Monday, May 24, 2010

How to Block Unwanted Connection @ Oracle Net Manager

It is completely depending on the type of application and network configuration you have in your environment, Node validation can be a powerful tool to restrict most traffic from the Listener. Currently I am supporting web applications database and I found that only web application require access to the Listener from the application servers and a limited number of clients for administration. The simplest method to determine valid IP addresses for checking nodes is through database auditing.

As I read in some notes, it is always recommended that we always have session level auditing enabled.


In Oracle 9i/10g Database the valid node checking lines are added to the $ORACLE_HOME/network/admin/sqlnet.ora file.

tcp.validnode_checking = yes
tcp.invited_nodes = (x.x.x.x | name, x.x.x.x | name)
tcp.excluded_nodes=( x.x.x.x | name, x.x.x.x | name)

Any one option can be included i.e. either the invited_nodes or excluded_nodes and not both. Only individual IP addresses or host names are allowed.

For more details I would request you to read Oracle Connection Manager reference material at Oracle Docs.

Thanks,
ingress

No comments:

Post a Comment