Unrestricted Oracle Access Should Not Be Allowed

More Info:

No security group should allow unrestricted inbound access to TCP port 1521 (Oracle Database).

Risk Level

Medium

Address

Security

Compliance Standards

SOC2, GDPR, HITRUST, AWSWAF, NISTCSF, PCIDSS, FedRAMP

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the unrestricted Oracle access issue in AWS, you can follow the below steps using AWS CLI:

Connect to your AWS account using AWS CLI.
Identify the security group that allows unrestricted Oracle access. You can use the following command to list all security groups in your AWS account:

aws ec2 describe-security-groups

Once you have identified the security group, use the following command to update the inbound rules of the security group to restrict access to Oracle:

aws ec2 revoke-security-group-ingress --group-id <security-group-id> --protocol tcp --port 1521 --cidr 0.0.0.0/0

This command will remove the inbound rule that allows unrestricted access to Oracle on port 1521 from any IP address.

After running the above command, you can verify that the rule has been removed by running the following command:

aws ec2 describe-security-groups --group-ids <security-group-id>

This command will display the details of the security group, including the inbound rules.

Finally, you should test the Oracle access to ensure that it is restricted as expected. If necessary, you can modify the security group rules further to allow access only from specific IP addresses or networks.

Using Python

To remediate the “Unrestricted Oracle Access Should Not Be Allowed” misconfiguration in AWS using Python, you can follow these steps:

Install the Boto3 AWS SDK for Python:

!pip install boto3

Use Boto3 to connect to the AWS account:

import boto3

session = boto3.Session(
    aws_access_key_id='YOUR_ACCESS_KEY_ID',
    aws_secret_access_key='YOUR_SECRET_ACCESS_KEY',
    region_name='YOUR_REGION'
)

ec2 = session.client('ec2')

Use the describe_security_groups method to get a list of all the security groups in the account:

response = ec2.describe_security_groups()
security_groups = response['SecurityGroups']

Loop through the security groups and check if any of them have unrestricted Oracle access:

for sg in security_groups:
    for rule in sg['IpPermissions']:
        if rule['IpProtocol'] == 'tcp' and rule['FromPort'] == 1521 and rule['ToPort'] == 1521 and rule['IpRanges'] == [{'CidrIp': '0.0.0.0/0'}]:
            print(f"Security group {sg['GroupId']} has unrestricted Oracle access!")

If you find a security group with unrestricted Oracle access, use the revoke_security_group_ingress method to remove the rule:

ec2.revoke_security_group_ingress(
    GroupId=sg['GroupId'],
    IpPermissions=[
        {
            'IpProtocol': 'tcp',
            'FromPort': 1521,
            'ToPort': 1521,
            'IpRanges': [{'CidrIp': '0.0.0.0/0'}]
        }
    ]
)

This will remove the unrestricted Oracle access from the security group.

Additional Reading:

https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#AddRemoveRules

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Unrestricted Oracle Access Should Not Be Allowed

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: