Oracle Directconnect (ODC) Security - is it ok?

From: Biz (bisley110@yahoo.co.uk)
Date: 02/26/03 

From: bisley110@yahoo.co.uk (Biz)
Date: 26 Feb 2003 03:02:47 -0800

Dear All

Our DBA wants to prevail upon a relatively new Oracle support service
called Oracle DirectConnect (ODC).

In a nutshell this allows an Oracle support engineer to gain remote
control of the DBA's PC to enable them to 'walk through' the reported
problem.

.... Remote Control! ... gulp (sounds like a security nightmare)

Oracle put a good spin on the service claiming that their top 100
customers all use it and it's completely secure.

I can see the business benefit (in that faults can be resolved far
more quickly) but I'm cautious about what we are opening ourselves up
to.

I'm happy to instigate policies around how this service can be invoked
and how it must be supervised (e.g. ensuring that the remote engineer
is on the phone for the period of the connection and that our own DBA
should drive the keyboard and mouse) but I don't know the full
capabilities of the remote control applet that Oracle download (this
occurs each time the service is invoked by the customer) ... I am not
too concerned if all activity is displayed on the DBA's PC.

Has anyone reviewed the Oracle DirectConnect service? (did you find
any nasty surprises)

Note: I have a fair degree of faith in Oracle as an organisation but I
take issue with the potential anonymity of the service - the customer
invokes the service requesting a specific engineer from the website,
albeit this is backed up by the same engineer being on the phone at
the time.

Relevant Pages

  • Re: Oracle Directconnect (ODC) Security - is it ok?
    ... connected for the period that they're available for support activity. ... and select the appropriate engineer from a dropdown list. ... If the session can truly be locked down by the customer to be viewing ... Disaffected employees at the Support Company (Oracle) or ExpertCity ...
    (comp.security.misc)
  • Re: Oracle support is sub-optimal
    ... next engineer to ask you yet again for the log files you already uploaded.. ... purchased by another company with no Oracle experience and this will lead ... upper management to believe the Oracle prodcuts are "sub-optimal". ... and they are listening. ...
    (comp.databases.oracle.server)
  • Re: Oracle support is sub-optimal
    ... On Jul 4, 12:48 pm, "gym dot scuba dot kennedy at gmail" ... next engineer to ask you yet again for the log files you already uploaded. ... upper management to believe the Oracle prodcuts are "sub-optimal". ... If the puppet heads are listening they are taking their eye off the ball. ...
    (comp.databases.oracle.server)
  • Re: In The News: Sun Microsystems
    ... "Engineer: Oracle support. ... I have a problem xyz with my Oracle on Linux, ... DBA: No, no, I guess you didn't hear me right. ...
    (comp.unix.solaris)
  • Re: Oracle support is sub-optimal
    ... the next engineer to ask you yet again for the log files you already ... Our company was purchased by another company with no Oracle experience ... Please email David Warhoe: david.warhoe@xxxxxxxxxx about this matter. ... Thanks Daniel, ...
    (comp.databases.oracle.server)