SV-24844r1_rule
V-15662
DBMS remote administration encryption
DG0198-ORACLE11
CAT II
10
Disable remote administration where it is not required.
Consider restricting administrative access to local connections only.
Where necessary, configure the DBMS network communications to provide an encrypted, dedicated port for remote administration access.
Develop and provide procedures for remote administrative access to DBAs that have been authorized for remote administration.
Verify during audit reviews that DBAs do not access the database remotely except through the dedicated and encrypted port.
Ask the DBA if the DBMS is accessed remotely for administration purposes. If it is not, this check is Not a Finding.
Check DG0093 specifies remote administration encryption for confidentiality.
This check should confirm the use of dedicated and encrypted network addresses and ports.
Review configured network access interfaces for remote DBMS administration.
These may be host-based encryptions such as IPSec or may be configured for the DBMS as part of the network communications and/or in the DBMS listening process.
For DBMS listeners, verify that encrypted ports exist and are restricted to specific network addresses to access the DBMS.
View the System Security Plan to review the authorized procedures and access for remote administration.
If the configuration does not match the specifications in the System Security Plan, this is a Finding.
Note: Out-Of-Band (OOB) is allowed for remote administration, however, OOB alone does not maintain encryption of network traffic from source to destination and is a Finding for this check.
V-15662
False
DG0198-ORACLE11
Ask the DBA if the DBMS is accessed remotely for administration purposes. If it is not, this check is Not a Finding.
Check DG0093 specifies remote administration encryption for confidentiality.
This check should confirm the use of dedicated and encrypted network addresses and ports.
Review configured network access interfaces for remote DBMS administration.
These may be host-based encryptions such as IPSec or may be configured for the DBMS as part of the network communications and/or in the DBMS listening process.
For DBMS listeners, verify that encrypted ports exist and are restricted to specific network addresses to access the DBMS.
View the System Security Plan to review the authorized procedures and access for remote administration.
If the configuration does not match the specifications in the System Security Plan, this is a Finding.
Note: Out-Of-Band (OOB) is allowed for remote administration, however, OOB alone does not maintain encryption of network traffic from source to destination and is a Finding for this check.
I
Database Administrator
1368