Pete Finnigan's Oracle Security Forum
        (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
      

        Oracle Security >> Oracle Security >> Bequeath connections auditing
        
(Message started by: Pete Finnigan on Mar 13th, 2006, 3:16pm)
Title: Bequeath connections auditing
Post by Pete Finnigan on Mar 13th, 2006, 3:16pm
Hi All.

Got involved in a debate with a client the other day which I'd be interested in anyones input.

I was asked how bequeath connections could be audited. It has always been my understanding that when a database is running bequeath connections still go through the listener, therefore anything monitoring listener traffic would pick up the commands being used.

When the db is not running then it is used directly to the database exe to startup or modify params etc.

Am I wrong?

Part of the same discussion was that local connections go through the 127.0.0.1 address, but do not get out to the network drivers. This particular client believed that it did, and that was why most of his applications use bequeath for local connection so as to not slow down the connection.

Is this wrong?

Thanks

Kevin.
Title: Re: Bequeath connections auditing
Post by Pete Finnigan on Mar 16th, 2006, 9:38pm
The specific protocol of a connection doesn't have an impact on the audit.  

If you are using the userenv context as part of a FGA policy the value of ip_address is null for bequeath/ipc connections.

-Kevin Hrim
Title: Re: Bequeath connections auditing
Post by Pete Finnigan on Mar 24th, 2006, 9:26pm
Hi Kevin,
Discovered this evening your question(s).
- bq can be easelly audited on unix (pps), some more programming knowledge requests for win (\\.\ + DDK).
- normal for a NetService that a) is a unix like systems.. getting as a native this IPC style with b) local connections. We can expect good LIMITED response times (bandw.). Any other situation (remote, only a) point or by ex. beside win or on heterog. environments) TCP/IP can scale to infini(band). He got a new life with 10G (>connect /@ ... >"file not found"  ??? ). Sorry for "obfuscated" style...

8) Cheers...
Title: Re: Bequeath connections auditing
Post by Pete Finnigan on Mar 29th, 2006, 9:50pm
Any feedback?  ???


Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board