2.2.11 Ensure 'SEC_PROTOCOL_ERROR_FURTHER_ACTION' Is Set to '(DROP,3)'

Information

The SEC_PROTOCOL_ERROR_FURTHER_ACTION setting determines the Oracle server's response to bad/malformed packets received from the client. This setting should have a value of (DROP,3) or (DROP, 3) which will cause a connection to be dropped after three bad/malformed packets.

Bad packets received from the client can potentially indicate packet-based attacks on the system, such as "TCP SYN Flood" or "Smurf" attacks, which could result in a denial-of-service condition, this value should be set according to the needs of the organization.

Solution

To remediate this setting, execute the following SQL statement.

ALTER SYSTEM SET SEC_PROTOCOL_ERROR_FURTHER_ACTION = '(DROP,3)' SCOPE = SPFILE;

Or

ALTER SYSTEM SET SEC_PROTOCOL_ERROR_FURTHER_ACTION = '(DROP, 3)' SCOPE = SPFILE;

See Also

https://workbench.cisecurity.org/benchmarks/11760

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5

Plugin: OracleDB

Control ID: 3b17d008261ff12ae198158ed449342d7d3faa6f725c7a02f52ab258219caa76