Friday, May 30, 2014

Implementing Class of Secure Transport (COST)

To safeguard against security vulnerability (CVE-2012-1675) as published here, COST (Class of Secure Transport) parameter is used to restrict any remote instance to get registered with the listener running on a database server. This is done by adding a parameter SECURE_REGISTER_<LISTENER_NAME> = (TCP) in the listener.ora file
.

In the following demonstration, a listener is running on a Linux server where container/pluggable databases and services are registered with the listener - as can be seen in the following screenshot.























Now I have a database (salman11) running on a remote windows based machine where setting remote_listener parameter would make salman11 database to register with this listener

Adding remote_listener parameter to salman11


Checking listener where salman11 has got itself registered






















Now implementing COST by adding SECURE_REGISTER_LISTENER = (TCP)

############################

LISTENER =
  (DESCRIPTION_LIST =
    (DESCRIPTION =
      (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
      (ADDRESS = (PROTOCOL = TCP)(HOST = salman1.salman.com)(PORT = 1521))
    )
  )

SECURE_REGISTER_LISTENER=(TCP)

############################

Add SECURE_REGISTER_LISTENER = (TCP) and reload/restart the listener. After doing this, salman11 database is no longer be seen registered with this listener.


No comments:

Popular Posts - All Times