Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Open port 1521: Oracle Database (DB)

Author: Government Digital Service

Open port 1521: Oracle Database (DB)

What this means

By default, Oracle DB Server communicates over TCP port 1521 and when this port is left accessible to the internet, it creates the possibility of a direct connection to the database engine that an attacker may exploit.

Why this is a problem

Oracle DB is a complex application that contains additional features to the main Database engine such as reporting and integration services along with email functionality.

By providing access to the Database engine on the default port from an untrusted network can allow several vulnerabilities and weaknesses to be exposed.

Combined with misconfiguration and default settings such as using port 1521 and default settings can cause the following:

  • unauthorised access where attackers can attempt brute-force attacks to gain access to the database
  • SQL Injection attacks if the server is not properly configured, malicious SQL queries can be injected, potentially exposing or modifying sensitive data
  • data exfiltration where attackers who gain access can extract sensitive business or personal data
  • Denial of Service (DoS) attacks where attackers can overwhelm the server with excessive connection requests, making it unresponsive
  • ransomware and malware injection where open SQL ports can be exploited to install malicious software, encrypting data or causing system disruptions

How to check if the problem is there

Check open Oracle ports

Run the following command to check if RPC ports are open.

Windows (Command Prompt):

netstat -an | find ":1521"

Linux/Mac (Terminal):

sudo netstat -tulnp | grep ":1521"

>Nmap:

Nmap -p 1521 <IP ADDRESS>

Oracle:

Adopt OCI Vulnerability scanning service

How to fix this

To mitigate attacks against against Oracle, an administrator can take the following steps to block access or reduce the attack surface.

Restrict network access

Restrict network access by carrying out the following:

  • configure firewall rules to allow connections only from trusted IP addresses
  • disable or uninstall services if not required

Enable authentication and encryption

Enable authentication and encryption by carrying out the following:

  • use Kerberos authentication for access
  • use RBAC to group user roles
  • separation of duties for administrators and users

Regularly monitor logs

Regularly monitor your event logs and consider:

  • using SIEM tools to detect anomalies
  • deploying Intrusion Detection Systems (IDS)

 

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now