1 Overview of Oracle Database Appliance Security

Oracle Database Appliance provides a complete package of integrated security capabilities to complement its integrated hardware and software system design.

In addition to basic security principles, Oracle Database Appliance addresses survivability, defense in depth, least privilege, and accountability. Oracle Database Appliance delivers a well-integrated set of security capabilities that help organizations address their most-pressing security requirements and concerns.

Topics:

• Basic Security Principles
  Oracle Database Appliance is configured with common basic security principles for software and hardware.
• Survivability of Mission-Critical Workloads
  Oracle Database Appliance follows Oracle Maximum Availability Architecture best practices, which can prevent or minimize the damage caused from accidental and malicious actions taken by internal users or external parties.
• Defense in Depth to Secure the Operating Environment
  Oracle Database Appliance employs multiple, independent, and mutually-reinforcing security controls to help organizations create a secure operating environment for their workloads and data.
• Least Privilege for Services and Users
  The Least-Privilege principle includes more than ensuring that applications, services and users have access to the capabilities that they need to perform their tasks. It is equally important to limit access to unnecessary capabilities, services, and interfaces.
• Accountability of Events and Actions
  When an incident occurs, a system must be able to detect and report the incident. Similarly, when an event cannot be prevented, it is imperative that an organization be able to detect that the event occurred so that proper responses can be taken.

Basic Security Principles

Oracle Database Appliance is configured with common basic security principles for software and hardware.

Basic security includes the following methods:

• Authentication.

  Authentication is the means by which a user is identified. All components in Oracle Database Appliance use authentication to ensure that users are who they say they are. By default, Oracle Database Appliance authenticates users with local user names and passwords. You can also authenticate users with a Shared Key Authentication (SKA) method.

• Authorization.

  Authorization enables administrators to control what tasks or privileges a user may perform or use. You can authorize personnel to access only the tasks and privileges that have been given to them. Oracle Database Appliance system administrators can configure resources with read/write/execute permissions. Use these permissions to control user access to commands, disk space, devices, and applications. In addition, system administrators can give SUDO privileges to non-root users. SUDO privileges allow users without root privileges to run OAKCLI commands.

• Accounting and Auditing.

  Accounting and auditing enables you to maintain a record of users’ activity on the system. Oracle Database Appliance software and hardware features enable administrators to monitor login activity, and to maintain hardware inventories. Accounting and auditing are implemented with the following methods:

  • Hardware assets are tracked through serial numbers. Oracle part numbers are electronically recorded on all cards, modules, and motherboards. You can use these serial numbers to maintain inventory records.

  • User logins are monitored through system logs. System administrators and service accounts have access to commands that, if used incorrectly, could cause harm and data loss. Use system logs to monitor access and commands.

Survivability of Mission-Critical Workloads

Oracle Database Appliance follows Oracle Maximum Availability Architecture best practices, which can prevent or minimize the damage caused from accidental and malicious actions taken by internal users or external parties.

Oracle Maximum Availability Architecture best practices help to provide organizations with hardware and software platforms for mission-critical workloads. These best practices increase survivability by using the following methods:

• Ensuring that the components used in Oracle Database Appliance are designed, engineered, and tested to work well together in support of secure deployment architectures.

  Oracle Database Appliance supports secure isolation, access control, cryptographic services, monitoring and auditing, quality of service, and secure management.

• Reducing the default attack surface of its constituent products to help minimize the overall exposure of the machine.

  You can customize Oracle Database Appliance security settings, based on your organization's policies and needs.

• Protecting the machine, including its operational and management interfaces.

  Oracle Database Appliance is protected using a complement of open and vetted protocols, and APIs capable of supporting traditional security goals of strong authentication, access control, confidentiality, integrity, and availability.

• Verifying that software and hardware contain features that keep the service available, even when failures occur.

  These hardware and software redundancy capabilities help in cases where attackers attempt to disable one or more individual components in the system.

Defense in Depth to Secure the Operating Environment

Oracle Database Appliance employs multiple, independent, and mutually-reinforcing security controls to help organizations create a secure operating environment for their workloads and data.

Oracle Database Appliance supports the principle of defense in depth by using the following methods:

• Offers a strong complement of protections, which secures information in transit, in use, and at rest. Security controls are available at the server, storage, network, database, and application layers. You can integrate each layer's unique security controls with the others to enable the creation of strong, layered security architectures.

• Supports the use of well-defined and open standards, protocols, and interfaces. You can integrate Oracle Database Appliance into your organization's existing security policies, architectures, practices and standards. Integration is critical, because applications and devices do not exist in isolation. IT security architectures is only as strong as its weakest component.

• Conducts multiple security scans using industry-leading security analyzers, which implements all high-priority security items before each new Oracle Database Appliance software version release.

Least Privilege for Services and Users

The Least-Privilege principle includes more than ensuring that applications, services and users have access to the capabilities that they need to perform their tasks. It is equally important to limit access to unnecessary capabilities, services, and interfaces.

Oracle Database Appliance promotes the principle of least-privilege by using the following methods:

• Granting access to individual servers, storage, operating system, databases, and other components based on the role of each user and administrator. Using role-based and multi-factor access control models with fine-grained privileges enables you to limit access only to the privileges needed to perform assigned roles.

• Restricting application access to information, underlying resources, network communications, and local or remote service access only to what is needed for the application.

Whether caused by accident or by malicious attack, applications can misbehave. Enforcing Least Privilege practices helps to prevent applications from causing harm beyond their intended use.

Accountability of Events and Actions

When an incident occurs, a system must be able to detect and report the incident. Similarly, when an event cannot be prevented, it is imperative that an organization be able to detect that the event occurred so that proper responses can be taken.

Oracle Database Appliance uses the following methods to supports the principle of accountability:

• Ensuring each of the components used in Oracle Database Appliance supports activity auditing and monitoring, including the ability to record login and logout events, administrative actions, and other events specific to each component.

• Leveraging features in Oracle Database to support fine-grained, auditing configurations. These configurations enables organizations to tune audit configurations in response to their standards and goals. Administrators can ensure that critical information is captured, while minimizing the amount of unnecessary audit events.