The Oracle Listener is a database server component used to manage network connectivity between oracle database server and client. By default oracle listener listens on port 1521 and accepts connection from the oracle client and forwards it to the database server. Securing Listener service will prevent unauthorized access to the database.
Oracle Listener configuration is stored in the listener.ora file. By default, the listener.ora file is located in the $ORACLE_HOME/network/admin directory on linux/unix operating systems and the %ORACLE_HOME%\network\admin directory on Windows operating systems.
The Listener service can be secured by configuring the below settings in the listener.ora file
Oracle Extproc provides capability to run external procedures from operating system libraries. This allows running OS command in the database. To avoid the risk of unwanted command execution, all references to extproc should be removed from listener.ora file
Admin_restrictions_listener_name Parameter Settings
The Oracle listener process can be reconfigured dynamically. Using Oracle LSNRCTL command, a user can change any of the configuration parameters through the set command. This can be used to overwrite the listener.ora file. The ADMIN_RESTRICTIONS parameter, set in the listener.ora file prevents unprivileged users from making changes of the listener.ora file
Set the value of ADMIN_RESTRICTIONS_<listener_name> to ON in the listener.ora file.
Change the Oracle Default Port Numbers
During the installation oracle create default port(1521) for connection to the listener service. This will become easy for the attacker to identify the oracle service .The default port 1521 should be changed.