UCF STIG Viewer Logo

DBMS network communications should comply with PPS usage restrictions.


Overview

Finding ID Version Rule ID IA Controls Severity
V-15148 DG0152-ORACLE11 SV-24808r1_rule Medium
Description
Non-standard network ports, protocol or services configuration or usage could lead to bypass of network perimeter security controls and protections.
STIG Date
Oracle Database 11g Installation STIG 2017-06-29

Details

Check Text ( C-29373r1_chk )
If Oracle Listener, JAVA Listener, Oracle Names and Connection Manager are not running on the local database host server, this check is Not a Finding.

Review the listener.ora file located by default in the ORACLE_HOME\network\admin directory or in the directory specified in the environment variable TNS_ADMIN defined for the listener process or service.

View the "PORT=" parameter for any protocols defined.

If any do not match an entry in the following list, then confirm that it is not a default or registered port for the service.

View the cman.ora file in the ORACLE_HOME/network/admin directory.

If the file does not exist, the database is not accessed via Oracle Connection Manager and this part of the check is Not a Finding.

View the "PORT=" parameter for any protocols defined.

If any do not match an entry in the following list, then confirm that it is not a default or registered port for the service.

If any non-default or non-registered ports are listed, this is a Finding.

Default Oracle Listener Ports: 1521, 2483, 2484
Default Java Listener Ports: 2481, 2482
Default Oracle Names Listener Port: 1575
Default Connection Manager Ports: 1521, 1830

Registered ports MAY be listed at http://www.iana.org/assignments/port-numbers or in the DoD Ports, Protocols, and Services Category Assurance List (CAL).
Fix Text (F-26398r1_fix)
Specify a default or registered port for TCP/IP protocols in the listener.ora and cman.ora files in the PORT= parameter of the address specification.