Oracle Security over a Network Oracle databases and technology were originally designed to work over a network and distribution of applications and data. With this in mind Oracle security must include management of connections and servers. Oracle always operates in client/server mode. Some form of client is always present, even on a stand-alone pc, where both the client and server reside on the same machine. In a 2 tier system there is usually what is called a fat client installed on a system. This connects to the database over a network. An alternative technology is to use an Application Server system. Oracle Application Server is one of these. Others are Weblogic, Websphere, Tomcat and others. They all need a client. Some of these may use an Oracle Client or a “thin client” in order to connect. This makes security over the network a problem. A malicious attacker can get through security setups due to bugs or configuration which is not adequate enough to prevent this from occurring. There needs to be an open connection to the database server. The Listener is an Oracle process which accepts all the connections for any databases it is located on. This is the crux of the security issue. It can be difficult to secure the listener a there are various angles to consider. One of these is that the remote connections are outside direct influence and therefore additional steps need to be taken to strengthen security. The Oracle Connection Manager can be used to monitor and manage this. Passwords can be added to Listener security to provide another layer of access An Oracle Listener should not be allowed unfettered access to a firewall. The use of a Demilitarised Zone (DMZ) should be used to check the connections over the firewall. This makes for much easier monitoring and control of connections and security.