1. Security Guide
  2. General security principles

1 General security principles

General security principles include the basic rules to secure data such as keeping software up-to-date, installing critical security patches, and enforcing the use of strong passwords.

  • Keep software up to date
    To ensure you use a secure system, follow basic security guidelines. For example, you should install the latest version of your software and apply all patches.
  • Keep up to date with critical patches
    Oracle continually improves its software and documentation. Critical Patch Updates are the primary means of releasing security fixes for Oracle products to customers with valid support contracts. They are released on the Tuesday closest to the 17th day of January, April, July and October. We highly recommend customers apply these patches as soon as they are released.
  • Configure strong passwords on the database
    Although the importance of passwords is well known, the following basic rule of security management is worth repeating: Ensure all passwords are strong passwords.
  • Follow the principle of least privilege
    The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. Overly ambitious granting of responsibilities, roles, grants — especially early on in an organization's life cycle when people are few and work needs to be done quickly — often leaves a system wide open for abuse. User privileges should be reviewed periodically to determine relevance to current job responsibilities.
  • Manage default user accounts
    Lock and expire default user accounts.
  • Close all open ports not in use
    Keep only the minimum number of ports open. You should close all ports not in use.
  • Disable the Telnet service
    Oracle Healthcare Master Person Index does not use the Telnet service. By default, Telnet listens on port 23. If the Telnet service is available on any computer, Oracle recommends that you disable Telnet in favor of Secure Shell (SSH).
  • Disable other unused services
    In addition to not using Telnet, OHMPI does not use Simple Mail Transfer Protocol (SMTP), Identification Protocol (identd), Simple Network Management Protocol (SNMP).
  • Design for multiple layers of protection
    When designing a secure deployment, design multiple layers of protection. If a hacker should gain access to one layer, such as the application server, that should not automatically give them easy access to other layers, such as the database server.
  • Enable SSL
    Due to the complexity in setting up SSL it is not enabled by default during installation. Communications between the browser and the application servers should be restricted to SSL.