UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

A single database connection configuration file should not be used to configure all database clients.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3809 DG0053-ORACLE11 SV-24628r1_rule Medium
Description
Many sites distribute a single client database connection configuration file to all site database users that contains network access information for all databases on the site. Such a file provides information to access databases not required by all users that may assist in unauthorized access attempts.
STIG Date
Oracle Database 11g Installation STIG 2016-06-15

Details

Check Text ( C-29154r1_chk )
Review documented and implemented procedures contained or noted in the System Security Plan for providing database client connection information to users and user workstations. Oracle client connection information is stored in the file:

$ORACLE_HOME/network/admin/tnsnames.ora (UNIX) %ORACLE_HOME%\network\admin\tnsnames.ora (Windows)

If procedures do not indicate and implement restrictions in distribution of connection definitions to personnel/machines authorized to connect to the database, this is a Finding.
Fix Text (F-26165r1_fix)
Develop, document and implement procedures to distribute client connection definitions or definition files that contain only connection definitions authorized for that user or user workstation.

Include or note these procedures in the System Security Plan.