5 Replies Latest reply: Feb 5, 2013 9:18 PM by Sunthar Tharmalingam RSS

    restricting access to a set of computers

    949210
      Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
      PL/SQL Release 10.2.0.1.0 - Production
      "CORE     10.2.0.1.0     Production"
      TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
      NLSRTL Version 10.2.0.1.0 - Production
      on windows server 2003
      database resides on a static ip(say x.x.x.x) that we use using "remote desktop connection"
      it can be accessed from any machine with an internet connection
      how to restrict access to this ip to only a set of computers(of our workplace) that are connected in a LAN
      there is no VPN here
      there is an idle static ip available (say y.y.y.y) which physically exists in our workplace, can it be put to use, to help me perform this task
      thank you for the suggestions

      Edited by: 946207 on Feb 1, 2013 3:07 PM
        • 1. Re: restricting access to a set of computers
          EdStevens
          946207 wrote:
          Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod
          PL/SQL Release 10.2.0.1.0 - Production
          "CORE     10.2.0.1.0     Production"
          TNS for 32-bit Windows: Version 10.2.0.1.0 - Production
          NLSRTL Version 10.2.0.1.0 - Production
          on windows server 2003
          database resides on a static ip(say x.x.x.x) that we use using "remote desktop connection"
          it can be accessed from any machine with an internet connection
          how to restrict access to this ip to only a set of computers(of our workplace) that are connected in a LAN
          there is no VPN here
          there is an idle static ip available (say y.y.y.y) which physically exists in our workplace, can it be put to use, to help me perform this task
          thank you for the suggestions

          Edited by: 946207 on Feb 1, 2013 3:07 PM
          IP filtering is best done at the router, controlled by the Net Administrator. I would NOT be looking to oracle for a solution to this problem, especially since it seems that the access you are wanting to control is Remote Desktop.
          • 2. Re: restricting access to a set of computers
            JustinCave
            Are you asking how to restrict what machines can remote desktop in to the machine? Or how to restrict what machines can connect to the database? For the latter, you can use the sqlnet.invited_nodes parameter in the sqlnet.ora file. For the former, you'd want to post in a Windows security forum somewhere since that isn't an Oracle question.

            In either case, is there a reason that you don't have at least a firewall to protect your internal network from the world? That's a pretty basic step in setting up a private network that is vaguely secure. Even if you set sqlnet.invited_nodes, I would never want my Oracle database exposed to the world.

            Justin
            • 3. Re: restricting access to a set of computers
              949210
              Ed Stevens wrote:
              especially since it seems that the access you are wanting to control is Remote Desktop.
              database access has to be limited to the computers that are within our workplace(not remote desktop)
              1)i am aware of invited nodes list but how to specify ip's in tcp.invited_nodes list considering
              each machine is not a static ip
              2)every gets an ip when it is connected to the internet (it can be checked on some websites)
              should i mention that in invited nodes list (i am not sure, i think that should not be mentioned)
              (also if i mention "192.168.1.165" will machines all over the world with this ip be able to access the database)
              Please suggest me the flow
              3)we have one static ip y.y.y.y can it be put to some use here
              a firewall to protect your internal network from the world
              please explain me this with a link/s
              thank you both for your responses

              Edited by: 946207 on Feb 2, 2013 4:43 PM
              • 4. Re: restricting access to a set of computers
                949210
                please suggest
                can we use streams between x.x.x.x and y.y.y.y
                and then limit access to y.y.y.y
                (dont want to be re inventing the wheel.. just a thought)

                Edited by: 946207 on Feb 4, 2013 12:18 PM
                • 5. Re: restricting access to a set of computers
                  Sunthar Tharmalingam
                  you can use sqlnet.ora to include the below parameters to limit the access.

                  tcp.validnode_checking = YES
                  tcp.invited_nodes = ( X.X.X.X, hostname, ... )