3 Replies Latest reply on Mar 16, 2012 9:19 AM by User396406 -Oracle

    Monitor non database related traffic

    User396406 -Oracle
      Dear all,

      As DB firewall can monitor and block all database related traffic, what if a user telnet/ssh to the database server then execute SQL statement? Can this kind of activities be monitored/logged in DB firewall?

      In addition, how many databave server that a DB firewall can be monitored? Is there any limitation?

      Thanks for your help,
        • 1. Re: Monitor non database related traffic
          Hi, and welcome to the forum!

          As I understand the documentation (haven't worked with DB Firewall), there will be no protection from locally (on the database server) entered and executed SQL. This since the SQL never makes it on to the network.

          I suspect that this is something you'll have to protect yourself against from with the help of limiting local access to the servers, both remote access via telnet/ssh and console access.

          • 2. Re: Monitor non database related traffic

            the Oracle Database Firewall provides a so-called local monitor. Statements that are not sent over the network will be captured and stored in a table. The content is then sent to the Firewall or Management Server. But so far it is not possible to block such statements.

            I think there is a limitation. You can create Enforcement Points and for each enforcement point you can configure databases. In patch 4 for version 5.0 the number of possible enforcement points was changed to 80, but I don't know how many databases you can configure. This limitation is for a single database firewall.

            • 3. Re: Monitor non database related traffic
              User396406 -Oracle
              Hi Johan & JoergB,

              Many thanks for your reply and it's useful.