Accessing Oracle SuperCluster T5-8 Security Resources
Security Information for SuperCluster Components
Understanding Oracle SuperCluster T5-8 Security Guidelines
Understanding Hardware Security Guidelines
Understanding Oracle SuperCluster T5-8 Security Settings and Services
Changing Passwords on Default User Accounts
Change Passwords on Default Accounts
Default User Accounts and Passwords
Change the Exadata Storage Server Passwords
Change the Ethernet Switch Password
Default TCP/IP Ports and Services
Keeping Oracle SuperCluster T5-8 Secure
Managing SuperCluster Security
Oracle ILOM for Secure Management
Oracle Identity Management Suite
Oracle Enterprise Manager Ops Center (Optional)
Workload Monitoring and Auditing
Database Activity Monitoring and Auditing
This list provides a number of security features worth considering to enhance network security.
Caution - Ensure that you fully test these features before you deploy the system in your environment. |
Configure administrative and operational services to use encryption protocols and key lengths that align with current policies. Cryptographic services provided by Oracle SuperCluster T5-8 benefit from hardware acceleration, which improves security without impacting performance.
Create separate software owner accounts for Oracle Grid Infrastructure and Oracle Database software installations. Use these accounts when deploying Oracle SuperCluster T5-8.
Disable unnecessary network services, such as TCP small servers or HTTP. Enable only necessary network services, and configure these services securely.
Create a login banner to state that unauthorized access is prohibited.
Use access control lists to apply restrictions where appropriate.
Set time-outs for extended sessions and set privilege levels.
Use the port mirroring capability of the switch for intrusion detection system (IDS) access.
Implement port security to limit access based upon a MAC address. Disable auto-trunking on all ports for any switch connected to Oracle SuperCluster T5-8.
Limit remote configuration to specific IP addresses using SSH.
Require users to use strong passwords by setting minimum password complexity rules and password expiration policies.
Enable logging and send logs to a dedicated secure log host.
Configure logging to include accurate time information, using NTP and timestamps.
Secure the IB Switches:
Use network switch port security features if they are available.
Lock the Media Access Control (MAC) address of one or more connected devices to a physical port on a switch. If a switch port is locked to a particular MAC address, then superusers cannot create back doors into the network with rogue access points.
Disable a specified MAC address from connecting to a switch.
Manage the Ethernet switch configuration file offline and limit access to the file to only authorized administrators.
Use each switch port's direct connections so the switch can set security based on its current connections.
Use authentication, authorization, and accounting (AAA) features for local and remote access to a switch.
Secure VLANs:
Use a static VLAN configuration.
Disable unused switch ports, and assign an unused VLAN number.
Assign a unique native VLAN number to trunk ports.
Limit the VLANs that can be transported over a trunk to only those that are strictly required.
Disable VLAN Trunking Protocol (VTP), if possible. If disabling VTP is not possible, then set the management domain, password, and pruning for VTP. In addition, set VTP to transparent mode.