STIGQter STIGQter: STIG Summary: Oracle Database 12c Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Apr 2021:

The DBMS must protect against or limit the effects of organization-defined types of Denial of Service (DoS) attacks.

DISA Rule

SV-237742r667258_rule

Vulnerability Number

V-237742

Group Title

SRG-APP-000001-DB-000031

Rule Version

O121-C2-019100

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Implement measures to limit the effects of organization-defined types of Denial of Service attacks.

Modify the $ORACLE_HOME/network/admin/listener.ora to establish a Rate Limit.

Check Contents

Review DBMS settings to verify the DBMS implements measures to limit the effects of the organization-defined types of Denial of Service (DoS) attacks.

If measures have not been implemented, this is a finding.

Check the $ORACLE_HOME/network/admin/listener.ora to see if a Rate Limit has been established. A rate limit is used to prevent denial of service (DOS) attacks on a database or to control a logon storm such as may be caused by an application server reboot.

- - - - -
Example of a listener configuration with rate limiting in effect:

CONNECTION_RATE_LISTENER=10

LISTENER=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)(RATE_LIMIT=yes))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1522)(RATE_LIMIT=yes))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1526))
)
LISTENER=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)(RATE_LIMIT=8))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1522)(RATE_LIMIT=12))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1526))
)

Vulnerability Number

V-237742

Documentable

False

Rule Version

O121-C2-019100

Severity Override Guidance

Review DBMS settings to verify the DBMS implements measures to limit the effects of the organization-defined types of Denial of Service (DoS) attacks.

If measures have not been implemented, this is a finding.

Check the $ORACLE_HOME/network/admin/listener.ora to see if a Rate Limit has been established. A rate limit is used to prevent denial of service (DOS) attacks on a database or to control a logon storm such as may be caused by an application server reboot.

- - - - -
Example of a listener configuration with rate limiting in effect:

CONNECTION_RATE_LISTENER=10

LISTENER=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)(RATE_LIMIT=yes))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1522)(RATE_LIMIT=yes))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1526))
)
LISTENER=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)(RATE_LIMIT=8))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1522)(RATE_LIMIT=12))
(ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1526))
)

Check Content Reference

M

Target Key

4059

Comments