Oracle Directconnect (ODC) Security - is it ok?
From: Biz (bisley110@yahoo.co.uk)
Date: 02/26/03
- Next message: Lassi Hippeläinen: "Re: [urgent] which OSI layer is SSL located?"
- Previous message: phn@icke-reklam.ipsec.nu: "DeCSS creator Jon Johansen declared innocent !"
- Next in thread: Ron Ruble: "Re: Oracle Directconnect (ODC) Security - is it ok?"
- Reply: Ron Ruble: "Re: Oracle Directconnect (ODC) Security - is it ok?"
- Reply: Doug Fox: "Re: Oracle Directconnect (ODC) Security - is it ok?"
- Reply: Biz: "Re: Oracle Directconnect (ODC) Security - is it ok?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: bisley110@yahoo.co.uk (Biz) Date: 26 Feb 2003 03:02:47 -0800
Dear All
Our DBA wants to prevail upon a relatively new Oracle support service
called Oracle DirectConnect (ODC).
In a nutshell this allows an Oracle support engineer to gain remote
control of the DBA's PC to enable them to 'walk through' the reported
problem.
.... Remote Control! ... gulp (sounds like a security nightmare)
Oracle put a good spin on the service claiming that their top 100
customers all use it and it's completely secure.
I can see the business benefit (in that faults can be resolved far
more quickly) but I'm cautious about what we are opening ourselves up
to.
I'm happy to instigate policies around how this service can be invoked
and how it must be supervised (e.g. ensuring that the remote engineer
is on the phone for the period of the connection and that our own DBA
should drive the keyboard and mouse) but I don't know the full
capabilities of the remote control applet that Oracle download (this
occurs each time the service is invoked by the customer) ... I am not
too concerned if all activity is displayed on the DBA's PC.
Has anyone reviewed the Oracle DirectConnect service? (did you find
any nasty surprises)
Note: I have a fair degree of faith in Oracle as an organisation but I
take issue with the potential anonymity of the service - the customer
invokes the service requesting a specific engineer from the website,
albeit this is backed up by the same engineer being on the phone at
the time.
- Next message: Lassi Hippeläinen: "Re: [urgent] which OSI layer is SSL located?"
- Previous message: phn@icke-reklam.ipsec.nu: "DeCSS creator Jon Johansen declared innocent !"
- Next in thread: Ron Ruble: "Re: Oracle Directconnect (ODC) Security - is it ok?"
- Reply: Ron Ruble: "Re: Oracle Directconnect (ODC) Security - is it ok?"
- Reply: Doug Fox: "Re: Oracle Directconnect (ODC) Security - is it ok?"
- Reply: Biz: "Re: Oracle Directconnect (ODC) Security - is it ok?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
