As DB firewall can monitor and block all database related traffic, what if a user telnet/ssh to the database server then execute SQL statement? Can this kind of activities be monitored/logged in DB firewall?
In addition, how many databave server that a DB firewall can be monitored? Is there any limitation?
Thanks for your help,
Hi, and welcome to the forum!
As I understand the documentation (haven't worked with DB Firewall), there will be no protection from locally (on the database server) entered and executed SQL. This since the SQL never makes it on to the network.
I suspect that this is something you'll have to protect yourself against from with the help of limiting local access to the servers, both remote access via telnet/ssh and console access.
the Oracle Database Firewall provides a so-called local monitor. Statements that are not sent over the network will be captured and stored in a table. The content is then sent to the Firewall or Management Server. But so far it is not possible to block such statements.
I think there is a limitation. You can create Enforcement Points and for each enforcement point you can configure databases. In patch 4 for version 5.0 the number of possible enforcement points was changed to 80, but I don't know how many databases you can configure. This limitation is for a single database firewall.