| Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for hp OpenVMS Part Number E13804-01 |
|
|
PDF · Mobi · ePub |
| Oracle® Database Vault Installation Guide 10g Release 2 (10.2) for hp OpenVMS Part Number E13804-01 |
|
|
PDF · Mobi · ePub |
This appendix lists the security recommendations for protecting the database listener.
The following configuration guidelines help enhance the security for your database listener:
The database listener configuration file, listener.ora, and the supporting OracleNet configuration file, tnsnames.ora, should have the ADMIN_RESTRICTIONS_LISTENER_SID=ON protection enabled.
The database listener configuration file, listener.ora, and the supporting OracleNet configuration file, tnsnames.ora, should have the PLSExtProc service disabled.
The listener should be configured to listen on a nonstandard port. This means that the default port (1521) should be changed.
The listener should be password protected or leverage operating system (OS) authentication based on the organizational security policy.
The listener should use a unique name, which should be different from the default name.
The listener.ora file should have the following parameter set:
INBOUND_CONNECT_TIMEOUT_ListenerName = 10
The sqlnet.ora file should have the following parameters set:
SQLNET.INBOUND_CONNECT_TIMEOUT = 12 SQLNET.EXPIRE_TIME = 10
The listener should have logging enabled as follows:
LOGGING_LISTENER = ON LOG_STATUS = ON LOG_DIRECTORY_ListenerName = Directory_owned_by_Oracle_account LOG_FILE_ListenerName = File_owned_by_Oracle_account
The listener should have tracing enabled as follows:
TRACE_DIRECTORY_ListenerName = Directory_owned_by_Oracle_account TRACE_FILE_ListenerName = File_owned_by_Oracle_account TRACE_LEVEL = user TRACE_FILELEN_ListenerName = 512 TRACE_FILENO_ListenerName = 1000 TRACE_TIMESTAMP_ListenerName = dd-mon-yyyy hh:mi:ss:mil
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|