11 Keeping the Recovery Appliance Secure

This chapter describes policies and procedures to keep Recovery Appliance secure.

Securing the Hardware

After installation of Oracle Exadata Database Machine, the hardware should be secured.

Hardware can be secured by restricting access to the hardware and recording the serial numbers. Oracle recommends the following practices to restrict access:

• Install Oracle Exadata Database Machine and related equipment in a locked, restricted-access room.

• Lock the rack door unless service is required on components within the rack.

• Restrict access to hot-pluggable or hot-swappable devices because the components can be easily removed by design. See

• Store spare field-replaceable units (FRUs) or customer-replaceable units (CRUs) in a locked cabinet. Restrict access to the locked cabinet to authorized personnel.

• Mark all significant items of computer hardware, such as FRUs.

• Keep hardware activation keys and licenses in a secure location that is easily accessible to the system managers in the case of a system emergency.

• Record the serial numbers of the components in Oracle Exadata Database Machine, and keep a record in a secure place. All components in Oracle Exadata Database Machine have a serial number.

Getting the Rack Serial Number

Use the ipmitool utility to get the serial number for the rack.

When interacting with Oracle Support Services, the CSI number for a rack is based on the rack serial number.

1. Log in to one of the servers in the rack as the root user.
2. Use ipmitool to get the serial number for the rack.

   # ipmitool sunoem cli "show /SP system_identifier"
   Connected. Use ^D to exit.
   -> show /SP system_identifier
   
    /SP
       Properties:
           system_identifier = Exadata Database Machine X2-8xxxxAKyyyy
   
   
   -> Session closed
   Disconnected

Getting the Serial Numbers for Rack Components

The CheckHWnFWProfile command can be used to display the serial number of most of the system components.

1. Log in to one of the servers in the rack as the root user.
2. On each server in the rack, use CheckHWnFWProfile with the -S option to display the serial number of the components for that server.

   # /opt/oracle.SupportTools/CheckHWnFWProfile -S > /tmp/CheckHWnFWProfile_hostname.txt

   The result is specific to each server, so the command must be performed on every node. The following is a partial example of the output:

   Server_Model=ORACLE_SERVER_X8-2L
   ====START SERIAL NUMBERS====
   ==Motherboard, from dmidecode==
   --System serial--
   1904XCA000
   --Motherboard serial--
   469996N+0000RD01RN
   --Chassis serial--
   1900XCA000
   --Rack serial--
   AK00400000
   ==Infiniband HCA==
   ID:      CX354A - ConnectX-3 QSFP
   PN:      7046442
   EC:      XX
   SN:      465000K-1800000000
   V0:      PCIe Gen3 x8
   ==Motherboard, RAM etc from ipmitool==
   FRU Device Description : Builtin FRU Device (LUN 0 ID 0)
   ...
    Product Name          : ILOM
    Product Version       : 4.0.4.38.a
   
   FRU Device Description : BMC
   ...
    Product Name          : ILOM
     Product Version       : 4.0.4.38.a
   
   FRU Device Description : /SYS (LUN 0 ID 3)
   ...
    Product Part Number   : 8200669
    Product Serial        : 1900XCA000
   
   FRU Device Description : DBP (LUN 0 ID 210)
    
    Board Part Number     : 7341141
    Board Extra           : Rev 09
   
   FRU Device Description : HDD0 (LUN 0 ID 47)
    Device not present (Requested sensor, data, or record not found)
   
   FRU Device Description : HDD1 (LUN 0 ID 48)
    Device not present (Requested sensor, data, or record not found)
   
   ...
   
   FRU Device Description : MB (LUN 0 ID 4)
    Board Mfg Date        : Sun Jan 20 16:57:00 2019
    Board Mfg             : Oracle Corporation
   ...
   
   FRU Device Description : MB/BIOS (LUN 0 ID 5)
   ...
   
   FRU Device Description : MB/CPLD (LUN 0 ID 8)
    Product Manufacturer  : Oracle Corporation
    Product Name          : Power Control FPGA
    Product Version       : FW:3.9
   
   FRU Device Description : M2R0/SSD0 (LUN 0 ID 211)
    Device not present (Requested sensor, data, or record not found)
   
   FRU Device Description : M2R1/SSD0 (LUN 0 ID 212)
    Device not present (Requested sensor, data, or record not found)
   
   FRU Device Description : MB/NET0 (LUN 0 ID 43)
    Product Manufacturer  : INTEL
    Product Name          : 1G Ethernet Controller
   ...
   
