1 Overview of Oracle Exadata Database Machine Security

Oracle Exadata Database Machine is an engineered system that combines the optimized database performance of Oracle Database integrated with Oracle Exadata Storage Servers.

These core components are connected over a redundant RDMA Network Fabric that enables low latency, and high throughput network communication. The redundant 10 Gbps Ethernet network (10/25 Gbps on X7 and X8 systems) is used for client access to services running on Oracle Exadata Database Machine. The 1 Gbps Ethernet network is used to manage the Oracle Exadata Database Machine components.

Within this framework, there are basic security principles that should be adhered to for all software and hardware. The following are the principles:

  • Authentication: Authentication is how a user is identified, typically through confidential information such as user name and password, or shared keys. All components in use authentication to ensure that users are who they say they are. By default, local user names and passwords are used for authentication. Shared key-based authentication is also available.
  • Authorization: Authorization allows administrators to control what tasks or privileges a user may perform or use. Personnel can only access the tasks and privileges that have been given to them. Oracle Exadata Database Machine system administrators can configure resources with read/write/execute permissions to control user access to commands, disk space, devices, and applications.
  • Accounting and Auditing: Accounting and auditing maintain a record of a user's activity on the system. Oracle Exadata Database Machine software and hardware features allow administrators to monitor login activity, and maintain hardware inventories.
    • User logons are monitored through system logs. System administrators and service accounts have access to commands that used incorrectly could cause harm and data loss. Access and commands should be carefully monitored through system logs.
    • Hardware assets are tracked through serial numbers. Oracle part numbers are electronically recorded on all cards, modules, and mother boards, and can be used for inventory purposes.

In addition to the basic security principles, Oracle Exadata Database Machine addresses survivability, defense in depth, least privilege, and accountability. Oracle Exadata Database Machine delivers a well-integrated set of security capabilities that help organizations address their most-pressing security requirements and concerns.

1.1 Survivability of Mission-Critical Workloads

Oracle Exadata Database Machine can prevent or minimize the damage caused from accidental and malicious actions taken by internal users or external parties.

As part of the Oracle Maximum Availability Architecture best practices, survivability is increased by the following:

  • Ensuring that the components used have been designed, engineered, and tested to work well together in support of secure deployment architectures. Oracle Exadata Database Machine supports secure isolation, access control, cryptographic services, monitoring and auditing, quality of service, and secure management.

  • Reducing the default attack surface of its constituent products to help minimize the overall exposure of the machine. Organizations can customize the security settings of Oracle Exadata Database Machine based upon the organization's policies and needs.

  • Protecting the machine, including its operational and management interfaces, using a complement of open and vetted protocols, and APIs capable of supporting traditional security goals of strong authentication, access control, confidentiality, integrity, and availability.

  • Verifying that software and hardware contain features that keep the service available even when failures occur. These capabilities help in cases where attackers attempt to disable one or more individual components in the system.

1.2 Defense in Depth to Secure the Operating Environment

Oracle Exadata Database Machine employs multiple, independent, and mutually-reinforcing security controls to help organizations create a secure operating environment for their workloads and data.

Oracle Exadata Database Machine supports the principle of defense in depth as follows:

  • Offering a strong complement of protections to secure information in transit, in use, and at rest. Security controls are available at the server, storage, network, database, and application layers. Each layer's unique security controls can be integrated with the others to enable the creation of strong, layered security architectures.

  • Supporting the use of well-defined and open standards, protocols, and interfaces. Oracle Exadata Database Machine can be integrated into an organization's existing security policies, architectures, practices and standards. Integration is critical as applications and devices do not exist in isolation. The security of IT architectures is only as strong as its weakest component.

  • Conducting multiple security scans using industry-leading security analyzers to implement all high-priority security items prior to the release of each new Oracle Exadata System Software release.

1.3 Least Privilege for Services and Users

Oracle Exadata Database Machine promotes the principle of least-privilege.

Ensuring that applications, services and users have access to the capabilities that they need to perform their tasks is only one side of the least-privilege principle. It is equally important to ensure that access to unnecessary capabilities, services, and interfaces are limited. Oracle Exadata Database Machine promotes the principle of least-privilege as follows:

  • Ensuring that access to individual servers, storage, operating system, databases, and other components can be granted based upon the role of each user and administrator. The use of role-based and multi-factor access control models with fine-grained privileges ensures that access can be limited to only what is needed.

  • Constraining applications so that their access to information, underlying resources, network communications, and local or remote service access is restricted based upon need.

Whether caused by an accident or malicious attack, applications can misbehave, and without enforcement of least privilege, those applications may be able to cause harm beyond their intended use.

1.4 Accountability of Events and Actions

When an incident occurs, a system must be able to detect and report the incident.

Similarly, when an event cannot be prevented, it is imperative that an organization be able to detect that the event occurred so that proper responses can be taken. Oracle Exadata Database Machine supports the principle of accountability as follows:

  • Ensuring each of the components used in Oracle Exadata Database Machine supports activity auditing and monitoring, including the ability to record login and logout events, administrative actions, and other events specific to each component.

  • Leveraging features in Oracle Database to support fine-grained, auditing configurations. This allows organizations to tune audit configurations in response to their standards and goals. Administrators can ensure that critical information is captured, while minimizing the amount of unnecessary audit events.

1.5 Understanding Operating System Security of Oracle Exadata Storage Servers

The security of the operating system on Oracle Exadata Storage Servers consists of the following:

  • Enforcing security policies

  • Protecting network access paths to the cells

  • Monitoring operating system-level activities

Oracle Exadata System Software includes security features to ensure the operating system and network access to the Oracle Exadata Storage Servers are secure.