Ensure ‘SECURE_CONTROL_’ Is Set In ‘listener.ora’

Details

The SECURE_CONTROL_ setting determines the type of control connection the Oracle server requires for remote configuration of the listener.

Rationale:

Listener configuration changes via unencrypted remote connections can result in unauthorized users sniffing control configuration information from the network.

Solution

To remediate this recommendation:
Set the SECURE_CONTROL_ for each defined listener in the listener.ora file.

References:

http://docs.oracle.com/database/121/NETRF/listener.htm#NETRF327

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/2741

This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Unix.

References

800-53|IA-2(1)
CSCv6|3.4
CSCv7|4.5

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles