Re: Oracle Directconnect (ODC) Security - is it ok?

From: Doug Fox (dfox168@hotmail.com)
Date: 02/27/03

  • Next message: OneGuy: "Re: a forensic question" 
    From: "Doug Fox" <dfox168@hotmail.com>
Date: Thu, 27 Feb 2003 03:18:51 GMT

    Biz;

    In addition to what you have listed below, I would add a NDA between the two
    companies.

    BTW, Microsoft provides such service using WebEx.

    "Biz" <bisley110@yahoo.co.uk> wrote in message
    news:23bcf5e6.0302260302.2adbbdbf@posting.google.com...
    > Dear All
    >
    > Our DBA wants to prevail upon a relatively new Oracle support service
    > called Oracle DirectConnect (ODC).
    >
    > In a nutshell this allows an Oracle support engineer to gain remote
    > control of the DBA's PC to enable them to 'walk through' the reported
    > problem.
    >
    > .... Remote Control! ... gulp (sounds like a security nightmare)
    >
    > Oracle put a good spin on the service claiming that their top 100
    > customers all use it and it's completely secure.
    >
    > I can see the business benefit (in that faults can be resolved far
    > more quickly) but I'm cautious about what we are opening ourselves up
    > to.
    >
    > I'm happy to instigate policies around how this service can be invoked
    > and how it must be supervised (e.g. ensuring that the remote engineer
    > is on the phone for the period of the connection and that our own DBA
    > should drive the keyboard and mouse) but I don't know the full
    > capabilities of the remote control applet that Oracle download (this
    > occurs each time the service is invoked by the customer) ... I am not
    > too concerned if all activity is displayed on the DBA's PC.
    >
    > Has anyone reviewed the Oracle DirectConnect service? (did you find
    > any nasty surprises)
    >
    > Note: I have a fair degree of faith in Oracle as an organisation but I
    > take issue with the potential anonymity of the service - the customer
    > invokes the service requesting a specific engineer from the website,
    > albeit this is backed up by the same engineer being on the phone at
    > the time.

    Relevant Pages

    • Re: Oracle Directconnect (ODC) Security - is it ok?
      ... connected for the period that they're available for support activity. ... and select the appropriate engineer from a dropdown list. ... If the session can truly be locked down by the customer to be viewing ... Disaffected employees at the Support Company (Oracle) or ExpertCity ...
      (comp.security.misc)
    • Re: Oracle support is sub-optimal
      ... next engineer to ask you yet again for the log files you already uploaded.. ... purchased by another company with no Oracle experience and this will lead ... upper management to believe the Oracle prodcuts are "sub-optimal". ... and they are listening. ...
      (comp.databases.oracle.server)
    • Re: Oracle support is sub-optimal
      ... On Jul 4, 12:48 pm, "gym dot scuba dot kennedy at gmail" ... next engineer to ask you yet again for the log files you already uploaded. ... upper management to believe the Oracle prodcuts are "sub-optimal". ... If the puppet heads are listening they are taking their eye off the ball. ...
      (comp.databases.oracle.server)
    • Re: Oracle support is sub-optimal
      ... the next engineer to ask you yet again for the log files you already ... Our company was purchased by another company with no Oracle experience ... Please email David Warhoe: david.warhoe@xxxxxxxxxx about this matter. ... Thanks Daniel, ...
      (comp.databases.oracle.server)
    • Re: In The News: Sun Microsystems
      ... "Engineer: Oracle support. ... I have a problem xyz with my Oracle on Linux, ... DBA: No, no, I guess you didn't hear me right. ...
      (comp.unix.solaris)