There are basic security principles that you should adhere to when using all hardware and software. This section covers the four basic security principles:
Access refers to physical access to hardware, or physical or virtual access to software.
Use physical and software controls to protect your hardware and data from intrusion.
Change all default passwords when installing a new system. Most types of equipment use default passwords, such as changeme, that are widely known and could allow unauthorized access to hardware or software.
Refer to the documentation that came with your software to enable any security features available for the software.
Install servers and related equipment in a locked, restricted access room.
If equipment is installed in a rack with a locking door, keep the door locked except when you have to service components in the rack.
Restrict physical access to USB ports, network ports, and system consoles. Servers and network switches have ports and console connections, which provide direct access to the system.
Restrict the capability to restart the system over the network.
Restrict access to hot-plug or hot-swap devices in particular because they can be easily removed.
Store spare field-replaceable units (FRUs) and customer-replaceable units (CRUs) in a locked cabinet. Restrict access to the locked cabinet to authorized personnel.
Authentication is how a user is identified, typically through confidential information such as user name and password. Authentication ensures that users of hardware and software are who they say they are.
Set up authentication features such as a password system in your platform operating systems to ensure that users are who they say they are.
Ensure that your personnel use employee badges properly to enter the computer room.
For user accounts: use access control lists where appropriate; set time-outs for extended sessions; set privilege levels for users.
Authorization allows administrators to control what tasks or privileges a user may perform or use. Personnel can only perform the tasks and use the privileges that have been assigned to them. Authorization refers to restrictions placed on personnel to work with hardware or software.
Allow personnel to work only with hardware and software that they are trained and qualified to use.
Set up a system of Read/Write/Execute permissions to control user access to commands, disk space, devices, and applications.
Accounting and auditing refer to maintaining a record of a user's activity on the system. Oracle servers have hardware and software features that allow administrators to monitor login activity and to maintain hardware inventories.
Use system logs to monitor user logins. Monitor system administrator and service accounts in particular because those accounts have access to commands that if used incorrectly could cause harm to the system or incur data loss. Access and commands should be carefully monitored through system logs.
Record the serial numbers of all your hardware. Use component serial numbers to track system assets. Oracle part numbers are electronically recorded on cards, modules, and motherboards, and can be used for inventory purposes.
To detect and track components, provide a security mark on all significant items of computer hardware such as FRUs and CRUs. Use special ultraviolet pens or embossed labels.