background image

Basic Security

This document provides general security guidelines to help you protect your Oracle server,

server network interfaces, and connected network switches.

Contact your IT Security Officer for additional security requirements that pertain to your system

and specific environment.

There are basic security principles that you should adhere to when using all hardware and

software. This section covers the four basic security principles:

“Access” on page 7

“Authentication” on page 8

“Authorization” on page 8

“Accounting and Auditing” on page 8

Access

Access refers to physical access to hardware, or physical or virtual access to software.

Use physical and software controls to protect your hardware and data from intrusion.

Change all default passwords when installing a new system. Most types of equipment use

default passwords, such as 

changeme

, that are widely known and could allow unauthorized

access to hardware or software.

Refer to the documentation that came with your software to enable any security features

available for the software.

Install servers and related equipment in a locked, restricted access room.

If equipment is installed in a rack with a locking door, keep the door locked except when

you have to service components in the rack.

Restrict access to USB ports and consoles. Devices such as system controllers, power

distribution units (PDUs), and network switches have USB connections, which can

provide direct access to the system. Physical access is a more secure method of accessing

components since it is not susceptible to network-based attacks.

Restrict the capability to restart the system over the network.

Basic Security

7

Summary of Contents for netra X5-2

Page 1: ...Oracle Server X5 2 Security Guide Part No E48323 03 May 2015 ...

Page 2: ......

Page 3: ...rmation management applications It is not developed or intended for use in any inherently dangerous applications including applications that may create a risk of personal injury If you use this software or hardware in dangerous applications then you shall be responsible to take all appropriate fail safe backup redundancy and other measures to ensure its safe use Oracle Corporation and its affiliat...

Page 4: ...n des informations Ce logiciel ou matériel n est pas conçu ni n est destiné à être utilisé dans des applications à risque notamment dans des applications pouvant causer un risque de dommages corporels Si vous utilisez ce logiciel ou ce matériel dans le cadre d applications dangereuses il est de votre responsabilité de prendre toutes les mesures de secours de sauvegarde de redondance et autres mesu...

Page 5: ... Security 12 Oracle Hardware Management Pack Security 14 Planning a Secure Environment 15 Password Protection 15 Operating System Security Guidelines 16 Network Switches and Ports 16 VLAN Security 17 InfiniBand Security 17 Maintaining a Secure Environment 19 Power Control 19 Asset Tracking 19 Updates for Software and Firmware 20 Network Security 20 Data Protection and Security 21 Log Maintenance 2...

Page 6: ...6 Oracle Server X5 2 Security Guide May 2015 ...

Page 7: ...n Change all default passwords when installing a new system Most types of equipment use default passwords such as changeme that are widely known and could allow unauthorized access to hardware or software Refer to the documentation that came with your software to enable any security features available for the software Install servers and related equipment in a locked restricted access room If equi...

Page 8: ...lege levels for users Authorization Authorization allows administrators to control what tasks or privileges a user may perform or use Personnel can only perform the tasks and use the privileges that have been assigned to them Authorization refers to restrictions placed on personnel to work with hardware and software Allow personnel to work only with hardware and software that they are trained and ...

Page 9: ...orded on cards modules and motherboards and can be used for inventory purposes To detect and track components provide a security mark on all significant items of computer hardware such as FRUs and CRUs Use special ultraviolet pens or embossed labels Keep hardware activation keys and licenses in a secure location that is easily accessible to the system administrator especially during system emergen...

Page 10: ...10 Oracle Server X5 2 Security Guide May 2015 ...

Page 11: ... com goto x86AdminDiag docs The following information describes security issues related to Oracle System Assistant Oracle System Assistant contains a bootable root environment Oracle System Assistant is an application that runs on a preinstalled internal USB flash drive Oracle System Assistant is built on top of a bootable Linux root environment Oracle System Assistant also provides the ability to...

Page 12: ... the host operating system However if the security implications described above are unacceptable or if the tool is not needed Oracle System Assistant can be disabled After disabling Oracle System Assistant the USB storage device is no longer accessible to the host operating system and users will be unable to boot into Oracle System Assistant You can disable Oracle System Assistant from either the ...

Page 13: ...s To protect your system from unwanted network intrusions do not establish a serial connection serial port to Oracle ILOM through any type of network redirection device such as a terminal server unless the server has sufficient access controls In addition certain Oracle ILOM functions such as password reset and the Preboot menu are only made available using the physical serial port Connecting the ...

Page 14: ...s Oracle Hardware Management Pack itself does not contain an SNMP agent For Linux a module is added to the net snmp agent For Oracle Solaris a module is added to the Oracle Solaris Management Agent For Microsoft Windows the Plugin extends the native SNMP service Any security settings related to SNMP for the Oracle Hardware Management Pack are determined by the settings of the native SNMP agent or ...

Page 15: ...quirements that pertain to your system and specific environment Password Protection Passwords are an important aspect of security since poorly chosen passwords could result in unauthorized access to company resources Implementing password management best practices ensures that users adhere to a set of guidelines for creating and protecting their passwords Typical components of a password policy sh...

Page 16: ...ng system To find the Security Guide document for an Oracle operating system go to the Oracle operating system documentation library Operating System Link Oracle Solaris OS http www oracle com technetwork documentation solaris 11 192991 html Oracle Linux OS http www oracle com technetwork documentation ol 1 1861776 html Oracle VM http www oracle com technetwork documentation vm 096300 html For inf...

Page 17: ...disables a specified MAC address from connecting to a switch MAC Learning uses the knowledge about each switch port s direct connections so that the network switch can set security based on current connections VLAN Security If you set up a virtual local area network VLAN remember that VLANs share bandwidth on a network and require additional security measures Separate sensitive clusters of systems...

Page 18: ...and Security Note that partitioning does not protect an InfiniBand fabric Partitioning only offers InfiniBand traffic isolation between virtual machines on a host 18 Oracle Server X5 2 Security Guide May 2015 ...

Page 19: ...ments that pertain to your system and specific environment Power Control You can use software to turn on and off power to some Oracle systems The power distribution units PDUs for some system cabinets can be enabled and disabled remotely Authorization for these commands is typically set up during system configuration and is usually limited to system administrators and service personnel Refer to yo...

Page 20: ... and might require patches and firmware updates You can find software updates and security patches on the My Oracle Support web site at http support oracle com Network Security After the networks are configured based on security principles regular review and maintenance are needed Follow these guidelines to secure local and remote access to your systems Limit remote configuration to specific IP ad...

Page 21: ...d remote access to a switch Use these services in very secure environments as they are secured by certificates and other forms of strong encryption to protect the channel Active Directory LDAP SSL Lightweight Directory Access Protocol Secure Socket Layer Use these services on private secure networks where there are no suspected malicious users RADIUS Remote Authentication Dial In User Service TACA...

Page 22: ...s of such sensitivity that the only proper sanitation method is physical destruction of the hard drive by means of pulverization or incineration Organizations are strongly encouraged to refer to their data protection policies to determine the most appropriate method to sanitize hard drives Caution Disk wiping software might not be able to delete some data on modern hard drives especially solid sta...

Reviews: