Protecting Against Man-in-the-Middle Attack
Question
A user is connecting to an Oracle on the Amazon RDS database.
How should the user configure the connection parameters so that the client connection is protected against man-in-the-middle attack?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: D.
Option A is incorrect because -ssl_mode parameter is used for client connection to MySQL databases using MySQL client.
Option B is incorrect because-ssl_mode parameter is used for client connection to MySQL databases using MySQL client.
Option C is incorrect because these parameters are used in the connection string to a SQL Server database.
Option D is CORRECT because the ssl_server_dn_match property must be set to true on the client to perform certificate verification and ensure that the certificate is from the server.
Reference:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.Options.SSL.htmlWhen connecting to an Oracle on the Amazon RDS database, it is important to ensure that the client connection is protected against man-in-the-middle (MITM) attacks. A MITM attack occurs when an attacker intercepts the communication between the client and the server and can eavesdrop, modify or inject malicious data into the communication.
To protect against MITM attacks, the user should configure the connection parameters with SSL (Secure Sockets Layer) encryption. SSL is a protocol that provides secure communication over the internet by encrypting the communication between the client and the server.
Out of the given options, options A and B are the correct choices to configure the connection parameters for protecting against MITM attacks using SSL encryption.
Option A: --ssl-ca=/home/myuser/rds-combined-ca-bundle.pem --ssl-mode=require
This option configures the connection to use SSL encryption and requires that the server has a valid certificate signed by a trusted certificate authority (CA) specified by the ssl-ca parameter. The require value for ssl-mode parameter specifies that the client must use SSL encryption for the connection.
Option B: --ssl-ca=/home/myuser/rds-combined-ca-bundle.pem --ssl-mode=verify-full
This option is similar to option A, but it also verifies that the certificate presented by the server matches the hostname of the server. This is done by setting the ssl-mode parameter to verify-full.
Option C: encrypt=true;trustServerCertificate=true
This option is not a valid way to configure SSL encryption. It specifies that SSL encryption should be used, but it does not verify the server's certificate, which leaves the connection vulnerable to MITM attacks.
Option D: Set ssl_server_dn_match property to true.
This option is not applicable to Oracle on Amazon RDS, as it is related to Microsoft SQL Server.
In summary, options A and B are the correct choices to configure the connection parameters for protecting against MITM attacks using SSL encryption. Option C is not valid, and option D is not applicable.
