This chapter describes policies and procedures to keep Oracle Database Appliance secure. It includes the following topics:
After installation of Oracle Database Appliance, the hardware should be secured. Hardware can be secured by restricting access to the hardware and recording the serial numbers. Oracle recommends the following practices to restrict access:
Install Oracle Database Appliance and related equipment in a locked, restricted-access room.
Restrict access to hot-pluggable or hot-swappable devices because the components can be easily removed by design.
Limit SSH listener ports to the management and private networks.
Limit SSH allowed authentication mechanisms. Inherently insecure methods are disabled.
Mark all significant items of computer hardware, such as FRUs.
Record the serial numbers of the components in Oracle Database Appliance, and keep a record in a secure place. All components in Oracle Database Appliance have a serial number.
Frequently, hardware security is implemented through software measures. Implement the following guidelines to protect hardware and software:
Change all default passwords when the system is installed at the site. Oracle Database Appliance uses default passwords for initial installation and deployment that are widely known. A default password that is still in effect could allow unauthorized access to the equipment. Devices such as the network switches have multiple user accounts. Be sure to change all account passwords on the components in the rack.
See Also:
"Understanding User Accounts"Create and use Oracle Integrated Lights Out Manager (ILOM) user accounts for individual users to ensure a positive identification in audit trails, and less maintenance when administrators leave the team or company.
Restrict physical access to USB ports, network ports, and system consoles. Servers and network switches have ports and console connections, which provide direct access to the system.
Restrict the capability to restart the system over the network.
Refer to the Oracle Database Security Guide for details on how to enable available database security features.
Oracle Database Appliance can leverage all the security features available with Oracle Databases installed on legacy platforms. Oracle Database security products and features include the following:
Oracle Advanced Security
Oracle Audit Vault
Data Masking
Oracle Database Firewall
Oracle Database Vault
Oracle Label Security
Oracle Secure Backup
Oracle Total Recall
Using the Oracle privileged user and multi-factor access control, data classification, transparent data encryption, auditing, monitoring, and data masking, customers can deploy reliable data security solutions that do not require any changes to existing applications.
After security measures are implemented, they must be maintained to keep the system secure. Software, hardware and user access need to be updated and reviewed periodically. For example, organizations should review the users and administrators with access to Oracle Database Appliance, and its deployed services to verify if the levels of access and privilege are appropriate. Without review, the level of access granted to individuals may increase unintentionally due to role changes or changes to default settings. It is recommended that access rights for operational and administrative tasks be reviewed to ensure that each user's level of access is aligned to their roles and responsibilities.
After the networks are configured based on the security guidelines, regular review and maintenance is needed to ensure that secure host and ILOM settings remain intact and in effect.
Follow these guidelines to ensure the security of local and remote access to the system:
Manage the management network switch configuration file offline, and limit access to the file to only authorized administrators.
Add descriptive comments for each setting in the configuration file. Consider keeping a static copy of the configuration file in a source code control system.
Use access control lists to apply restrictions where appropriate.
Set time-outs for extended sessions and set privilege levels.
Use authentication, authorization, and accounting (AAA) features for local and remote access to a switch.
Use the port mirroring capability of the switch for intrusion detection system (IDS) access.
Implement port security to limit access based upon a MAC address. Disable auto-trunking on all ports for any switch connected to Oracle Database Appliance.
Limit remote configuration to specific IP addresses using SSH.
Require users to use strong passwords by setting minimum password complexity rules and password expiration policies.
Enable logging and send logs to a dedicated secure log host.
Configure logging to include accurate time information, using NTP and timestamps.
Review logs for possible incidents and archive them in accordance with the organization's security policy.
Security enhancements are introduced through new releases and patch sets. Effective proactive patch management is a critical part of system security. Oracle recommends installing the latest release of the software, and all necessary security patches on the equipment. The application of Oracle recommended and security patches is a best practice for the establishment of baseline security.
Data located outside of Oracle Database Appliance can be secured by backing up important data. The data should then be stored in an off-site, secure location. Retain the backups according to organizational policies and requirements.
When disposing of an old disk drive, physically destroy the drive or completely erase all the data on the drive. Deleting the files or reformatting the disk drive removes only the address tables on the drive. The information can still be recovered from a disk drive after deleting files or reformatting the drive. The Oracle Database Appliance disk retention support option allows the retention of all replaced disk drives and flash drives, instead of returning them to Oracle.