1.1 Basic Security Considerations

1.1.1 Keep Software up to Date
1.1.2 Restrict Network Access to Critical Services
1.1.3 Follow the Principle of Least Privilege
1.1.4 Monitor System Activity
1.1.5 Keep up to Date on the Latest Security Information

The following sections list the fundamental principles for using Oracle Linux securely.

1.1.1 Keep Software up to Date

One of the principles of good security practice is to keep all software versions and patches up to date. Throughout this document, we assume a maintenance level of Oracle Linux Release 6 or later.

For more information, see Section 3.11, “Configuring and Using Software Management”

1.1.2 Restrict Network Access to Critical Services

Keep both middle-tier applications and databases behind a firewall. In addition, place a firewall between middle-tier applications and databases if these are hosted on separate servers. The firewalls provide assurance that access to these systems is restricted to a known network route, which can be monitored and restricted, if necessary. As an alternative, a firewall router substitutes for multiple, independent firewalls.

If firewalls cannot be used, restrict access based upon IP address. Restricting database access by IP address often causes application client/server programs to fail for DHCP clients. To resolve this, consider using static IP addresses, a software/hardware VPN or Windows Terminal Services or its equivalent.

For more information, see Section 3.12, “Configuring Access to Network Services”.

1.1.3 Follow the Principle of Least Privilege

The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. Over ambitious granting of responsibilities, roles, grants, and so on, especially early on in an organization’s life cycle when people are few and work needs to be done quickly, often leaves a system wide open for abuse. User privileges should be reviewed periodically to determine relevance to current job responsibilities.

For more information, see Section 5.11, “Checking User Accounts and Privileges”.

1.1.4 Monitor System Activity

System security stands on three legs: good security protocols, proper system configuration, and system monitoring. Auditing and reviewing audit records address the third requirement. Each component within a system has some degree of monitoring capability. Follow audit advice in this document and regularly monitor audit records.

For more information, see Section 3.8, “Configuring and Using Auditing”.

1.1.5 Keep up to Date on the Latest Security Information

Oracle continually improves its software and documentation. Check regularly on the Oracle Technology Network at http://www.oracle.com/technetwork/server-storage/linux for revisions. For information about common vulnerabilities and exposures (CVE) and errata that are available on the Unbreakable Linux Network, see http://linux.oracle.com/cve and http://linux.oracle.com/errata.