2.3.2 Ensure 'SQLNET.CRYPTO_CHECKSUM_SERVER' Is Set to 'REQUIRED'

Information

The setting sqlnet.crypto_checksum_server=required requires that the connections to the database are encrypted through Oracle SQL*Net native encryption. The encryption setting implements data-in-transit encryption for the Oracle database connections. This setting is configured in the sqlnet.ora file on the database server.

Rationale:

Without this setting, malicious users could potentially eavesdrop on the database connections, compromising the confidentiality of the data.

Impact:

The setting sqlnet.encryption_server=required could reject/deny connection requests from those database users who don't support the Oracle native network encryption.

Solution

To remediate this recommendation:

Use a text editor such as vi to set:

sqlnet.crypto_checksum_server = required

Additional Information:

Oracle database network encryption configured through TLS/SSL is also an acceptable mechanism and may be implemented in lieu of this setting.

See Also

https://workbench.cisecurity.org/benchmarks/11760

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|AC-17(2), 800-53|IA-5, 800-53|IA-5(1), 800-53|SC-8, 800-53|SC-8(1)

Plugin: Unix

Control ID: c8931b4a129e90eeae4b7fce5e6bca5f0f89c997b1a179f40752e2c74c4ef953