11 Keeping the Recovery Appliance Secure
This chapter describes policies and procedures to keep Recovery Appliance secure.
Securing the Hardware
After installation of Oracle Exadata Database Machine, the hardware should be secured.
Hardware can be secured by restricting access to the hardware and recording the serial numbers. Oracle recommends the following practices to restrict access:
-
Install Oracle Exadata Database Machine and related equipment in a locked, restricted-access room.
-
Lock the rack door unless service is required on components within the rack.
-
Restrict access to hot-pluggable or hot-swappable devices because the components can be easily removed by design. See
-
Store spare field-replaceable units (FRUs) or customer-replaceable units (CRUs) in a locked cabinet. Restrict access to the locked cabinet to authorized personnel.
-
Mark all significant items of computer hardware, such as FRUs.
-
Keep hardware activation keys and licenses in a secure location that is easily accessible to the system managers in the case of a system emergency.
-
Record the serial numbers of the components in Oracle Exadata Database Machine, and keep a record in a secure place. All components in Oracle Exadata Database Machine have a serial number.
Related Topics
- How To Obtain The Serial Number Associated With The System Board, Motherboard, Disk Controller, Disks, Infiniband HCA And More Contained In A Cell Or Compute Box (Exadata-Sun V2 or X2 / 11.2)? (My Oracle Support Doc ID 949614.1)
- How to Determine the Serial Number of a Datacenter InfiniBand Switch 36 or QDR InfiniBand Gateway InfiniBand Switch (My Oracle Support Doc ID 1299791.1)
Getting the Rack Serial Number
Use the ipmitool utility to get the serial number for the rack.
When interacting with Oracle Support Services, the CSI number for a rack is based on the rack serial number.
Getting the Serial Numbers for Rack Components
The CheckHWnFWProfile command can be used to display the serial number of most of the system components.
Getting the Rack Serial Number for a Cisco 9336C or 9348 Switch
Use the show license host-id
command on the switch to get the serial number.
Securing the Software
Frequently, hardware security is implemented through software measures.
Implement the following guidelines to protect hardware and software:
-
Change all default passwords when the system is installed at the site. Recovery Appliance uses default passwords for initial installation and deployment that are widely known. A default password could allow unauthorized access to the equipment. Devices such as the network switches have multiple user accounts. Be sure to change all account passwords on the components in the rack.
-
Limit use of the
root
super user account. Usenon-root
access when possible. Create and use Integrated Lights Out Manager (ILOM) user accounts for individual users to ensure a positive identification in audit trails, and less maintenance when administrators leave the team or company. -
Restrict physical access to USB ports, network ports, and system consoles. Servers and network switches have ports and console connections, which provide direct access to the system.
-
Restrict the capability to restart the system over the network.
-
Create named
admin_user
s to manage the hosts. -
Disable direct root and oracle access.
-
Create named
db_user
s for administration and monitoring. -
Disable remote
sys
access. -
Disable remote
rasys
access.
Maintaining a Secure Environment
After security measures are implemented, they must be maintained to keep the system secure.
Software, hardware and user access need to be updated and reviewed periodically. For example, organizations should review the users and administrators with access to Recovery Appliance to verify if the levels of access and privilege are appropriate. Without review, the level of access granted to individuals may increase unintentionally due to role changes or changes to default settings. It is recommended that access rights for operational and administrative tasks be reviewed to ensure that each user's level of access is aligned to their roles and responsibilities.
Refer to User Accounts in the Recovery Appliance Environment.
Organizations are encouraged to utilize tools to detect unauthorized changes, configuration drift, and prepare for security updates. Oracle Enterprise Manager provides an integrated solution for managing operational issues for hardware, deployed applications, and services.
Maintaining Network Security
After the networks are configured based on the security guidelines, regular review and maintenance is needed.
The management network switch configuration file should be managed offline, and access to the configuration file should be limited to authorized administrators. The configuration file should contain descriptive comments for each setting. Consider keeping a static copy of the configuration file in a source code control system. Periodic reviews of the client access network are required to ensure that secure host and Integrated Lights Out Manager (ILOM) settings remain intact and in effect. In addition, periodic reviews of the settings ensure that they remain intact and in effect.
Follow these guidelines to ensure the security of local and remote access to the system:
-
Set time-outs for extended sessions and set privilege levels.
-
Use authentication, authorization, and accounting (AAA) features for local and remote access to a switch.
-
Use the port mirroring capability of the switch for intrusion detection system (IDS) access.
-
Implement port security to limit access based upon a MAC address.
-
Require users to use strong passwords by setting minimum password complexity rules and password expiration policies.
-
Enable logging and send logs to a dedicated secure log host.
-
Configure logging to include accurate time information, using NTP and timestamps.
-
Review logs for possible incidents and archive them in accordance with the organization's security policy.
Standard 140 of FIPS (Federal Information Processing Standards) relates to security and cryptography. FIPS 140 is a collection of standards published by NIST (National Institute of Standards and Technology), an agency of the United States federal government. FIPS 140 protects data during transit as well as at rest. It specifies security standards for cryptographic components within a computing environment. FIPS 140 is useful for organizations that need to document that their computing environment meets a published level of security. Many government agencies and financial institutions use FIPS 140 qualified systems.
Configuring FIPS 140 at the Oracle Database level enables the use of FIPS 140 cryptographic modules in the Secure Sockets Layer (SSL), transparent data encryption (TDE), DBMS_CRYPTO PL/SQL package, and Exadata Smart Scan. This protects data while processing Smart Scan offload operations.