StorageTek Automated Cartridge System Library Software Security Guide Release 8.3 E49313-02 |
|
Previous |
Next |
This section gives an overview of ACSLS and explains the general principles of application security.
Note: Throughout this document, the Automated Cartridge System Library Software product is referred to as ACSLS, and the ACSLS High Availability solution is referred to as ACSLS HA. |
ACSLS is Oracle's tape library server software that controls one or more StorageTek tape libraries for open systems clients. An Automated Cartridge System (ACS) is a tape library or a group of tape libraries connected through pass-thru-ports (PTPs). ACSLS manages one or more ACSs through ”control path” commands sent across a network. The software includes a system administration component, interfaces to client system applications, and library management facilities.
The following principles are fundamental to using any product securely.
One of the principles of good security practice is to keep all software versions and patches up to date. This document assumes that you are running ACSLS 8.3 or a later release, with all relevant maintenance applied. Running the latest ACSLS release assures that you have the latest enhancements and fixes.
Apply all significant security patches to the OS and to services installed with the OS. Please apply these patches selectively, because applying all available updates may install new features and even new OS releases that ACSLS and ACSLS HA have not been tested with.
Keep both the ACSLS and the libraries that it manages behind a firewall.Using a private network for TCP/IP communications between ACSLS and tape libraries is recommended.
The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. User privileges should be reviewed periodically to determine relevance to current job responsibilities.
On ACSLS, this means that operators who only issue routine commands using cmd_proc should login as the acssa user. System administrators who login as the acsss user also have access to a wider range of utilities and configuration commands. Use of the acsdb user ID is not needed for normal operations.
System security stands on three legs: good security protocols, proper system configuration, and system monitoring. Auditing and reviewing audit records address this third requirement. Each component within a system has some degree of monitoring capability. Follow audit advice in this document and regularly monitor audit records