Exadata Database Machine is an engineered system that combines the optimized database performance of Oracle Database integrated with Oracle Exadata Storage Servers.
- Data Network - used for communications between database and storage servers in one or many physical racks.
- Client Network - used for communication from the client applications to services running on Exadata Database Machine.
- Management Network - used for managing the hardware of the Exadata Database Machine components including database and storage servers, PDUs, and switches.
Within this framework, there are basic security principles that should be adhered to for all software and hardware. The following are the principles:
- Authentication: Authentication is how a user is identified, typically through confidential information such as user name and password, or shared keys. All components use authentication to ensure that users are who they say they are. By default, local user names and passwords are used for authentication. Shared key-based authentication is also available.
- Authorization: Authorization allows administrators to control what tasks or privileges a user may perform or use. Personnel can only access the tasks and privileges that have been given to them. Exadata Database Machine system administrators can configure resources with read/write/execute permissions to control user access to commands, disk space, devices, and applications.
- Accounting and Auditing: Accounting and auditing maintain a record of a user's activity on the system. Exadata Database Machine software and hardware features allow administrators to monitor login activity, and maintain hardware inventories.
- User logons are monitored through system logs. System administrators and service accounts have access to commands that used incorrectly could cause harm and data loss. Access and commands should be carefully monitored through system logs.
- Hardware assets are tracked through serial numbers. Oracle part numbers are electronically recorded on all cards, modules, and mother boards, and can be used for inventory purposes.
In addition to the basic security principles, Exadata Database Machine addresses survivability, defense in depth, least privilege, and accountability. Exadata Database Machine delivers a well-integrated set of security capabilities that help organizations address their most-pressing security requirements and concerns.
- Management Network requires a boundary level security, where only trusted administrators can access this network
- Data Network requires securing data flow using encryption when multiple tenants or secure information is sent across this network
- As the "front end" to the database, the Client Network requires the strongest security requirements, restricting access to this network connection ensures outside threats can be mitigated.
1.1 Survivability of Mission-Critical Workloads
Oracle Exadata Database Machine can prevent or minimize the damage caused from accidental and malicious actions taken by internal users or external parties.
As part of the Oracle Maximum Availability Architecture best practices, survivability is increased by the following:
Ensuring that the components used have been designed, engineered, and tested to work well together in support of secure deployment architectures. Oracle Exadata Database Machine supports secure isolation, access control, cryptographic services, monitoring and auditing, quality of service, and secure management.
Reducing the default attack surface of its constituent products to help minimize the overall exposure of the machine. Organizations can customize the security settings of Oracle Exadata Database Machine based upon the organization's policies and needs.
Protecting the machine, including its operational and management interfaces, using a complement of open and vetted protocols, and APIs capable of supporting traditional security goals of strong authentication, access control, confidentiality, integrity, and availability.
Verifying that software and hardware contain features that keep the service available even when failures occur. These capabilities help in cases where attackers attempt to disable one or more individual components in the system.
1.2 Defense in Depth to Secure the Operating Environment
Oracle Exadata Database Machine employs multiple, independent, and mutually-reinforcing security controls to help organizations create a secure operating environment for their workloads and data.
Oracle Exadata Database Machine supports the principle of defense in depth as follows:
Offering a strong complement of protections to secure information in transit, in use, and at rest. Security controls are available at the server, storage, network, database, and application layers. Each layer's unique security controls can be integrated with the others to enable the creation of strong, layered security architectures.
Supporting the use of well-defined and open standards, protocols, and interfaces. Oracle Exadata Database Machine can be integrated into an organization's existing security policies, architectures, practices and standards. Integration is critical as applications and devices do not exist in isolation. The security of IT architectures is only as strong as its weakest component.
Conducting multiple security scans using industry-leading security analyzers to implement all high-priority security items prior to the release of each new Oracle Exadata System Software release.
1.3 Least Privilege for Services and Users
Oracle Exadata Database Machine promotes the principle of least-privilege.
Ensuring that applications, services and users have access to the capabilities that they need to perform their tasks is only one side of the least-privilege principle. It is equally important to ensure that access to unnecessary capabilities, services, and interfaces are limited. Oracle Exadata Database Machine promotes the principle of least-privilege as follows:
Ensuring that access to individual servers, storage, operating system, databases, and other components can be granted based upon the role of each user and administrator. The use of role-based and multi-factor access control models with fine-grained privileges ensures that access can be limited to only what is needed.
Constraining applications so that their access to information, underlying resources, network communications, and local or remote service access is restricted based upon need.
Whether caused by an accident or malicious attack, applications can misbehave, and without enforcement of least privilege, those applications may be able to cause harm beyond their intended use.
1.4 Accountability of Events and Actions
When an incident occurs, a system must be able to detect and report the incident.
Similarly, when an event cannot be prevented, it is imperative that an organization be able to detect that the event occurred so that proper responses can be taken. Oracle Exadata Database Machine supports the principle of accountability as follows:
Ensuring each of the components used in Oracle Exadata Database Machine supports activity auditing and monitoring, including the ability to record login and logout events, administrative actions, and other events specific to each component.
Leveraging features in Oracle Database to support fine-grained, auditing configurations. This allows organizations to tune audit configurations in response to their standards and goals. Administrators can ensure that critical information is captured, while minimizing the amount of unnecessary audit events.
1.5 Understanding Operating System Security of Oracle Exadata Storage Servers
The security of the operating system on Oracle Exadata Storage Servers consists of the following:
Enforcing security policies
Protecting network access paths to the cells
Monitoring operating system-level activities
Oracle Exadata System Software includes security features to ensure the operating system and network access to the Oracle Exadata Storage Servers are secure.