Netra Server X5-2 Security Guide

Exit Print View

Updated: May 2015
 
 

Oracle System Assistant Security

Oracle System Assistant is a preinstalled tool that helps you to configure and update server hardware and to install supported operating systems. For information about how to use Oracle System Assistant, refer to the Netra Server X5-2 Server Administration Guide at:

http://www.oracle.com/goto/netra-x5-2/docs

The following information describes security issues related to Oracle System Assistant.

  • Oracle System Assistant contains a bootable root environment.

    Oracle System Assistant is an application that runs on a preinstalled, internal USB flash drive. Oracle System Assistant is built on top of a bootable Linux root environment. Oracle System Assistant also provides the ability to access its underlying root shell. Users who have physical access to the system, or who have remote KVMS (keyboard, video, mouse, and storage) access to the system through Oracle ILOM, can access Oracle System Assistant and the root shell.

    A root environment can be used to change system configuration and policies, as well as to access data on other disks. To increase security, protect physical access to the server and assign administrator and console privileges for Oracle ILOM users sparingly.

    The Oracle System Assistant shell is designed to permit users with appropriate privileges to use the Oracle Hardware Management Pack CLI Tools for system management purposes. The shell is not designed to provide network services. Network services are disabled by default to ensure the highest level of security and should not be enabled.

  • Oracle System Assistant mounts a USB storage device that is accessible to the operating system.

    In addition to being a bootable environment, Oracle System Assistant is also mounted as a USB storage device (flash drive) that is accessible to the host operating system after installation. This is useful when accessing tools and drivers for maintenance and reconfiguration. The Oracle System Assistant USB storage device is both readable and writeable and could potentially be exploited by viruses.

    For increased security, apply to the Oracle System Assistant storage device the same methods you use for protecting disks, including regular virus scans and integrity checking.

  • Oracle System Assistant can be disabled.

    Oracle System Assistant is a useful tool in helping to set up the server, update and configure firmware, and install the host operating system. However, if the security implications described above are unacceptable, or if the tool is not needed, Oracle System Assistant can be disabled. After disabling Oracle System Assistant, the USB storage device is no longer accessible to the host operating system and users will be unable to boot into Oracle System Assistant.

    You can disable Oracle System Assistant from either the tool itself or from BIOS. Once disabled, Oracle System Assistant can only be re-enabled from the BIOS Setup Utility. It is recommended that the BIOS Setup Utility be password-protected so that only authorized users can re-enable Oracle System Assistant.

  • Refer to the Oracle System Assistant documentation.

    For information about Oracle System Assistant features and functions, refer to the Netra Server X5-2 Server Administration Guide at:

    http://www.oracle.com/goto/netra-x5-2/docs

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next