Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Oracle 11g Anti-hacker's Cookbook

You're reading from   Oracle 11g Anti-hacker's Cookbook Make your Oracle database virtually impregnable to hackers using the knowledge in this book. With over 50 recipes, you'll quickly learn protection methodologies that use industry certified techniques to secure the Oracle database server.

Arrow left icon
Product type Paperback
Published in Oct 2012
Publisher Packt
ISBN-13 9781849685269
Length 302 pages
Edition 1st Edition
Languages
Arrow right icon
Author (1):
Arrow left icon
Adrian Neagu Adrian Neagu
Author Profile Icon Adrian Neagu
Adrian Neagu
Arrow right icon
View More author details
Toc

Table of Contents (16) Chapters Close

Oracle 11g Anti-hacker's Cookbook
Credits
Foreword
About the Author
About the Reviewers
www.PacktPub.com
Preface
1. Operating System Security 2. Securing the Network and Data in Transit FREE CHAPTER 3. Securing Data at Rest 4. Authentication and User Security 5. Beyond Privileges: Oracle Virtual Private Database 6. Beyond Privileges: Oracle Label Security 7. Beyond Privileges: Oracle Database Vault 8. Tracking and Analysis: Database Auditing Index

Using TCP wrappers to allow and deny remote connections


By using TCP wrappers you can control the accepting or denying of incoming connections from specified servers and networks. You may use this capability to protect your network in conjunction with a firewall. In the following recipe, we will allow connections opened through ssh only from the nodeorcl5 host and deny from all others by using TCP wrappers.

Getting ready

All steps will be performed on nodeorcl1 as root.

How to do it...

TCP wrappers at host level are controlled by two files located in the /etc directory called hosts.allow and hosts.deny.

  1. First we will start to deny all incoming connections from all hosts using all services by adding the following line into /etc/hosts.deny:

    # hosts.deny    This file describes the names of the hosts which are
    #               *not* allowed to use the local INET services, as decided
    #               by the '/usr/sbin/tcpd' server.
    #
    # The portmap line is redundant, but it is left to remind you that
    # the new secure portmap uses hosts.deny and hosts.allow.  In particular
    # you should know that NFS uses portmap!
    ALL:ALL
    ................................................................
    
  2. In this moment if we try to establish a connection from nodeorcl5 it will be denied:

    [oraclient@nodeorcl5 ~]$ ssh -l oracle nodeorcl1
    ssh_exchange_identification: Connection closed by remote host
    
    [oraclient@nodeorcl5 .ssh]$ ssh -l oracle nodeorcl1
    oracle@nodeorcl1's password:
    Last login: Sun Aug 12 19:47:21 2012 from nodeorcl5
    [oracle@nodeorcl1 ~]$
    
  3. To allow incoming connections only with ssh include the following in /etc/hosts.allow:

    #
    #
    # hosts.allow   This file describes the names of the hosts which are
    #               allowed to use the local INET services, as decided
    #               by the '/usr/sbin/tcpd' server.
    #
    sshd: nodeorcl5
    ……………………………………………………………………………………
    

How it works...

All changes to hosts.deny and hosts.allow takes immediately in effect; hosts.allow has precedence over the hosts.deny file.

The format for rules is composed by a service or daemon, and host name or IP address. In our examples, we denied all services from all hosts and allowed only ssh connections from nodeorcl5.

There is more...

You can set rules for an entire network as follows:

Sshd :10.241.132.0/225.255.255.0

Exceptions can be set by using the EXCEPT clause:

Sshd : ALL EXCEPT 10.241.132.122
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image