Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-15148 | DG0152-ORACLE11 | SV-24808r1_rule | DCPP-1 | Medium |
Description |
---|
Non-standard network ports, protocol or services configuration or usage could lead to bypass of network perimeter security controls and protections. |
STIG | Date |
---|---|
Oracle 11 Database Installation STIG | 2014-01-14 |
Check Text ( C-29373r1_chk ) |
---|
If Oracle Listener, JAVA Listener, Oracle Names and Connection Manager are not running on the local database host server, this check is Not a Finding. Review the listener.ora file located by default in the ORACLE_HOME\network\admin directory or in the directory specified in the environment variable TNS_ADMIN defined for the listener process or service. View the "PORT=" parameter for any protocols defined. If any do not match an entry in the following list, then confirm that it is not a default or registered port for the service. View the cman.ora file in the ORACLE_HOME/network/admin directory. If the file does not exist, the database is not accessed via Oracle Connection Manager and this part of the check is Not a Finding. View the "PORT=" parameter for any protocols defined. If any do not match an entry in the following list, then confirm that it is not a default or registered port for the service. If any non-default or non-registered ports are listed, this is a Finding. Default Oracle Listener Ports: 1521, 2483, 2484 Default Java Listener Ports: 2481, 2482 Default Oracle Names Listener Port: 1575 Default Connection Manager Ports: 1521, 1830 Registered ports MAY be listed at http://www.iana.org/assignments/port-numbers or in the DoD Ports, Protocols, and Services Category Assurance List (CAL). |
Fix Text (F-26398r1_fix) |
---|
Specify a default or registered port for TCP/IP protocols in the listener.ora and cman.ora files in the PORT= parameter of the address specification. |