OAS – ‘Certificate Request Key Size – Request the maximum key size.’
Details Select the largest key size available that is compatible with the network environment. 2048 or 4096 are recommended sizes....
- Home
- Security Hardening
- CIS V1.1.0 Oracle 11G OS L2
CIS V1.1.0 Oracle 11G OS L2
OAS – ‘Encryption Tab – Use OAS encryption only if SSL is not feasible’
Details OAS Integrity/Encryption should only be used if required because of non-SSL clients. Supportive Information The following resource is also...OAS – ‘Encryption Type – sqlnet.encryption_client = REQUIRED’
Details Note: Failure to specify one of the values will result in an error when an attempt is made to...OAS – ‘Encryption Type – sqlnet.encryption_server = REQUIRED’
Details NOTE: Change ORACLE_HOME to the full path of your organization’s Oracle directory. Supportive Information The following resource is also...OAS – ‘FIPS Compliance – sslfips_140 = TRUE’
Details NOTE: This value is not settable using the Oracle Net Manager. To set this value you must use a...OAS – ‘General – Review requirement for integrity and confidentiality requirements’
Details Only implement OAS if a local integrity/encryption policy does not already exist, e.g., IPSec or other means for providing...OAS – ‘Integrity Protection – sqlnet.crypto_checksum_client = REQUIRED’
Details The integrity check for communication can prevent data modifications. Two check sum algorithms are available; SHA-1 and MD5. Supportive...OAS – ‘Oracle Wallet Trusted Certificates – Remove certificate authorities (CAs) that are not required.’
Details NOTE: Change WALLET_PATH to the full path location for your organization’s Oracle wallet. Supportive Information The following resource is...OAS – ‘Server Oracle Wallet Auto Login – Allow Auto Login for the server’s Oracle Wallet’
Details For Windows Oracle database servers, SSL will not work unless Auto Login is set. Supportive Information The following resource...OAS – ‘SSL Cipher Suite – Set SSL Cipher Suite. ssl_cipher_suites = SSL_RSA_WITH_3DES_EDE_CBC_SHA’
Details SSL_CIPHER_SUITES are automatically set to FIPS140-2 approved suites by Oracle 11g. Supportive Information The following resource is also helpful....