This section gives an overview of the product and explains the general principles of application security.
Oracle's Virtual Operator Panel is a suite of Java applications that provide a graphical user interface for managing tape drives. Customers and service engineers use Virtual Operator Panel to view, set or modify configuration parameters, display or monitor status, and perform diagnostics, troubleshooting, and service tasks (for example, download firmware).
The following principles are fundamental to using any application securely:
Keep Software Up To Date
One of the principles of good security practice is to keep all software versions and patches up to date. Throughout this document, we assume Oracle Virtual Operator Panel version of 2.0 or later.
Restrict Network Access
Keep the Oracle Virtual Operator Panel application behind a firewall, in a secure, data center environment. Also, if possible, it is preferable to install the Oracle Virtual Operator Panel application on a server on a private LAN. The firewalls provide assurance that access to these systems is restricted to a known network route, which can be monitored and restricted, if necessary. The Oracle Virtual Operator Panel application is not designed to have public or internet access.
Follow the Principle of Least Privilege
The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. User privileges should be reviewed periodically to determine relevance to current job responsibilities.
Monitor System Activity
System security stands on three legs: good security protocols, proper system configuration and system monitoring. Auditing and reviewing audit records address this third requirement.
Keep Up To Date on Latest Security Information
Oracle continually improves its software and documentation. Check this note yearly for revisions.