O121-BP-023200 - Unauthorized database links must not be defined and active.

Information

DBMS links provide a communication and data transfer path definition between two databases that may be used by malicious users to discover and obtain unauthorized access to remote systems. Database links between production and development DBMSs provide a means for developers to access production data not authorized for their access or to introduce untested or unauthorized applications to the production database. Only protected, controlled, and authorized downloads of any production data to use for development may be allowed. Only applications that have completed the configuration management process may be introduced by the application object owner account to the production system.

Solution

Document all remote or external interfaces used by the DBMS to connect to or allow connections from remote or external sources.

Include with the documentation as appropriate, any network ports or protocols, security accounts, and the sensitivity of any data exchanged.

Do not define or configure database links between production databases and test or development databases.

Note: Oracle Database Advanced Replication is deprecated in Oracle Database 12c. Use Oracle GoldenGate to replace all features of Advanced Replication, including multimaster replication, updatable materialized views, hierarchical materialized views, and deployment templates.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_Oracle_Database_12c_V3R2_STIG.zip

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-6b., CAT|II, CCI|CCI-000366, Rule-ID|SV-219843r961863_rule, STIG-ID|O121-BP-023200, STIG-Legacy|SV-75941, STIG-Legacy|V-61451, Vuln-ID|V-219843

Plugin: OracleDB

Control ID: e043f11b4c0f2e6c6df138c9656ae107da1c59cf6e3071f987dff103321b0eba