UCF STIG Viewer Logo

Credentials stored and used by the DBMS to access remote databases or applications should be authorized and restricted to authorized users.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15154 DG0190-ORACLE10 SV-25081r1_rule DCFA-1 Medium
Description
Credentials defined for access to remote databases or applications may provide unauthorized access to additional databases and applications to unauthorized or malicious users.
STIG Date
Oracle 10 Database Instance STIG 2014-01-14

Details

Check Text ( C-939r1_chk )
Review the list of defined database links generated from the DBMS.

Compare to the list in the System Security Plan with the DBA.

If no database links are listed in the database and in the System Security Plan, this check is Not a Finding.

If any database links are defined in the DBMS, verify the authorization for the definition in the System Security Plan.

If any database links exist that are not authorized or not listed in the System Security Plan, this is a Finding.
Fix Text (F-21332r1_fix)
Grant access to database links to authorized users or applications only.

Document all database links access authorizations in the System Security Plan.