To avoid potential security threats, customers operating DIVArchive must be concerned about authentication and authorization of the system.
These security threats can be minimized by proper configuration and by following the postinstallation checklist in Appendix A, "Secure Deployment Checklist".
The critical security features that provide protections against security threats are:
Authentication - Ensures that only authorized individuals are granted access to the system and data.
Authorization - Access control to system privileges and data. This feature builds on authentication to ensure that individuals get only appropriate access.
The DIVArchive Control GUI provides three fixed user profiles (Administrator, Operator and User). The Administrator and Operator accounts require a password to obtain access. The DIVArchive System comes installed with default passwords that can be changed any time through the DIVArchive Configuration Utility. If the default passwords are not changed, it leaves the DIVArchive System accessible to possible malicious activity. Default passwords are required to be changed immediately after installation and configuration for both the Administrator and Operator accounts, and every 180 days (minimum) thereafter. Once the change has been made, you must store the passwords in a safe location, offline, where they can be made available for Oracle Support if needed.
Access control in DIVArchive is divided into three profiles:
User - After the connection to the DIVArchive Manager is established, the Control GUI will only allow the user to monitor DIVArchive operations, and retrieve data from the database. This is known as the User Profile. Not all functions that issue commands to DIVArchive are accessible while in the User profile mode. This allows for situations where monitoring is required but no commands are permitted to be sent to DIVArchive.
Administrator - To issue requests to DIVArchive, such as archive or restore requests, or to eject a tape from a library, you must change to the Administrator Profile. The Administrator Profile is password protected. The default password for this profile is diva, however this can be (or may have been) changed in the Configuration Utility. For more information refer to DIVArchive Software Release 7.3 Customer Documentation Library at:
https://docs.oracle.com/en/storage/#csm
Operator - In addition to User Profile permissions, the operator profile provides access to the Object Transfer Utility and requires the entry of the same password as the Administrator profile.