2.11 Understanding the Default Security Settings

Oracle Exadata System Software is installed with many default security settings.

Whenever possible and practical, secure default settings should be chosen and configured. The following default settings are used in Oracle Exadata Database Machine:

• A minimal software installation to reduce attack surface.

• Oracle Database secure settings developed and implemented using Oracle best practices.

• A password policy that enforces a minimum password complexity.

• Failed log in attempts cause a lockout after a set number of failed attempts.

• All default system accounts in the operating system are locked and prohibited from logging in.

• Limited ability to use the su command.

• Password-protected boot loader installation.

• All unnecessary system services are disabled, including the Internet service daemon (inetd/xinetd).

• Software firewall configured on the storage cells.

• Restrictive file permissions on key security-related configuration files and executable files.

• SSH listen ports restricted to management and private networks.

• SSH limited to v2 protocol.

• Disabled insecure SSH authentication mechanisms.

• Configured specific cryptographic ciphers.

• Unnecessary protocols and modules are disabled from the operating system kernel.