Home » 2013 » October

Oracle XE TNS Mitigation

It’s been quite a while since my last post. Finding time to post is the roughest part for me so forgive this post if it’s a bit crude. I felt it was more important to get this up than make it pretty.

First some background. ¬†All versions of Oracle at this point have a vulnerability to TNS Poisoning. I won’t go into details of that since it’s documented and discussed numerous places. What I will cover is what steps I have taken to secure my implementation of Oracle XE 11g. I should note that none of my implementations are EXTERNAL FACING, they are internal to the network only.

Read more