Oracle Listener Security New ORACLE 12.2 Firewall Feature

05 Apr

Oracle Listener Security New ORACLE 12.2 Firewall Feature

Security Strategy and Standards, Oracle Database

Service-Level ALCs is a new feature of the 12.2 Listener that allows every database service to have its own ACL. The ACL must be based on IP addresses and this feature allows multitenant pluggable databases (PDBs) to each have an ACL enforced by the Listener. This is because each PDB is a unique service registered in the Listener.

To implement this feature a new parameter FIREWALL must be used and has the following options:

  • (FIREWALL=ON) - This enables strict ACL validation (whitelist-based approach) of all connections based on the ACLs. If no ACLs are configured for a service, all connections are rejected.
  • FIREWALL is not set (defined for service) – This is a mixed mode. If an ACL is configured for a service, it will be enforced. If no ACL is defined, all connections will be accepted.
  • (FIREWALL=OFF) No validation (No ACLs enforced) and all connections are accepted

For more information refer to: http://docs.oracle.com/database/122/NETAG/configuring-and-administering-oracle-net-listener.htm#NETAG0102

If you have questions, please contact us at info@integrigy.com

-Michael Miller, CISSP-ISSMP, CCSP, CCSK

 
 

 Share this post