O112-BP-022700 - The Oracle Listener must be configured to require administration authentication.

Information

Oracle listener authentication helps prevent unauthorized administration of the Oracle listener. Unauthorized administration of the listener could lead to DoS exploits; loss of connection audit data, unauthorized reconfiguration or other unauthorized access. This is a Category I finding because privileged access to the listener is not restricted to authorized users. Unauthorized access can result in stopping of the listener (DoS) and overwriting of listener audit logs.

Solution

Configure the listener to use Local OS Authentication. This setting prevents remote administration of the listener, restricts management to the Oracle listener owner account (UNIX) and accounts with administrator privileges (WIN).

Remote administration of the listener should not be permitted. If listener administration from a remote system is required, granting secure remote access to the Oracle DBMS server and performing local administration is preferred. Authorize and document this requirement in the System Security Plan.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_11-2g_V2R5_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|I, CCI|CCI-000366, Rule-ID|SV-219710r961863_rule, STIG-ID|O112-BP-022700, STIG-Legacy|SV-68231, STIG-Legacy|V-53991, Vuln-ID|V-219710

Plugin: Windows

Control ID: deb92bbb57a2f2acfd5c4d423715c6b0b78eab53735774b164c1509ecf13b124