Oracle Consulting Oracle Training Oracle Support Development
Oracle Books
SQL Server Books
IT Books
Job Interview Books
Rampant Horse Books
911 Series
Pedagogue Books

Oracle Software
Write for Rampant
Publish with Rampant
Rampant News
Rampant Authors
Rampant Staff
Oracle News
Oracle Forum
Oracle Tips
Articles by our Authors
Press Releases
SQL Server Books

Oracle 11g Books

Oracle tuning

Oracle training

Oracle support

Remote Oracle


Privacy Policy


  Oracle Tips by Burleson

Chapter 4 General Oracle Security

Figure 4.2 Firewalls and Demilitarized Zones

Sometimes, this process is rather complicated, especially in cases where the file transfer is rather regular. In those cases, instead of establishing the server in the DMZ, the external users directly interact with the servers inside the firewall. Instead of using the regular ports for ftp, they use a different port for a different type of ftp, known as Secure FTP (sftp or ftps). A similar concept exists for http traffic in a secured manner, known as secured http (https).

What if the company's web server interacts with the database server during the normal course of business? Shouldn't the ports of the database be open outside the firewall for these accesses?

Not at all. The architecture should be designed in such a way that the database server never has any ports open to the firewall. All application traffic has to come to the application server, which should then connect to the database server using the port defined by the listener. The only allowable connection to the database server must be from the application server using the listener

port (1521, usually; but it can be changed). If the architecture enables the access of this port by the external users and machines, seriously consider changing it. The preferred architecture is shown in Figure 4.3.

Figure 4.3: Optimal application server, database server interaction

Some companies utilize more than one firewall – one encompassing all the machines in the network, and the other protecting the most important ones inside this firewall. Examples include a database server, a document server containing important documents, such as claims records, etc.

Generally, the port 80 is used for http traffic. Besides this port, no other ports need be opened to carry out the normal operation of business. If open, they will invite hackers to get in through an unsecured doorway. Therefore, they should be completely closed off.

This type of setup may need some tweaking to allow the application server to connect to the database server. This will be discussed in Chapter 7, under Network Security.

The Important points

  • Always use a firewall.

  • If needed, use a firewall around the vulnerable servers like the database server.

  • Open only those ports needed for business, no more than that.

  • The outside users should never connect from the firewall directly.

  • Use a Demilitarized Zone, if convenient.

  • Otherwise, use secured ftp and http.



Download your Oracle scripts now:

The definitive Oracle Script collection for every Oracle professional DBA


Linux Oracle commands syntax poster

ION Oracle tuning software

Oracle data dictionary reference poster

Oracle Forum

BC Oracle consulting support training

BC remote Oracle DBA   



 Copyright © 1996 -2017 by Burleson. All rights reserved.

Oracle® is the registered trademark of Oracle Corporation. SQL Server® is the registered trademark of Microsoft Corporation. 
Many of the designations used by computer vendors to distinguish their products are claimed as Trademarks