DBMS network communications should comply with PPS usage restrictions.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15148	DG0152-ORACLE10	SV-24807r1_rule	DCPP-1	Medium

Description
Use of default ports is required in DoD networks to support network security device management.

STIG	Date
Oracle 10 Database Installation STIG	2014-01-14

Details

Check Text ( C-29372r1_chk )
If Oracle Listener, JAVA Listener, Oracle Names and Connection Manager are not running on the local database host server, this check is Not a Finding. Review the listener.ora file located by default in the ORACLE_HOME\network\admin directory or in the directory specified in the environment variable TNS_ADMIN defined for the listener process or service. View the "PORT=" parameter for any protocols defined. If any do not match an entry in the following list, then confirm that it is not a default or registered port for the service. View the cman.ora file in the ORACLE_HOME/network/admin directory. If the file does not exist, the database is not accessed via Oracle Connection Manager and this part of the check is Not a Finding. View the "PORT=" parameter for any protocols defined. If any do not match an entry in the following list, then confirm that it is not a default or registered port for the service. If any non-default or non-registered ports are listed, this is a Finding. Default Oracle Listener Ports: 1521, 2483, 2484 Default Java Listener Ports: 2481, 2482 Default Oracle Names Listener Port: 1575 Default Connection Manager Ports: 1521, 1830 Registered ports MAY be listed at http://www.iana.org/assignments/port-numbers or in the DoD Ports, Protocols, and Services Category Assurance List (CAL).

Check Text ( C-29372r1_chk )

If Oracle Listener, JAVA Listener, Oracle Names and Connection Manager are not running on the local database host server, this check is Not a Finding.

Review the listener.ora file located by default in the ORACLE_HOME\network\admin directory or in the directory specified in the environment variable TNS_ADMIN defined for the listener process or service.

View the "PORT=" parameter for any protocols defined.

If any do not match an entry in the following list, then confirm that it is not a default or registered port for the service.

View the cman.ora file in the ORACLE_HOME/network/admin directory.

If the file does not exist, the database is not accessed via Oracle Connection Manager and this part of the check is Not a Finding.

View the "PORT=" parameter for any protocols defined.

If any do not match an entry in the following list, then confirm that it is not a default or registered port for the service.

If any non-default or non-registered ports are listed, this is a Finding.

Default Oracle Listener Ports: 1521, 2483, 2484
Default Java Listener Ports: 2481, 2482
Default Oracle Names Listener Port: 1575
Default Connection Manager Ports: 1521, 1830

Registered ports MAY be listed at http://www.iana.org/assignments/port-numbers or in the DoD Ports, Protocols, and Services Category Assurance List (CAL).

Fix Text (F-26397r1_fix)
Specify a default or registered port for TCP/IP protocols in the listener.ora and cman.ora files in the PORT= parameter of the address specification.