine is not a static ip
    2)every gets an ip when it is connected to the internet (it can be checked on some websites)
    should i mention that in invited nodes list (i am not sure, i think that should not be mentioned)
    (also if i mention "192.168.1.165" will machines all over the world with this ip be able to access the database)
    Please suggest me the flow
    3)we have one static ip y.y.y.y can it be put to some use here
    a firewall to protect your internal network from the world
    please explain me this with a link/s
    thank you both for your responses

    Edited by: 946207 on Feb 2, 2013 4:43 PM
  • 4. Re: restricting access to a set of computers
    949210 Newbie
    Currently Being Moderated
    please suggest
    can we use streams between x.x.x.x and y.y.y.y
    and then limit access to y.y.y.y
    (dont want to be re inventing the wheel.. just a thought)

    Edited by: 946207 on Feb 4, 2013 12:18 PM
  • 5. Re: restricting access to a set of computers
    Sunthar Tharmalingam Explorer
    Currently Being Moderated
    you can use sqlnet.ora to include the below parameters to limit the access.

    tcp.validnode_checking = YES
    tcp.invited_nodes = ( X.X.X.X, hostname, ... )

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points