Re: Question re security
Date: Fri, 17 Jan 2014 17:59:56 +1100
Message-ID: <52D8D4EC.4010802_at_iinet.net.au>
Sorry if I wasn't very clear.
1521 is the default Oracle listener port since the deluge. Using that
port is
an open avenue for any hacker worth his/her salt to run a sniffer in a
Linux node to get all Oracle pwds.
First thing I do in any site I run is change the port to something else
- which is NOT disclosed other than through tnsnames.
Uh-huh, not with this mob. 1521 is "the recommended port" and that is
what must be used.
REALLY?
This mob also wanted the listener to ASK for a password on first connection.
Nothing to do with adding a password to start/stop/control the listener.
Clearly they read somewhere the listener can "be protected by password". Which in their two-cell brain immediately means:
"one must enter a password to access Oracle listener from client w/s, in order for it to be secure".
#facepalm...
-- Cheers Nuno Souto dbvision_at_iinet.net.au On 17/01/2014 4:11 AM, mohammed bhatti wrote:Received on Fri Jan 17 2014 - 07:59:56 CET
> I'm fairly certain that these guidelines are taken from the DISA
> STIG. I haven't seen a commercial version of the database STIG but I
> do recall in the pre-11g DISA STIG the listener required a password to
> be set. Also, the listener pre-11g had to be started under it's own
> dedicated account and not the account that owns the Oracle software.
> None of these is now required in the 11g STIG.
-- http://www.freelists.org/webpage/oracle-l