Vulnerability Title: Database Open Access
Service Port: Database Listener Port
Service Name: Oracle TNS Listener
Service Protocol: tcp
Vulnerability Description:
The database allows any remote system the ability to connect to it. It is recommended to limit direct access to trusted systems because databases may contain sensitive data, and new vulnerabilities and exploits are discovered routinely for them. For this reason, it is a violation of PCI DSS section 1.3.6 to have databases listening on ports accessible from the Internet, even when protected with secure authentication mechanisms.
Solution:
Configure the database server to only allow access to trusted systems. For example, the PCI DSS standard requires you to place the database in an internal network zone, segregated from the DMZ
Add VALIDNODE_CHECKING in sqlnet.ora file and add IPs to restrict database access and then reload the listener and check:
$ORACLE_HOME/network/admin/sqlnet.ora
tcp.validnode_checking = yes
tcp.invited_nodes =(*.*.*.*)
No comments:
Post a Comment