2.1.1 Ensure 'SECURE_CONTROL_' Is Set In 'listener.ora'

Information

The SECURE_CONTROL_<listener_name> setting determines the type of control connection the Oracle server requires for remote configuration of the listener.

Rationale:

Listener configuration changes via unencrypted remote connections can result in unauthorized users sniffing control configuration information from the network.

Solution

To remediate this recommendation:
Set the SECURE_CONTROL_<listener_name> for each defined listener in the listener.ora file.

References:

http://docs.oracle.com/database/121/NETRF/listener.htm#NETRF327

See Also

https://workbench.cisecurity.org/files/2741

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-2(1), CSCv6|3.4, CSCv7|4.5

Plugin: Windows

Control ID: b9879aee46f99824bb9ae203e2239c499a111206f94649dc0c2b1b9f2ab00d55