Security Vulnerability Validation and Fixes on Oracle Database Appliance

Security Team executed their inbuilt security scans and provides the security scan report to the IT team to take appropriate actions.  Below are few custom vulnerabilities for NTP, SNMP, ICMP, TCP protocols and VNC software as stated in our security scan report for ODAs. Please perform careful discussions, planning and impact analysis before implementing any of the below changes.

NTP

Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks.

Below are the details from security scan report for NTP vulnerability.

Vulnerability Title Vulnerability Solution
NTP clock variables information disclosure Disable NTP queries – Apply a restrict option to all hosts that are not authorized to perform NTP queries.
NTP: Traffic amplification in clrtrap feature of ntpd Disable NTP queries – Apply a restrict option to all hosts that are not authorized to perform NTP queries.
 NTP: Traffic Amplification in reslist feature of ntpd Disable NTP queries  – Apply a restrict option to all hosts that are not authorized to perform NTP queries.
NTP: Information disclosure in reslist feature of ntpd (CVE-2014-5209) Disable NTP queries – Apply a restrict option to all hosts that are not authorized to perform NTP queries.
NTP: Traffic Amplification in listpeers feature of ntpd Disable NTP queries – Apply a restrict option to all hosts that are not authorized to perform NTP queries.
NTP: Traffic Amplification in peers feature of ntpd Disable NTP queries – Apply a restrict option to all hosts that are not authorized to perform NTP queries.

As per the vulnerability solution to disable NTP queries, add the following restrictions in /etc/ntp.conf and restart ntp service.

restrict default kod nomodify notrap nopeer noquery

restrict 127.0.0.1 – (restricts local clock)

server  iburst

ICMP

The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, like routers, to send error messages and operational information indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like ping and traceroute).

Below are the details from security scan report for ICMP vulnerability.

Vulnerability Title Vulnerability Solution
ICMP timestamp response * Linux – Disable ICMP timestamp responses on Linux

As per vulnerability solution to disable ICMP timestamp responses on Linux, use the below command to create a RULE to reject ICMP timestamp response:

ipchains -A input -p icmp –icmp-type timestamp-request -j DROP ipchains -A output -p icmp –icmp-type timestamp-reply -j DROP

 

SNMP

Simple Network Management Protocol (SNMP) is an Internet-standard protocol for collecting and organizing information about managed devices on IP networks and for modifying that information to change device behavior. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more.

Below are the details from security scan report for SNMP vulnerability.

Vulnerability Title Vulnerability Solution
Default or Guessable SNMP community names: public Secure the SNMP installation    * If you do not absolutely need SNMP, disable it.
SNMP credentials transmitted in cleartext Secure the SNMP installation    * If you do not absolutely need SNMP, disable it.

As per vulnerability solution to disable SNMP, Issue below commands to disable snmpd packets from server.

To stop service: Service snmpd stop

To disable service at boot time: Chkconfig snmpd off

TCP

The

Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets between applications running on hosts communicating by an IP network.Below are the details from security scan report for TCP vulnerability.

Vulnerability Title Vulnerability Solution
TCP timestamp response Disable TCP timestamp responses

As per vulnerability solution to disable TCP, update below parameters to mitigate the risk.

sysctl -w net.ipv4.tcp_timestamps=0

(OR)

vi /etc/sysctl.com –> add net.ipv4.tcp_timestamps=0

run sysctl -p /etc/sysctl.conf

VNC

In computing, Virtual Network Computing (VNC) is a graphical desktop sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse events from one computer to another, relaying the graphical screen updates back in the other direction, over a network.

Below are the details from security scan report for VNC vulnerability.

Vulnerability title Vulnerability Solution
VNC remote control service installed Fix VNC remote control service installed. Remove or disable this service. If it is necessary, be sure to use well thought out (hard to crack) passwords

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s