UCF STIG Viewer Logo

The Oracle INBOUND_CONNECT_TIMEOUT and SQLNET.INBOUND_CONNECT_TIMEOUT parameters should be set to a value greater than 0.


Overview

Finding ID Version Rule ID IA Controls Severity
V-3862 DO0286-ORACLE11 SV-24890r1_rule Medium
Description
The INBOUND_CONNECT_TIMEOUT_[listener-name] and SQLNET.INBOUND_CONNECT_TIMEOUT defines the limit the database listener and database server respectively will wait for a client connection to complete after a connection request is made. This limit protects the listener and database server from a Denial-of-Service attack where multiple connection requests are made that are not used or closed from a client. Server resources can be exhausted if unused connections are maintained.
STIG Date
Oracle Database 11g Installation STIG 2017-06-29

Details

Check Text ( C-29443r1_chk )
Review the listener.ora file and the sqlnet.ora file.

If the INBOUND_CONNECT_TIMEOUT_[listener-name] parameter does not exist for each listener found in the listener.ora and contain a value greater than 0, this is a Finding.

If the SQLNET.INBOUND_CONNECT_TIMEOUT parameter does not exist in the sqlnet.ora and contain a value greater than 0, this is a Finding.

NOTE: although the default value may provide adequate protection, assuming the default could lead to unanticipated changes in future product updates. Specify a value to manage the setting.
Fix Text (F-26505r1_fix)
Using a text editor or administrative tool, modify the listener.ora file to include a limit for connection request timeouts for the listener.

Example entry (value unit is in seconds):

INBOUND_CONNECT_TIMEOUT_LISTENER = 2

Modify the sqlnet.ora file to include a limit for connection request timeouts for the listener.

Example entry (value unit is in seconds):

SQLNET.INBOUND_CONNECT_TIMEOUT = 3

Review the Oracle Net Services Administrator's Guide for information about configuring these parameters.