Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-2554 | DO3538-ORACLE10 | SV-24910r1_rule | IAIA-1 IAIA-2 | High |
Description |
---|
Setting this value to TRUE allows operating system authentication over an unsecured connection. Trusting remote operating systems can allow a user to impersonate another operating system user and connect to the database without having to supply a password. If REMOTE_OS_AUTHENT is set to true, the only information a remote user needs to connect to the database is the name of any user whose account is setup to be authenticated by the operating system. |
STIG | Date |
---|---|
Oracle 10 Database Instance STIG | 2014-01-14 |
Check Text ( None ) |
---|
None |
Fix Text (F-26530r1_fix) |
---|
Document remote OS authentication in the System Security Plan. If not required or not mitigated to an acceptable level, disable remote OS authentication. From SQL*Plus: alter system set remote_os_authent = FALSE scope = spfile; The above SQL*Plus command will set the parameter to take effect at next system startup. |