Basic Security Principles

There are four basic security principles: access, authentication, authorization, and accounting.

• Access

  Use physical and software controls to protect your hardware or data from intrusion.

  • For hardware, access limits usually mean physical access limits.

  • For software, access limits usually mean both physical and virtual means.

  • Firmware cannot be changed except through the Oracle update process.

• Authentication

  Authentication provides a means to identify a person or entity. Set up all authentication features such as a password system in your platform operating systems to verify that users are who they say they are.

  Authentication provides varying degrees of security through measures such as badges and passwords. For example, ensure that personnel use employee badges properly to enter a computer room.

• Authorization

  Authorization defines what an authenticated user or entity can do. Use authorization to ensure company personnel can only work with hardware and software that they are trained and qualified to use.

  For example, set up a system of read/write/execute permissions to control user access to commands, disk space, devices, and applications.

• Accounting

  Customer IT personnel can use Oracle software and hardware features to monitor login activity and maintain hardware inventories.

  • Use system logs to monitor user logins. In particular, track system administrator and service accounts through system logs because these accounts can access powerful commands.

  • Periodically retire or archive log files when they exceed a reasonable size, in accordance with the customer company policy. Log files can become very large over time, so it is essential to maintain them.

  • Use component serial numbers to track system assets for inventory purposes. Oracle part numbers are electronically recorded on all cards, modules, and motherboards.