1. Owner's Guide
  2. Security and Maintenance of Recovery Appliance
  3. Keeping the Recovery Appliance Secure
  4. Maintaining a Secure Environment

Maintaining a Secure Environment

After security measures are implemented, they must be maintained to keep the system secure.

Software, hardware and user access need to be updated and reviewed periodically. For example, organizations should review the users and administrators with access to Recovery Appliance to verify if the levels of access and privilege are appropriate. Without review, the level of access granted to individuals may increase unintentionally due to role changes or changes to default settings. It is recommended that access rights for operational and administrative tasks be reviewed to ensure that each user's level of access is aligned to their roles and responsibilities.

Refer to User Accounts in the Recovery Appliance Environment.

Organizations are encouraged to utilize tools to detect unauthorized changes, configuration drift, and prepare for security updates. Oracle Enterprise Manager provides an integrated solution for managing operational issues for hardware, deployed applications, and services.

Maintaining Network Security

Follow these guidelines to ensure the security of local and remote access to the system:

  • Network switch configuration files should be managed offline, and access to the configuration file should be limited to authorized administrators. The configuration file should contain descriptive comments for each setting. Consider keeping a static copy of the configuration file in a source code control system.

    For more information on network switch configuration, refer to the vendor documentation for the network switch.

  • Review the client access network to ensure that secure host and Integrated Lights Out Manager (ILOM) settings are in effect. Review the settings periodically to ensure that they remain intact.

  • Use only signed certificates from the Certification Authority.

  • Set time-outs for extended sessions and set privilege levels.

  • Use authentication, authorization, and accounting (AAA) features for local and remote access to a network switch.

  • Use the port mirroring/switch port analyzer (SPAN) capability of the switch for intrusion detection system (IDS) access.

  • Implement port security to limit access based upon a MAC address (MAC ACL).

  • Require users to use strong passwords by setting minimum password complexity rules and password expiration policies.

  • Enable logging and send logs to a dedicated secure log host.

  • Configure logging to include accurate time information, using NTP and timestamps.

  • Review logs for possible incidents and archive them in accordance with the organization's security policy.