Skip to content

Fixed user and public database links must be authorized for use.

An XCCDF Rule

Description

<VulnDiscussion>Database links define connections that may be used by the local database to access remote Oracle databases. These links provide a means for a compromise to the local database to spread to remote databases in the distributed database environment. Limiting or eliminating use of database links where they are not required to support the operational system can help isolate compromises to the local or a limited number of databases.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>

ID
SV-219697r879887_rule
Severity
Medium
References
Updated



Remediation - Manual Procedure

Document all authorized connections from the database to remote databases in the System Security Plan.

Remove all unauthorized remote database connection definitions from the database.

From SQL*Plus: