In addition to the basic security principles, the modular system addresses survivability and defense in depth. The modular system delivers a well-integrated set of security capabilities to satisfy important security requirements and concerns. The following sections describe these principles:
Survivability of Mission-Critical Workloads – Organizations that select hardware and software platforms for mission-critical workloads can be assured that the modular system can prevent or minimize the damage caused from accidental and malicious actions taken by internal users or external parties. As part of the Oracle Maximum Availability Architecture best practices, the following practices increase survivability:
Ensuring that the components used have been designed, engineered, and tested to work well together in support of secure deployment architectures. The modular system supports secure isolation, access control, quality of service, and secure management.
Reducing the default attack surface of its constituent products helps minimize the overall exposure of the machine.
Protecting the machine, including its operational and management interfaces, using a complement of open and vetted protocols, and APIs capable of supporting traditional security goals of strong authentication, access control, confidentiality, integrity, and availability.
Verifying that software and hardware contain features that keep the service available even when failures occur. These capabilities help in cases where attackers attempt to disable one or more individual components in the system.
Defense in Depth to Secure the Operating Environment – The modular system employs multiple, independent, and mutually-reinforcing security controls to help create a secure operating environment for workloads and data. The modular system supports the principle of defense in depth as follows:
Offering a strong complement of protections to secure information in transit, in use, and at rest. Security controls are available at the server and network layers. Each layer's unique security controls can be integrated with the others to enable the creation of strong, layered security architectures.
Supporting the use of well-defined and open standards, protocols, and interfaces. The modular system can be integrated into existing security policies, architectures, practices, and standards.