The Advanced Security option is the best and easiest way to encrypt database network traffic. It is an add-on option and has cost, so your situation isn't uncommon.
The best alternative would be to use SSH tunnels. The basic configuration is that you create a tunnel from client to server. The client endpoint would be on a certain port number (say, 9000). The server endpoint would be your database listener port (1521). You can establish a tunnel using a command similar to this:
ssh -L 9000:dbserver:1521 someuser@dbserver
Once the tunnel is started, it must remain running while any database connections are active. With the tunnel listening on the local client machine on port 9000, change your tnsnames.ora entry on the client to this:
dbname.world = (DESCRIPTION= (ADDRESS=(PROTOCOL=TCP)(HOST=client-hostname)(PORT=9000)) (CONNECT_DATA=(SERVICE_NAME=dbname.world)) )and then you should be able to connect to the database using this alias. When you do, all network traffic is sent over the network inside the SSH tunnel (which is an encrypted tunnel).
From Windows clients to Unix hosts, you can use PuTTY (tutorial is here) on the client PC as the SSH client. If your database server is Windows, you can use Cygwin to create an SSH server process that you can connect to on the Windows host.
This was first published in November 2004