Call now: 252-767-6166  
Oracle Training Oracle Support Development Oracle Apps

 E-mail Us
 Oracle Articles
New Oracle Articles

 Oracle Training
 Oracle Tips

 Oracle Forum
 Class Catalog

 Remote DBA
 Oracle Tuning
 Emergency 911
 RAC Support
 Apps Support
 Oracle Support

 SQL Tuning

 Oracle UNIX
 Oracle Linux
 Remote s
 Remote plans
 Application Server

 Oracle Forms
 Oracle Portal
 App Upgrades
 SQL Server
 Oracle Concepts
 Software Support

 Remote S


 Consulting Staff
 Consulting Prices
 Help Wanted!


 Oracle Posters
 Oracle Books

 Oracle Scripts

Don Burleson Blog 







Lock Down Your Server

Oracle Database Tips by Donald BurlesonMay 15, 2015

The internet can be a dangerous place.  Data and personal information can be attacked from malicious hackers, script kiddies, and open relays.  The open relay option even provides the user the added bonus of anonymity. 

The logical solution would be to hide everything behind a firewall and lock it down.  While data is safer behind a firewall, the experienced hacker might still be able to access it.  Firewalls can also be a hindrance to remote data access.  With larger number of companies choosing to cut cost by moving to remote offices for employees it is vital that they balance data protection against data access.  Even if companies do not have telecommuters on their work force, they may need remote data access for traveling workers or even for clients.  Whatever the reason, it is vital that they be able to access the data while protecting it as well.

There are several problems with remote connections.  For example, when using user name and password authentication, if that information is captured the entire network is compromised.  Another would be passing data in clear text which leaves personal data exposed. 

Now that we've looked at some of the problems with having remote access to data, what are options for a solution?  An excellent choice is a virtual private network (VPN), which allows for secure authentication, host/client validation, and passwords behind keys.  Another option would be a secure shell which allows for secure authentication, can use keys, and can be included with all UNIX/Linux.

Secure Shell

Secure Shell (SSH) is a protocol, not a shell.  The SSH allows a connection to BASH, which is a Unix shell.  The SSH offers secure authentication, secure file transfer, secure remote command execution, and implements PK Infrastructure.

Port Forwarding is an option with SSH.  Standard SSH Port is Port 22, however you can forward this port to another server.  That server must also have a firewall.  SSH starts as an encrypted connection.  Authentication is also encrypted with SSH.  On first connection, a host key is exchanged and stored on the server.  This will defeat the "man in the middle" attack.  Once authentication is valid, it connects the user to normal shell.


Firewalls are our first line of defense against attack.  A firewall will be able to hide all of the network computers behind it, it can refuse to answer PINGs and some will inspect network packets.  It is vitally important to always use a firewall - even at hotels.

Script Kiddies

Script kiddies are normally not highly skilled.  The common script kiddie will download a script from the internet, scan a set of IP addresses, look for SSH, Telnet, Mail, etc. connections, and then perform scripted password attacks.  The common home mail/web server gets around 1,500 attempts a day.  Some days they can receive over 5,000 attempts.

Some of the best ways to stop script kiddies is to get off Port 22, Implement IPTABLES to lockout any IP with a certain number of failed attempts for a designated number of minutes, and to disable passwords and instead use Public Private Keys and RSA Keys.

Public Private Keys are a key pair, one public and available, the other private and secure.  The public key encrypts only while the private key decrypts only.  The private key should be encrypted with a pass phrase and is used to encrypt authentication.

Server Configuration

The SSH Server Configuration file on Linux is:


To modify your configuration you must be in ROOT.  Uncommented options will change a default setting.

Turn on key authentication.
PubkeyAuthentication yes
Turn off passwords.
PasswordAuthentication no
Turn off direct root logons while you are at it.
PermitRootLogin no
This is also the place to change the ssh port.
Port 8000
Then restart the ssh server to
activate the changes.
[root@navdb root]# service sshd restart
Stopping sshd:[  OK  ]
Starting sshd:[  OK  ]

In conclusion, a properly set up SSH can provide a secure, protector remote login capability.  This SSH will also provide encrypted authentication and "man in the middle" protection. 

If you like Oracle tuning, you might enjoy my book "Oracle Tuning: The Definitive Reference", with 950 pages of tuning tips and scripts. 

You can buy it direct from the publisher for 30%-off and get instant access to the code depot of Oracle tuning scripts.



Oracle Training at Sea
oracle dba poster

Follow us on Twitter 
Oracle performance tuning software 
Oracle Linux poster


Burleson is the American Team

Note: This Oracle documentation was created as a support and Oracle training reference for use by our DBA performance tuning consulting professionals.  Feel free to ask questions on our Oracle forum.

Verify experience! Anyone considering using the services of an Oracle support expert should independently investigate their credentials and experience, and not rely on advertisements and self-proclaimed expertise. All legitimate Oracle experts publish their Oracle qualifications.

Errata?  Oracle technology is changing and we strive to update our BC Oracle support information.  If you find an error or have a suggestion for improving our content, we would appreciate your feedback.  Just  e-mail:  

and include the URL for the page.


Burleson Consulting

The Oracle of Database Support

Oracle Performance Tuning

Remote DBA Services


Copyright © 1996 -  2020

All rights reserved by Burleson

Oracle ® is the registered trademark of Oracle Corporation.