Database Reference
In-Depth Information
Confirming EM Network Encryption
It is important that communications between the OMS and the agent are encrypted, which is the default in 12c.
However, it can be set to be non-encrypted, so it is important to verify that encryption is taking place so that the next
practical will do just that. What follows is the seed value for this network encryption, as shown in Figure
18-3
.
Figure 18-3.
Seed value for encryption
The following commands enable a verification that this encryption is actually being used:
[oracle@dbtargetp21 ~]$ /u01/app/oracle/product/agent12c/core/12.1.0.1.0/bin/emctl status agent -secure
Oracle Enterprise Manager 12c Cloud Control 12.1.0.1.0
Copyright (c) 1996, 2011 Oracle Corporation. All rights reserved.
Checking the security status of the Agent at location set in /u01/app/oracle/product/agent12c/
agent_inst/sysman/config/emd.properties... Done.
Agent is secure at HTTPS Port 3872.
Checking the security status of the OMS at https://em12.example.com:4900/empbs/upload/... Done.
OMS is secure on HTTPS Port 4900
The preceding commands verify that communications between the target DB and the OMS receiving service at
the EM12c end are being encrypted. However, an attacker can still attempt to connect as DBSNMP as seen below,
so consider using valid node detection on the target listeners.
[oracle@em12 ~]$ sqlplus dbsnmp/dbsnmp@192.0.2.111/dbp21.example.com
SQL*Plus: Release 11.1.0.7.0 - Production on Fri Jan 31 16:41:23 2014
Copyright (c) 1982, 2008, Oracle. All rights reserved.Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
