After the initial installation and setup, use Oracle hardware and software security features to continue controlling hardware and tracking system assets.
You can use software to turn on and off power to some Oracle systems. The power distribution units (PDUs) for some system cabinets can be enabled and disabled remotely. Authorization for these commands is typically set up during system configuration and is usually limited to system administrators and service personnel. Refer to your system or cabinet documentation for further information.
Use serial numbers to track inventory. Oracle embeds serial numbers in firmware on option cards and system motherboards. You can read these serial numbers through local area network connections.
You can also use wireless radio frequency identification (RFID) readers to further simplify asset tracking. An Oracle white paper, How to Track Your Oracle Sun System Assets by Using RFID is available at: http://www.oracle.com/technetwork/articles/systems-hardware-architecture/o11-001-rfid-oracle-214567.pdf
Keep your firmware versions and related host software (driver, user space tools) current on your server equipment.
Check regularly for updates.
Always install the latest released version of the software or firmware.
Install any necessary security patches for your software.
Remember that devices such as network switches also contain firmware and might require patches and firmware updates.
Check availability of updates and patches at https://support.oracle.com
Follow these guidelines to secure local and remote access to your systems:
Implement port security to limit access based upon a MAC address. Disable auto-trunking on all ports.
Limit remote configuration to specific IP addresses using SSH instead of Telnet. Telnet passes user names and passwords in clear text, potentially allowing everyone on the LAN segment to see login credentials. Set a strong password for SSH.
Use version 3 of SNMP to provide secure transmissions. Earlier versions of SNMP are not secure and transmit authentication data in unencrypted text.
Change the default SNMP community string to a strong community string if SNMP is necessary. Some products have PUBLIC set as the default SNMP community string. Attackers can query a community to draw a very complete network map and possibly modify management information base (MIB) values.
Always log out after using the system controller if it uses a browser interface.
Disable unnecessary network services, such as TCP small servers or HTTP. Enable necessary network services and configure these services securely
Follow these guidelines to maximize data security:
Back up important data using devices such as external hard drives, pen drives, or memory sticks. Store the backed up data in a second, off-site, secure location.
Use data encryption software to keep confidential information on hard drives secure.
When disposing of an old hard drive, physically destroy the drive or completely erase all the data on the drive. Information can still be recovered from a drive after files are deleted or the drive has been reformatted. Deleting the files or reformatting the drive removes only the address tables on the drive. Use disk wiping software to completely erase all data on a drive.
Inspect and maintain your log files on a regular schedule.
Review logs for possible incidents and archive them in accordance with a security policy.
Periodically retire log files when they exceed a reasonable size. Maintain copies of the retired files for possible future reference or statistical analysis.