1. Enhancing System Security
  2. Planning for a Secure Oracle Linux Environment

2 Planning for a Secure Oracle Linux Environment

This section describes how to plan a secure Oracle Linux environment based on specific security requirements.

To better understand those security requirements, consider the following questions:

Which resources must be protected?

Many resources in the production environment can be protected, such as information in databases accessed by WebLogic Server and the availability, performance, applications, and the integrity of a website. You can evaluate the resources that require protection to decide the level of security to provide for each of them.

From whom must those resources be protected?

For most websites and online services, resources must be protected from everyone on the Internet. You might also consider restricting employee access on a company intranet to only the resources to which they need access, and only granting access for highly confidential data or strategic resources to a few trusted system administrators. In some scenarios it might be better for system administrators to not have direct access to data and resources until they switch to a user account with fewer privileges.

What could happen if the protections on strategic resources fail?

A minor fault in a security scheme could be easily detected and considered nothing more than an inconvenience. In severe cases, a fault might cause significant damage to companies or individual clients that use the website. Understanding the security ramifications of each resource can help you to ensure that they're robustly protected.

Recommended Deployment Configurations

This section describes recommended architectures for deploying Oracle products with secure Internet access.

Figure 2-1 shows a simple deployment architecture.

Figure 2-1 Simple Firewall Deployment Configuration


The diagram shows a single system that is isolated from the Internet by a single firewall. An arrow shows the direction of connection from the external browser through the firewall to the target system.

This single-computer deployment can be cost effective for small organizations. However, it can't provide high availability because all components are stored on the same computer.

Figure 2-2 shows a good practice configuration based on an Internet-Firewall-DMZ-Firewall-Intranet architecture.

Figure 2-2 DMZ Deployment Configuration


In this diagram, the connection direction from the external browser to the target systems is the same. However, the connection passes through a demilitarized zone (DMZ) that is isolated by firewalls from both the Internet and the intranet, and which acts a buffer between them.

A "demilitarized zone" (DMZ) refers to a server that's isolated by firewalls from both the Internet and the intranet, and which acts a buffer between them. The firewalls that separate DMZ zones provide two essential functions:

  • Blocking any traffic types that aren't allowed.

  • Providing intrusion containment if any successful intrusions take over processes or processors.

Component Security

Each application software component often has its own security considerations that you can evaluate independently of those that apply to the OS. See the security guidelines for each component to decide how best to configure it to fit the security requirements for each environment.