Oracle 11g - Malicious Activity Reporter Oracle tool - New Feature
There are lot of new security features introduced in Oracle 11g. Here we can take a chance to see those security features of Oracle 11g one by one. This article is very useful to every DBA who are working in live environment of database specially those are working on high sensitive and critical databases. New enhancement of Oracle security in Oracle 11g is more useful in remote database administration and remote database monitoring.
If server gets some bad packets from outside then Oracle Call Interface generates trace file. This trace file contains all information about bad packets and wrong signal. Due to this reason size of trace file can be large then common trace file. If server gets so many bad packets from outside then OCI and Two-Task Common layer of Oracle generates too many un-common trace files. These all files are consuming lot of disk space. Means we can say that if any hacker can send so many bad signals to server and due to getting constant bad packets, too many trace files can be generated which be ate disk space.
Any hacker or intruder can take chance to attack with bad packets to server for generating these kind of anonymous trace files for eating disk space of server. Generating large size of trace file can eat up disk i/o and CPU consumption. Due to this reason performance of Oracle server can be degrading.
We can avoid or prevent such a critical situation using and setting up parameter SEC_PROTOCOL_ERROR_TRACE_ACTION in Oracle. This is new parameter introduced in Oracle 11g. Default value is TRACE. Default value sets for debugging of any wrong packets from client side. But in above scenario, intruder or hacker can take chance to disturb disk space of server using this value of parameter.
We can set following values in this new parameter:
SEC_PROTOCOL_ERROR_TRACE_ACTION = Trace, None, Log, Alert
When we are using value "Log" for SEC_PROTOCOL_ERROR_TRACE_ACTION parameter means when server received bad packets that time it writes a simple and short message in trace file regarding bad signal.
If we are using value "Alert" for SEC_PROTOCOL_ERROR_TRACE_ACTION parameter, then server send alert message to Database Administrator whenever gets wrong signal or packet from client side.
Using value "None" for SEC_PROTOCOL_ERROR_TRACE_ACTION parameter, we can stop trace file writing from server side. If any bad packets are receiving then server doesn't generate any trace file.
In short, utilizing above parameter SEC_PROTOCOL_ERROR_TRACE_ACTION, we can control server side activity just like terminating or resuming server side activities. There are other options available with same parameter.
SEC_PROTOCOL_ERROR_FURTHER_ACTION = Continue, Delay, Drop
Using SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter, Oracle server doesn't take any action after getting bad signals from clients. Oracle server acts normally. Means Oracle server is accepting other new bad packets.
But when we are using Delay with some second "Delay,n". Here "n" means number of second. After receiving attack from client side, Oracle server stops to accept new bad packets up to "n" number of second. This parameter can prevent some of attacks.
If we use value "Drop,n", then Oracle server terminates client connection after receiving "n" number of bad packets from same client. But in contrast, client can lost their un-save data or existing connection of server. Same dropped client can able to connect using fresh connection to server.
Dbametrix is professional expert remote dba team and offering world class remote dba services for maintaining every database operation smoothly. During remote dba support, Dbametrix preserves strong Service Level Agreement using strong response time to address clients' requirements and expectations. Client gets senior level expert remote dba support in expense of entry level budget.
Dbametrix is world wide leader in remote dba support. Expert remote DBA team of Dbametrix is offering high quality professional Oracle DBA support with strong response time to fulfill your SLA. Contact our sales department for more information.