1. Security Guide
  2. General Security Principles When Using the SL150

1 General Security Principles When Using the SL150

These principles are fundamental to using the SL150 securely.

Keep Software Up To Date

One of the principles of good security practice is to keep all software versions and patches up to date. The SL150 Firmware versions released since June 2012 are as follows:

  • June 2012 v1.00 (RTA 0.1.0.0.0)
  • September 2012 v1.03 (RTA 0.1.0.3.0)
  • October 2012 v1.50 (RTA 0.1.5.0.0)
  • January 2013 v1.82 (RTA 0.1.8.2.0)
  • August 2013 v2.0 (RTA 0.2.0.0.0)
  • October 2013 v2.01(RTA 0.2.0.1.0)
  • April 2014 v2.25 (RTA 0.2.2.5.0)
  • June 2015 v2.50 (RTA 0.2.5.0.0)

  • March 2016 v2.60 (RA 0.2.6.0.0)

    With the v2.60 release, the Java and Weblogic components were updated to versions JDK1.6_105 and WLS 10.3.6 PSU 12 to reduce the security vulnerabilities.

  • June 2017 v3.00 (RA 0.3.0.0.0)
  • November 2018 v3.20 (RA 0.3.2.0.0)

  • July 2018 v3.50 (RA 0.3.5.0.0)

    With the v3.50 release, the Java and Weblogic components were updated to versions JDK 1.6_181 and WLS 10.3.6 PSU 12 to reduce security vulnerabilities. Weblogic now internally uses TLS 1.2.

  • December 2018 v3.52 (RA 0.3.5.2.0)

Limit the browser settings used to access the remote user interface to remain at TLS 1.0 or higher to mitigate CVE-2014-3566 for firmware levels below version 2.50. The library firmware will not auto-negotiate down to SSLv3 in version 2.50.

Restrict Network Access

Keep the library behind a data center firewall. The firewall provides assurance that access to these systems is restricted to a known network route, which can be monitored and restricted, if necessary. As an alternative, a firewall router substitutes for multiple, independent firewalls. Identifying the hosts allowed to attach to the library and blocking all other hosts is recommended where possible.

Keep Up to Date on Latest Security Information

Oracle continually improves its software and documentation. Check this document every release for revisions.

Understand Your Environment

You should ask the following questions to better understand your security needs:

  • Which resources need to be protected?

    Many resources in the production environment can be protected. Consider the resources needing protection when deciding the level of security that you must provide

  • From whom are the resources being protected?

    The library must be protected from everyone on the Internet and unauthorized intranet users.

  • What will happen if the protections on strategic resources fail?

    In some cases, a fault in a security scheme is easily detected and considered nothing more than an inconvenience. In other cases, a fault might cause great damage to companies or individual clients that use the library. Understanding the security ramifications of each resource will help protect it properly.

Related Topics