2.3.1 Ensure 'ENCRYPTION_SERVER' Is Set to 'REQUIRED'

Information

The setting sqlnet.encryption_server=required requires that the connections to the database are encrypted through Oracle SQL*Net native encryption. The encryption setting implements data-in-transit encryption for the Oracle database connections. This setting is configured in the sqlnet.ora file on the database server.

Rationale:

Without this setting, malicious users could potentially eavesdrop on the database connections, compromising the confidentiality of the data.

Impact:

The setting sqlnet.encryption_server=required could reject/deny connection requests from those database users who don't support the Oracle native network encryption.

Solution

To remediate this recommendation:

Use a text editor such as vi to set the sqlnet.



encryption_server = required

Additional Information:

Oracle database network encryption configured through TLS/SSL is also an acceptable mechanism and may be implemented in lieu of this setting.

See Also

https://workbench.cisecurity.org/benchmarks/13413

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-17(2), 800-53|IA-5, 800-53|IA-5(1), 800-53|SC-8, 800-53|SC-8(1)

Plugin: Unix

Control ID: dbaadcb07d4bb59bd0c3add26181d88008b65aee593b56d565e81d31f5b417db