|
The Advanced Security option is the best and easiest way to encrypt database network traffic. It
is an add-on option and has cost, so your situation isn't uncommon.
The best alternative would be to use SSH tunnels. The basic configuration is
that you create a tunnel from client to server. The client endpoint would be
on a certain port number (say, 9000). The server endpoint would be your
database listener port (1521). You can establish a tunnel using a command
similar to this:
ssh -L 9000:dbserver:1521 someuser@dbserver
Once the tunnel is started, it must remain running while any database
connections are active. With the tunnel listening on the local client machine
on port 9000, change your tnsnames.ora entry on the client to this:
dbname.world =
(DESCRIPTION=
(ADDRESS=(PROTOCOL=TCP)(HOST=client-hostname)(PORT=9000))
(CONNECT_DATA=(SERVICE_NAME=dbname.world))
)
and then you should be able to connect to the database using this alias. When
you do, all network traffic is sent over the network inside the SSH tunnel
(which is an encrypted tunnel).
From Windows clients to Unix hosts, you can use PuTTY (tutorial is
here)
on the client PC as the SSH client. If your database server is Windows, you can use Cygwin to create
an SSH server process that you can connect to on the Windows host.
|
