Fixed user and public database links should be authorized for use.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-2520	DO0250-ORACLE10	SV-24518r1_rule	DCFA-1	Medium

Description
Database links define connections that may be used by the local database to access remote Oracle databases. These links provide a means for a compromise to the local database to spread to remote databases in the distributed database environment. Limiting or eliminating use of database links where they are not required to support the operational system can help isolate compromises to the local or a limited number of databases.

Description

Database links define connections that may be used by the local database to access remote Oracle databases. These links provide a means for a compromise to the local database to spread to remote databases in the distributed database environment. Limiting or eliminating use of database links where they are not required to support the operational system can help isolate compromises to the local or a limited number of databases.

STIG	Date
Oracle 10 Database Instance STIG	2014-01-14

Details

Check Text ( None )
None

Fix Text (F-26493r1_fix)
Document all authorized connections from the database to remote databases in the System Security Plan. Remove all unauthorized remote database connection definitions from the database. From SQL*Plus: drop database link [link name]; OR drop public database link [link name]; Review remote database connection definitions periodically and confirm their use is still required and authorized.