1. Security Guide for Oracle Exadata
  2. Keeping the Oracle Exadata Secure
  3. Securing the Software

4.2 Securing the Software

Frequently, hardware security is implemented through software measures.

Implement the following guidelines to protect hardware and software:

  • Change all default passwords when the system is installed at the site. Oracle Exadata Database Machine uses default passwords for initial installation and deployment that are widely known. A default password could allow unauthorized access to the equipment. Devices such as the network switches have multiple user accounts. Be sure to change all account passwords on the components in the rack.

  • Limit use of the root super user account. Create and use Integrated Lights Out Manager (ILOM) user accounts for individual users to ensure a positive identification in audit trails, and less maintenance when administrators leave the team or company.

  • Ensure Oracle Exadata Database Machine is deployed with separate software owner accounts for Oracle Grid Infrastructure and Oracle Database software installations.

    Note:

    Separate software owner accounts for Oracle Grid Infrastructure and Oracle Database software installations are required for enabling DB-scoped security.

  • Disable unnecessary protocols and modules in the operating system.

  • Restrict physical access to USB ports, network ports, and system consoles. Servers and network switches have ports and console connections, which provide direct access to the system.

  • Restrict the capability to restart the system over the network.

  • Refer to the documentation to enable available security features.

Oracle Exadata Database Machine can leverage all the security features available with Oracle Database releases installed on legacy platforms. Oracle Database security products and features include the following:

  • Oracle Advanced Security

  • Oracle Audit Vault

  • Data Masking

  • Oracle Database Firewall

  • Oracle Database Vault

  • Oracle Label Security

  • Oracle Secure Backup

  • Oracle Total Recall

Using the Oracle privileged user and multi-factor access control, data classification, transparent data encryption, auditing, monitoring, and data masking, customers can deploy reliable data security solutions that do not require any changes to existing applications.

Related Topics

Parent topic: Keeping the Oracle Exadata Secure