1 2 Previous Next 17 Replies Latest reply: May 5, 2013 6:47 AM by Billy~Verreynne RSS

    Secure Port for SqlDeveloper

    yxes2013
      Hi All,

      I want to secure port for my Sqldeveloper which is on my laptop with IP 100.2.10.200 to connect to a scecured PROD server SLES 11.

      My laptop will the one only allowed to connect to the PROD using OEM and SqlDev . How do I configure it?

      What port does Sqldev uses? is it the same listener port 1521? same like the OEM 1158?


      Thanks....
        • 1. Re: Secure Port for SqlDeveloper
          JustinCave
          I'm not quite sure what you are asking. It sounds like you are trying to configure a firewall. Normally, that is a separate server on your network. If this is a toy environment, you might be running some firewall software on the database server itself but that is not a particularly scalable approach. If that's the case, first of all, that's not an Oracle question. You'd need to find a forum that specializes in whatever firewall you're using. You'll need to explain your precise network topology in that forum for someone to be helpful.

          You might, of course, want to look at the documentation for whatever firewall you're using.

          Justin
          • 2. Re: Secure Port for SqlDeveloper
            yxes2013
            Good Answer! I rate you 99% , and 1% for room of improvement ;)
            • 3. Re: Secure Port for SqlDeveloper
              Billy~Verreynne
              yxes2013 wrote:

              I want to secure port for my Sqldeveloper which is on my laptop with IP 100.2.10.200 to connect to a scecured PROD server SLES 11.
              Nonsensical question. SQL-Developer does not listen on a network port. The port it uses will be a client port in the dynamic port range - created when SQL-Developer connects to the Listener port on the Oracle server.

              Also, opened ports are by their very nature not secure. There is thus no such thing as an open and secure port. Open a port as a listening endpoint on a public NIC, and that port, with that service, is exposed to attack.

              The only way to "secure" a port is to remove that from the public network interface all together and run it on localhost (making it a local port only, and inaccessible to everyone else). And this has very limited use. An external client can only use that port via a ssh local tunnel. Which in turns requires you to make port 22/tcp public.
              • 4. Re: Secure Port for SqlDeveloper
                John Stegeman
                The TNS Listener can be configured to only accept connections from specific IP addresses. How to do that is in the documentation.
                • 5. Re: Secure Port for SqlDeveloper
                  Billy~Verreynne
                  An option/feature I dislike... In my view IP based security of that nature belongs further down in iptables, and not as some dorky Listener setting. Never really understood why Oracle had that as a Listener feature.
                  • 6. Re: Secure Port for SqlDeveloper
                    EdStevens
                    Billy  Verreynne  wrote:
                    An option/feature I dislike... In my view IP based security of that nature belongs further down in iptables, and not as some dorky Listener setting. Never really understood why Oracle had that as a Listener feature.
                    Agreed. At my last job a directive came down from higher in the organization mandating we use it. It was such a PITA that the field offices (one of which was where I worked) ended up just ignoring it.
                    Bad enough to expect IP filtering at the listener, worse was that it doesn't allow wild cards, thus instead of specifying a subnet, you have to specify each individual ip address ..... in an environment where many of the applications are running on DHCP desktops ...
                    • 7. Re: Secure Port for SqlDeveloper
                      yxes2013
                      I thanks you all,

                      But I dont get the message.

                      My point is, can I use sqldeveloper & OEM to monitor ah highly secure database? where every connection is being filtered in a complex firewall?
                      • 8. Re: Secure Port for SqlDeveloper
                        sb92075
                        yxes2013 wrote:
                        My point is, can I use sqldeveloper & OEM to monitor ah highly secure database? where every connection is being filtered in a complex firewall?
                        we give up.
                        can you, Mr. Brilliant?
                        • 9. Re: Secure Port for SqlDeveloper
                          sybrand_b
                          Connection Manager -which is not installed in a typical install -allows subnets.
                          Objection waived....

                          ----------
                          Sybrand Bakker
                          Senior Oracle DBA
                          • 10. Re: Secure Port for SqlDeveloper
                            Billy~Verreynne
                            yxes2013 wrote:

                            My point is, can I use sqldeveloper & OEM to monitor ah highly secure database? where every connection is being filtered in a complex firewall?
                            SQL-Developer is a client. The database is a server. Firewall in-between.

                            So how does it differ from any other scenario where client needs access to server via firewall? The client simply needs to be allowed, by the firewall, access to a specific port on that server IP.

                            This does not change because SQL-Developer is being used.
                            • 11. Re: Secure Port for SqlDeveloper
                              Billy~Verreynne
                              sybrand_b wrote:
                              Connection Manager -which is not installed in a typical install -allows subnets.
                              Objection waived....
                              But still no substitute for a proper firewall layer like iptables.

                              iptables is a pretty awesome piece of software - and does the job exceedingly well.
                              • 12. Re: Secure Port for SqlDeveloper
                                sybrand_b
                                Disagree.

                                Iptables is a pretty awful piece of software. Hard to understand, hard to manage, badly documented.
                                It might do the job ok.
                                But it's management is non-intuitive and a piece of black art.

                                ----------
                                Sybrand Bakker
                                Senior Oracle DBA
                                • 13. Re: Secure Port for SqlDeveloper
                                  yxes2013
                                  I thank you all :)
                                  • 14. Re: Secure Port for SqlDeveloper
                                    EdStevens
                                    sybrand_b wrote:
                                    Connection Manager -which is not installed in a typical install -allows subnets.
                                    Objection waived....

                                    ----------
                                    Sybrand Bakker
                                    Senior Oracle DBA
                                    True enough, but in the case I cited, the directive was specifically to use tcp.invited_nodes. An example of ham-fisted, clueless policy.
                                    1 2 Previous Next