Connections by mid-tier web and application systems to the Oracle DBMS from a DMZ or external network must be encrypted.

From Oracle Database 11.2g Security Technical Implementation Guide

Part of SRG-APP-000516-DB-999900

Associated with: CCI-000366

SV-68237r3_rule Connections by mid-tier web and application systems to the Oracle DBMS from a DMZ or external network must be encrypted.

Vulnerability discussion

Multi-tier systems may be configured with the database and connecting middle-tier system located on an internal network, with the database located on an internal network behind a firewall and the middle-tier system located in a DMZ. In cases where either or both systems are located in the DMZ (or on networks external to DoD), network communications between the systems must be encrypted.

Check content

Review the System Security Plan for remote applications that access and use the database. For each remote application or application server, determine whether communications between it and the DBMS are encrypted. If any are not encrypted, this is a finding.

Fix text

Configure communications between the DBMS and remote applications/application servers to use DoD-approved encryption.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer