Database Reference
In-Depth Information
CHAPTER 30
■ ■ ■
TNS Listener TCP/IP
Valid Node Checking
L
istener valid node checking may be used to prevent malicious or errant Oracle Net connec-
tions to DBMS instances. It's a “poor man's firewall” under control of the DBA. Production
DBMS instances may by separated from test and development instances without additional
hardware or firewall software simply by specifying a list of nodes that may contact the listener.
Valid node checking is documented, but it is undocumented that the parameters are fully
dynamic in Oracle10
g
and Oracle11
g
, such that the configuration may be enabled, changed,
and removed without stopping and restarting the TNS Listener, rendering the feature much
less intrusive.
Introduction to Valid Node Checking
Valid node checking is an interesting security feature that protects DBMS instances from
malevolent or errant Oracle Net connections over TCP/IP, without the need for a firewall or IP
address filtering at the operating system level. The feature is available in Oracle9
i
and subse-
quent releases at no extra cost.
Here's an anecdote that illustrates why valid node checking is a worthwhile feature. A
production database that had several database jobs was copied onto a test machine. The data-
base jobs started running on the test machine. Some of these jobs were using database links.
Since the database link definition contained a full Net service name definition, instead of refer-
encing a Net service name in
tnsnames.ora
(an undocumented feature), the test system was
able to access a critical production system and caused a deterioration in its performance. The
administrators got off lightly since the jobs were read-only. Imagine what could have happened
had the jobs modified production data. Correctly configured valid node checking would have
prevented the issue.
The feature is controlled by the three parameters
tcp.validnode_checking
,
tcp.invited_
nodes
, and
tcp.excluded_nodes
, which are presented in Table 30-1.
413
