14.1. Securing the Oracle Listener
The role of the TNS listener in an Oracle environment cannot be overstated. In fact, it is arguably one of the most critical elements in any Oracle environment. From a security standpoint, it is easily the most important. Yet, in spite of all this, it remains one of the least understood.
For many, listener configuration consists of little more than clicking a few selections in the netca utility. Afterward, testing usually consists of connecting from a remote workstation. Beyond that, little thought is given to the listener.
What they don't realize is that, in its default configuration, the Oracle listener presents an enormous security risk. The listener can be compromised in a number of ways, allowing attackers unauthorized access to your server.
In the following sections, you will learn the recommended methods of securing the listener. First, you'll get an overview of the functionality that the listener provides. You'll also learn how simple it is to manage an unprotected listener remotely. Next, you'll learn the steps to securing the listener, including listener passwords, logging, external procedure restrictions, and a few others.
NOTE
This chapter is not intended to provide thorough coverage of TNS listener setup, configuration, and usage. It assumes that you already have a familiarity with Oracle Net Services and the listener. It also assumes that you are familiar with basic TCP/IP networking concepts.