DG0198-ORACLE11 - Remote administration of the DBMS should be restricted to known, dedicated and encrypted network addresses and ports.

Information

Remote administration provides many conveniences that can assist in the maintenance of the designed security posture of the DBMS. On the other hand, remote administration of the database also provides malicious users the ability to access from the network a highly privileged function. Remote administration needs to be carefully considered and used only when sufficient protections against its abuse can be applied. Encryption and dedication of ports to access remote administration functions can help prevent unauthorized access to it.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Disable remote administration where it is not required.

Consider restricting administrative access to local connections only.

Where necessary, configure the DBMS network communications to provide an encrypted, dedicated port for remote administration access.

Develop and provide procedures for remote administrative access to DBAs that have been authorized for remote administration.

Verify during audit reviews that DBAs do not access the database remotely except through the dedicated and encrypted port.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11g_Y21M10_STIG.zip

Item Details

References: CAT|II, Rule-ID|SV-24844r1_rule, STIG-ID|DG0198-ORACLE11, Vuln-ID|V-15662

Plugin: Unix

Control ID: 4366dcaa4ab2a2c795f77cc443859f1de2746d8174ca3350705a25904dd36e14