4 Appendix A: Secure Operating Environment Checklist

The following security checklist provides guidelines that can help secure your operating environment. It is applicable to both your Oracle Hospitality Nor1 Cloud Services solution and on-premise Property Management Systems (PMS):

• Install and/or configure only what is required.

• Lock and expire default user accounts.

• Enforce password management.

• Enable data dictionary protection.

• Practice the principle of least privilege.

  • Grant necessary privileges only.

  • Revoke unnecessary privileges from the public user group.

  • Restrict permissions on run-time facilities.

• Enforce access controls effectively and authenticate clients stringently.

• Restrict network access.

• Apply all security patches and workarounds.

  • Use a firewall.

  • Never penetrate through a firewall.

  • Protect the Oracle listener.

  • Monitor listener activity.

  • Monitor who accesses your systems.

  • Check network IP addresses.

  • Use Allow List for IP addresses.

  • Encrypt network traffic.

  • Harden the operating system.