1 Overview

This section gives an overview of the product and explains the general principles of application security.

Product Overview

Oracle's Virtual Operator Panel is a suite of Java applications that provide a graphical user interface for managing tape drives. Customers and service engineers use Virtual Operator Panel to view, set or modify configuration parameters, display or monitor status, and perform diagnostics, troubleshooting, and service tasks (for example, download firmware).

General Security Principles

The following principles are fundamental to using any application securely:

• Keep Software Up To Date

  One of the principles of good security practice is to keep all software versions and patches up to date. Throughout this document, we assume Oracle Virtual Operator Panel version of 2.0 or later.

• Restrict Network Access

  Keep the Oracle Virtual Operator Panel application behind a firewall, in a secure, data center environment. Also, if possible, it is preferable to install the Oracle Virtual Operator Panel application on a server on a private LAN. The firewalls provide assurance that access to these systems is restricted to a known network route, which can be monitored and restricted, if necessary. The Oracle Virtual Operator Panel application is not designed to have public or internet access.

• Follow the Principle of Least Privilege

  The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. User privileges should be reviewed periodically to determine relevance to current job responsibilities.

• Monitor System Activity

  System security stands on three legs: good security protocols, proper system configuration and system monitoring. Auditing and reviewing audit records address this third requirement.

• Keep Up To Date on Latest Security Information

  Oracle continually improves its software and documentation. Check this note yearly for revisions.