Use the policies and procedures described in this chapter to keep Oracle Database Appliance secure.
Topics:
Oracle recommends that you implement the security policies described here to restrict access to the hardware.
After installation of Oracle Database Appliance, secure the hardware.
Hardware Security Methods and Procedures
Install Oracle Database Appliance and related equipment in a locked, restricted-access room.
Restrict access to hot-pluggable or hot-swappable devices because the components can be easily removed by design.
Limit SSH listener ports to the management and private networks.
Use SSH protocol 2 (SSH-2) and ciphers that are approved in Federal Information Processing Standard Publication 140-2 (FIPS 140-2).
Limit allowed SSH authentication mechanisms. By default, inherently insecure SSH authentication methods are disabled.
Mark all significant items of computer hardware, such as FRUs.
Record the serial numbers of the components in Oracle Database Appliance, and keep a record in a secure place. All components in Oracle Database Appliance have a serial number.
Oracle recommends that you implement software policies to secure the software.
Review and implement security features and policies for your appliance software.
Oracle Database Appliance Operating System and Server Security Policies
Change all default passwords when the system is installed at the site.
Oracle Database Appliance uses default passwords for initial installation and deployment that are widely known. A default password that is still in effect could allow unauthorized access to the equipment. Devices such as the network switches have multiple user accounts. Be sure to change all account passwords on the components in the rack.
Create and use Oracle Integrated Lights Out Manager (ILOM) user accounts for individual users
Using ILOM user accounts ensures a positive identification in audit trails, and results in less maintenance when administrators leave the team or company.
Restrict physical access to USB ports, network ports, and system consoles.
Servers and network switches have ports and console connections, which provide direct access to the system.
Restrict the capability to restart the system over the network.
Enable available database security features, as described in Oracle Database Security Guide.
Oracle Database Security Features
Oracle Database Appliance can leverage all the security features available with Oracle Databases installed on legacy platforms. Oracle Database security products and features include the following:
Oracle Advanced Security
Oracle Audit Vault
Data Masking
Oracle Database Firewall
Oracle Database Vault
Oracle Label Security
Oracle Secure Backup
Oracle Total Recall
Using the Oracle privileged user and multi-factor access control, data classification, transparent data encryption, auditing, monitoring, and data masking, customers can deploy reliable data security solutions that do not require any changes to existing applications.
After you implement security policies and methods on your appliance, review these topics to understand how to maintain a secure environment.
Topics:
Oracle recommends that you review and update your operational and administrative access policies regularly to maintain a secure environment.
After you implement security policies and features for your system, Oracle recommends that your organization establishes a security review policy. As part of your security policy, periodically update and review your software, hardware, and user access.
For example, check all users and administrators granted access to Oracle Database Appliance, and to its deployed services. Verify if the levels of access and privilege that you have granted to users and administrators remains appropriate.
Without regular security reviews, the level of access granted to individuals could increase unintentionally, due to role changes, or due to changes to default settings. Oracle recommends that you review access rights for operational and administrative tasks regularly. Regular reviews can help to ensure that user level of access remains aligned to the roles and responsibilities for each user.
After the networks are configured based on the security guidelines, carry out regular review and maintenance to ensure that secure host and ILOM settings remain intact and in effect.
Follow these guidelines to ensure the security of local and remote access to the system:
Manage the management network switch configuration file offline, and limit access to the file to only authorized administrators.
Add descriptive comments for each setting in the configuration file. Consider keeping a static copy of the configuration file in a source code control system.
Use access control lists to apply restrictions where appropriate.
Set time-outs for extended sessions and set privilege levels.
Use authentication, authorization, and accounting (AAA) features for local and remote access to a switch.
Use the port mirroring capability of the switch for intrusion detection system (IDS) access.
Implement port security to limit access based upon a MAC address. Disable auto-trunking on all ports for any switch connected to Oracle Database Appliance.
Limit remote configuration to specific IP addresses using SSH.
Require users to use strong passwords by setting minimum password complexity rules and password expiration policies.
Enable logging and send logs to a dedicated secure log host.
Configure logging to include accurate time information, using NTP and timestamps.
Review logs for possible incidents and archive them in accordance with the organization's security policy.
Oracle regularly introduces security enhancements in new releases and patch sets.
Effective proactive patch management is a critical part of system security. Oracle recommends that you install the latest release of the software, and install all necessary security patches on the equipment.
To establish baseline security, Oracle recommends that you apply only Oracle-recommended software and security patches
Follow security practices when you back up your data to external storage.
You can back up your data to external storage. Oracle recommends that you store backups in an off-site, secure location. Retain the backups according to your organizational policies and requirements.
When you dispose of old disk drives, physically destroy the drive, or completely erase all the data on the drive. Deleting the files or reformatting the disk drive removes only the address tables on the drive. The information can still be recovered from a disk drive after deleting files or reformatting the drive. If you want to retain replaced disk drives and flash drives, instead of returning them to Oracle, then you can use the Oracle Database Appliance disk retention support option.