   FRU Device Description : MB/P0 (LUN 0 ID 16)
    Product Manufacturer  : Intel
    Product Name          : Intel(R) Xeon(R) Gold 5218 CPU @ 2.30GHz
   ...
   
   FRU Device Description : MB/P0/D0 (LUN 0 ID 24)
    Product Manufacturer  : Samsung
    Product Name          : 16384MB DDR4 SDRAM DIMM
   ...
   
   FRU Device Description : MB/P0/D1 (LUN 0 ID 25)
    Device not present (Requested sensor, data, or record not found)
   
   FRU Device Description : MB/P0/D2 (LUN 0 ID 26)
    Product Manufacturer  : Samsung
    Product Name          : 16384MB DDR4 SDRAM DIMM
   ...
   
   
   FRU Device Description : MB/P1 (LUN 0 ID 17)
    Product Manufacturer  : Intel
    Product Name          : Intel(R) Xeon(R) Gold 5218 CPU @ 2.30GHz
   ...
   
   FRU Device Description : MB/P1/D0 (LUN 0 ID 36)
    Product Manufacturer  : Samsung
    Product Name          : 16384MB DDR4 SDRAM DIMM
   ...
   FRU Device Description : PS0 (LUN 0 ID 63)
   ...
   FRU Device Description : PS1 (LUN 0 ID 64)
   ...
   FRU Device Description : SP/NET0 (LUN 0 ID 1)
   ...
   FRU Device Description : SP/NET1 (LUN 0 ID 2)
   ...
   FRU Device Description : /UUID (LUN 0 ID 6)
   ...
   FRU Device Description : TOP_LEVEL_CH (LUN 0 ID 251)
    Chassis Type          : Rack Mount Chassis
    Chassis Part Number   : 8200669
    Chassis Serial        : 1900XCA0000
    Chassis Extra         : chassis_name:ORACLE SERVER X8-2L
   
   FRU Device Description : TOP_LEVEL_PROD (LUN 0 ID 250)
    Product Manufacturer  : Oracle Corporation
    Product Name          : Exadata X8-2
    Product Part Number   : Exadata X8-2
    Product Serial        : AK00430000
   
   ====END SERIAL NUMBERS====
   

Getting the Rack Serial Number for a Cisco 9336C or 9348 Switch

Use the show license host-id command on the switch to get the serial number.

1. Connect to the switch from a server with SSH equivalency configured, or log in as the admin user.
2. Obtain the serial number for the switch by entering the show license host-id command.

   The host ID is also referred to as the device serial number.

   # switch# show license host-id
   License hostid: VDH=FLA12345678

   Use the entire ID that appears after the equal sign (=). In this example, the host ID is FLA12345678.

Getting the Rack Serial Number for a Sun Datacenter InfiniBand Switch 36

Use the showfruinfo command on the switch to get the serial number.

1. Log in to the switch as root.

   $ ssh root@switch_name

2. Use the showfruinfo command to view the serial number for the switch.

   root@ib-switch-> showfruinfo 
   Sun_Man1R:
   UNIX_Timestamp32 : Fri Mar 19 16:29:59 2010
   Sun_Fru_Description : ASSY,NM2-GW
   Vendor_ID_Code : 11 E1
   Vendor_ID_Code_Source : 01
   Vendor_Name_And_Site_Location : 4577 CELESTICA CORP. SAN JOSE CA US
   Sun_Part_Number : 5111402
   Sun_Serial_Number : 0110SJC-1010NG0040
   Serial_Number_Format : 4V3F1-2Y2W2X4S
   Initial_HW_Dash_Level : 03
   Initial_HW_Rev_Level : 50
   Sun_Fru_Shortname : NM2 gateway
   Sun_Hazard_Class_Code : Y
   Sun_SpecPartNo : 885-1655-01 
   Sun_FRU_LabelR:
   Sun_Serial_Number : AK000XXXX2
   FRU_Part_Dash_Number : 541-4188-01

Getting the Serial Number for a Cisco 4948 Ethernet Switch

Use the sh inventory command on the switch to get the serial number.

1. Log in to the Cisco Ethernet switch.
2. Obtain the serial number for the switch and its components by entering the sh inventory command.

