Chaps and chapesses, does anyone out there know a good location or doc for firewall security with Oracle? Metalink (Oracle's site doesn't seem to be too hot). Inside / Outside the firewall pro's and con's issues, how to set up that sort of thing. On Linux of course. Is there a firewall version of Linux? Is it not just normal Linux with some packages installed and some tweaking? Am I barfing up the wrong tree?
Why would you want something specific to Oracle? The dangers facing servers are very similar, be it that they serve web, news, mail, directory or database content and functions. The differences from a firewalling perspective lie in the direction of communication and the protocol used, the question whether an application layer gateway is available, and the ports used. IMHO, you'd be a fool not to shield an Oracle database with a firewall if you're allowing access from a potentially hostile environment. Many people prefer to place 'staging' databases in DMZ networks that hold only the bare records necessary to perform their function and that exchange data with the production database on the internal network, so that the latter never has direct contact with the hostile environment. Really, apply common sense and security principles and you'll get a sound design, no matter what type of service you're dealing with.
This message is confidential and may also contain privileged [snip]
You do realise that your disclaimer is twice as long as the mail you wrote? <shrug> Tobias