C.1 Securing Oracle Traffic Director

The following are some of the steps that you can perform to secure Oracle Traffic Director in your environment:

Configure your system firewall to ensure that:
- Oracle Traffic Director server instance ports are accessible for external traffic. The default port is 8989. For information about how to find port information for various instances, see Section 3.2, "Viewing a List of Administration Nodes."
- Oracle Traffic Director administration port is only accessible for internal traffic.
- Oracle Traffic Director administration node can communicate with the administration server.
Alternatively you could ensure that Oracle Traffic Director administration nodes can only listen on private interfaces such as bond0, which is not available to external traffic. For more information, see Chapter 3, "Managing Administration Nodes."
Ensure Oracle Traffic Director server instance is running as non-root and not listening on all interfaces. For information about starting Oracle Traffic Director instances, see Section 5.3, "Starting, Stopping, and Restarting Oracle Traffic Director Instances."

Note:

For each Oracle Traffic Director configuration that you instantiate on an administration node, a subdirectory named net-config_name is created in the INSTANCE_HOME subdirectory.
Leverage the ability of Oracle Traffic Director to provide high availability as non-root. For more information, see Chapter 14, "Configuring Oracle Traffic Director for High Availability."
Ensure that sufficient file descriptors are available. For more information, see Section 15.2, "Tuning the File Descriptor Limit."
Ensure that appropriate network level protections are taken care. For more information, see http://www.oracle.com/technetwork/articles/servers-storage-admin/secure-linux-env-1841089.html.

In addition, you should consider hardening your system. For information about hardening an Oracle Linux system, see http://www.oracle.com/technetwork/articles/servers-storage-admin/tips-harden-oracle-linux-1695888.html.