2.2.13 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to 'DROP,3'

Information

The SEC_PROTOCOL_ERROR_FURTHER_ACTION setting determines the Oracle server's response to bad/malformed packets received from the client. This setting should have a value of DROP,3, which will cause a connection to be dropped after three bad/malformed packets.

Rationale:

Bad packets received from the client can potentially indicate packet-based attacks on the system, such as 'TCP SYN Flood' or 'Smurf' attacks, which could result in a denial-of-service condition, this value should be set according to the needs of the organization.

Solution

To remediate this setting, execute the following SQL statement.

ALTER SYSTEM SET SEC_PROTOCOL_ERROR_FURTHER_ACTION = 'DROP,3' SCOPE = SPFILE;

References:

http://docs.oracle.com/database/121/REFRN/GUID-1E8D3C6E-C919-4218-8117-760D31BD0F95.htm#REFRN10282

See Also

https://workbench.cisecurity.org/files/2741

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-3, CSCv6|18

Plugin: OracleDB

Control ID: 32b76b8aa2c697ca0a344a09fbaaf82afdb1376239956bc5e9bf511c85fbd1ec