From Oracle Database 11g Instance STIG
Part of Oracle SEC_PROTOCOL_ERROR_FURTHER_ACTION parameter
The database is vulnerable to exhaustion of resources that could result in a Denial of Service (DoS) to other clients if not protected from a flood of bad packets submitted by a malicious or errant client connection. The sec_protocol_error_further_action initialization parameter can be set to delay or drop acceptance of bad packets from a client in order to support the continued function of other non-problematic connections.
From SQL*Plus: select upper(value) from v$parameter where name = 'sec_protocol_error_further_action'; If the value returned does not include DROP or DELAY, this is a Finding.
Set the value for the sec_protocol_error_further_action initialization parameter to DROP or DELAY. DROP provides better protection and is recommended. From SQL*Plus: alter system set sec_protocol_error_further_action = 'drop' scope = spfile; OR alter system set sec_protocol_error_further_action = 'drop,3' scope = spfile; NOTE: The addition of the ‘,3’ above further limits the number of ‘bad packets’ to the specified number before forcefully terminating the connection. The above SQL*Plus command will set the parameter to take effect at next system startup.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer