This content has been marked as final. Show 5 replies
1 person found this helpful
946207 wrote:IP filtering is best done at the router, controlled by the Net Administrator. I would NOT be looking to oracle for a solution to this problem, especially since it seems that the access you are wanting to control is Remote Desktop.
on windows server 2003
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod PL/SQL Release 10.2.0.1.0 - Production "CORE 10.2.0.1.0 Production" TNS for 32-bit Windows: Version 10.2.0.1.0 - Production NLSRTL Version 10.2.0.1.0 - Production
database resides on a static ip(say x.x.x.x) that we use using "remote desktop connection"
it can be accessed from any machine with an internet connection
how to restrict access to this ip to only a set of computers(of our workplace) that are connected in a LAN
there is no VPN here
there is an idle static ip available (say y.y.y.y) which physically exists in our workplace, can it be put to use, to help me perform this task
thank you for the suggestions
Edited by: 946207 on Feb 1, 2013 3:07 PM
Are you asking how to restrict what machines can remote desktop in to the machine? Or how to restrict what machines can connect to the database? For the latter, you can use the sqlnet.invited_nodes parameter in the sqlnet.ora file. For the former, you'd want to post in a Windows security forum somewhere since that isn't an Oracle question.1 person found this helpful
In either case, is there a reason that you don't have at least a firewall to protect your internal network from the world? That's a pretty basic step in setting up a private network that is vaguely secure. Even if you set sqlnet.invited_nodes, I would never want my Oracle database exposed to the world.
Ed Stevens wrote:database access has to be limited to the computers that are within our workplace(not remote desktop)
especially since it seems that the access you are wanting to control is Remote Desktop.
1)i am aware of invited nodes list but how to specify ip's in tcp.invited_nodes list considering
each machine is not a static ip
2)every gets an ip when it is connected to the internet (it can be checked on some websites)
should i mention that in invited nodes list (i am not sure, i think that should not be mentioned)
(also if i mention "192.168.1.165" will machines all over the world with this ip be able to access the database)
Please suggest me the flow
3)we have one static ip y.y.y.y can it be put to some use here
a firewall to protect your internal network from the worldplease explain me this with a link/s
thank you both for your responses
Edited by: 946207 on Feb 2, 2013 4:43 PM
can we use streams between x.x.x.x and y.y.y.y
and then limit access to y.y.y.y
(dont want to be re inventing the wheel.. just a thought)
Edited by: 946207 on Feb 4, 2013 12:18 PM
you can use sqlnet.ora to include the below parameters to limit the access.
tcp.validnode_checking = YES
tcp.invited_nodes = ( X.X.X.X, hostname, ... )