STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021: STIGQter: STIG Summary: Oracle Database 11.2g Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:SV-238434r667476_rule
V-238434
SRG-APP-000441-DB-000378
O112-C1-019700
CAT I
10
Configure DBMS and/or operating system to use cryptographic mechanisms to prevent unauthorized disclosure of information during transmission where physical measures are not being utilized.
Check DBMS settings to determine whether cryptographic mechanisms are used to prevent the unauthorized disclosure of information during transmission.
Determine whether physical measures are being used instead of cryptographic mechanisms.
If neither cryptographic nor physical measures are being utilized, this is a finding.
To check that network encryption is enabled and using site-specified encryption procedures, look in SQLNET.ORA located at: $ORACLE_HOME/network/admin/sqlnet.ora.
(Note: This assumes that a single sqlnet.ora file, in the default location, is in use. Please see the supplemental file "Non-default sqlnet.ora configurations.pdf" for how to find multiple and/or differently located sqlnet.ora files.)
If encryption is set, entries like the following will be present:
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA-1)
SQLNET.ENCRYPTION_TYPES_SERVER= (AES256)
SQLNET.CRYPTO_CHECKSUM_SERVER = required
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA-1)
SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256)
SQLNET.CRYPTO_CHECKSUM_CLIENT = requested
(The values assigned to the parameters may be different, the combination of parameters may be different, and not all of the example parameters will necessarily exist in the file.)
V-238434
False
O112-C1-019700
Check DBMS settings to determine whether cryptographic mechanisms are used to prevent the unauthorized disclosure of information during transmission.
Determine whether physical measures are being used instead of cryptographic mechanisms.
If neither cryptographic nor physical measures are being utilized, this is a finding.
To check that network encryption is enabled and using site-specified encryption procedures, look in SQLNET.ORA located at: $ORACLE_HOME/network/admin/sqlnet.ora.
(Note: This assumes that a single sqlnet.ora file, in the default location, is in use. Please see the supplemental file "Non-default sqlnet.ora configurations.pdf" for how to find multiple and/or differently located sqlnet.ora files.)
If encryption is set, entries like the following will be present:
SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA-1)
SQLNET.ENCRYPTION_TYPES_SERVER= (AES256)
SQLNET.CRYPTO_CHECKSUM_SERVER = required
SQLNET.CRYPTO_CHECKSUM_TYPES_CLIENT= (SHA-1)
SQLNET.ENCRYPTION_TYPES_CLIENT= (AES256)
SQLNET.CRYPTO_CHECKSUM_CLIENT = requested
(The values assigned to the parameters may be different, the combination of parameters may be different, and not all of the example parameters will necessarily exist in the file.)
M
4057