UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

DBMS network communications should comply with PPS usage restrictions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15148 DG0152-ORACLE11 SV-24808r1_rule DCPP-1 Medium
Description
Non-standard network ports, protocol or services configuration or usage could lead to bypass of network perimeter security controls and protections.
STIG Date
Oracle 11 Database Installation STIG 2014-01-14

Details

Check Text ( C-29373r1_chk )
If Oracle Listener, JAVA Listener, Oracle Names and Connection Manager are not running on the local database host server, this check is Not a Finding.

Review the listener.ora file located by default in the ORACLE_HOME\network\admin directory or in the directory specified in the environment variable TNS_ADMIN defined for the listener process or service.

View the "PORT=" parameter for any protocols defined.

If any do not match an entry in the following list, then confirm that it is not a default or registered port for the service.

View the cman.ora file in the ORACLE_HOME/network/admin directory.

If the file does not exist, the database is not accessed via Oracle Connection Manager and this part of the check is Not a Finding.

View the "PORT=" parameter for any protocols defined.

If any do not match an entry in the following list, then confirm that it is not a default or registered port for the service.

If any non-default or non-registered ports are listed, this is a Finding.

Default Oracle Listener Ports: 1521, 2483, 2484
Default Java Listener Ports: 2481, 2482
Default Oracle Names Listener Port: 1575
Default Connection Manager Ports: 1521, 1830

Registered ports MAY be listed at http://www.iana.org/assignments/port-numbers or in the DoD Ports, Protocols, and Services Category Assurance List (CAL).
Fix Text (F-26398r1_fix)
Specify a default or registered port for TCP/IP protocols in the listener.ora and cman.ora files in the PORT= parameter of the address specification.