Securing Listener in Oracle11g

The Oracle Listener is a database server component used to manage network connectivity between oracle database server and client. By default oracle listener listens on port 1521 and accepts connection from the oracle client and forwards it to the database server. Securing Listener service will prevent unauthorized access to the database.

Oracle Listener configuration is stored in the listener.ora file. By default, the listener.ora file is located in the $ORACLE_HOME/network/admin directory on linux/unix operating systems and the %ORACLE_HOME%\network\admin directory on Windows operating systems.

The Listener service can be secured by configuring the below settings in the listener.ora file

Extproc Settings

Oracle Extproc provides capability to run external procedures from operating system libraries. This allows running OS command in the database. To avoid the risk of unwanted command execution, all references to extproc should be removed from listener.ora file

Admin_restrictions_listener_name Parameter Settings

The Oracle listener process can be reconfigured dynamically. Using Oracle LSNRCTL command, a user can change any of the configuration parameters through the set command. This can be used to overwrite the listener.ora file. The ADMIN_RESTRICTIONS parameter, set in the listener.ora file prevents unprivileged users from making changes of the listener.ora file
Set the value of ADMIN_RESTRICTIONS_<listener_name> to ON in the listener.ora file.

Change the Oracle Default Port Numbers

During the installation oracle create default port(1521) for connection to the listener service. This will become easy for the attacker to  identify the oracle service .The default port 1521 should be changed.

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>