Ensure that Google Cloud VPC network firewall rules do not allow unrestricted access (i.e. 0.0.0.0/0) on TCP port 1521 in order to reduce the attack surface and protect the virtual machine (VM) instances targeted by the firewall rules. TCP port 1521 is used by the Oracle Database (Oracle RDBMS), a multi-model database management system developed and marketed by Oracle Corporation.
Allowing unrestricted ingress/inbound access on TCP port 1521 through VPC network firewall rules can increase opportunities for malicious activities such as denial-of-service attacks, brute-force and man-in-the-middle (MITM) attacks, and can ultimately lead to data loss. VPC firewall rules should be configured so that access to specific resources is restricted to just those hosts or networks that have a legitimate business requirement for access.
To determine if your Google Cloud VPC firewall rules allow unrestricted access on TCP port 1521, perform the following actions:
Remediation / Resolution
To update your VPC network firewall rules configuration in order to restrict Oracle Database access to trusted entities only (i.e. authorized IP addresses or IP ranges), perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Check for Unrestricted Oracle Database Access
Risk level: High