   # Switch# sh inventory
   NAME: "Switch System", DESCR: "Cisco Systems, Inc. WS-C4948 1 slot switch "
   PID:                   , VID:      , SN: FOX0000G0B6
   NAME:  "Linecard(slot 1)", DESCR: "10/100/1000BaseT (RJ45), 1000BaseX (SFP) 
    Supervisor with 48 10/100/1000BASE-T ports and 4 1000BASE-"
   PID: WS-C4948          , VID: V09  , SN: FOX0000G0B6
   NAME: "Power Supply 1", DESCR: "Power Supply ( AC 300W )"
   PID: PWR-C49-300AC     , VID:      , SN: QCS0000B1XR
   NAME: "Power Supply 2", DESCR: "Power Supply ( AC 300W )"
   PID: PWR-C49-300AC     , VID:      , SN: QCS0000B1X5

Securing the Software

Frequently, hardware security is implemented through software measures.

Implement the following guidelines to protect hardware and software:

• Change all default passwords when the system is installed at the site. Recovery Appliance uses default passwords for initial installation and deployment that are widely known. A default password could allow unauthorized access to the equipment. Devices such as the network switches have multiple user accounts. Be sure to change all account passwords on the components in the rack.

• Limit use of the root super user account. Use non-root access when possible. Create and use Integrated Lights Out Manager (ILOM) user accounts for individual users to ensure a positive identification in audit trails, and less maintenance when administrators leave the team or company.

• Restrict physical access to USB ports, network ports, and system consoles. Servers and network switches have ports and console connections, which provide direct access to the system.

• Restrict the capability to restart the system over the network.

• Create named admin_users to manage the hosts.

• Disable direct root and oracle access.

• Create named db_users for administration and monitoring.

• Disable remote sys access.

• Disable remote rasys access.

Maintaining a Secure Environment

After security measures are implemented, they must be maintained to keep the system secure.

Software, hardware and user access need to be updated and reviewed periodically. For example, organizations should review the users and administrators with access to Recovery Appliance to verify if the levels of access and privilege are appropriate. Without review, the level of access granted to individuals may increase unintentionally due to role changes or changes to default settings. It is recommended that access rights for operational and administrative tasks be reviewed to ensure that each user's level of access is aligned to their roles and responsibilities.

Refer to User Accounts in the Recovery Appliance Environment.

Organizations are encouraged to utilize tools to detect unauthorized changes, configuration drift, and prepare for security updates. Oracle Enterprise Manager provides an integrated solution for managing operational issues for hardware, deployed applications, and services.

Maintaining Network Security

After the networks are configured based on the security guidelines, regular review and maintenance is needed.

The management network switch configuration file should be managed offline, and access to the configuration file should be limited to authorized administrators. The configuration file should contain descriptive comments for each setting. Consider keeping a static copy of the configuration file in a source code control system. Periodic reviews of the client access network are required to ensure that secure host and Integrated Lights Out Manager (ILOM) settings remain intact and in effect. In addition, periodic reviews of the settings ensure that they remain intact and in effect.

Follow these guidelines to ensure the security of local and remote access to the system:

• Set time-outs for extended sessions and set privilege levels.

• Use authentication, authorization, and accounting (AAA) features for local and remote access to a switch.

• Use the port mirroring capability of the switch for intrusion detection system (IDS) access.

• Implement port security to limit access based upon a MAC address.

• Require users to use strong passwords by setting minimum password complexity rules and password expiration policies.

• Enable logging and send logs to a dedicated secure log host.

• Configure logging to include accurate time information, using NTP and timestamps.

• Review logs for possible incidents and archive them in accordance with the organization's security policy.

Standard 140 of FIPS (Federal Information Processing Standards) relates to security and cryptography. FIPS 140 is a collection of standards published by NIST (National Institute of Standards and Technology), an agency of the United States federal government. FIPS 140 protects data during transit as well as at rest. It specifies security standards for cryptographic components within a computing environment. FIPS 140 is useful for organizations that need to document that their computing environment meets a published level of security. Many government agencies and financial institutions use FIPS 140 qualified systems.

Configuring FIPS 140 at the Oracle Database level enables the use of FIPS 140 cryptographic modules in the Secure Sockets Layer (SSL), transparent data encryption (TDE), DBMS_CRYPTO PL/SQL package, and Exadata Smart Scan. This protects data while processing Smart Scan offload operations.