|
||
Title: IP address in oracle network files Post by Pete Finnigan on Apr 2nd, 2009, 6:32pm What is the reason of justifcation for using the IP address instead of the hostname in Oracle Network files? The DISA stig and CIS documents both state to make this change. thanks, David Ehresmann |
||
Title: Re: IP address in oracle network files Post by Pete Finnigan on Apr 3rd, 2009, 12:19pm Hi David, The reason is that hostnames are easier to subvert/spoof than an IP Address is. Someone could place a rogue DNS server in an organisation and play man-in-the-middle attacks. Basically this is not number 1 on the list of Oracle security hardening advice but if you want to go the extra mile its worth doing simply because IP addresses are harder to spoof than hostnames. I appreciate that hostnames are easier to work with in some cases with Oracle because of things like failover. If you were using something like valid node checking for instance ip addresses would make spoofing your way past it harder than if hostnames were used. cheers Pete |
||
Powered by YaBB 1 Gold - SP 1.4! Forum software copyright © 2000-2004 Yet another Bulletin Board |