Netra Modular System Security Guide

Similar documents
Oracle Hardware Management Pack Security Guide

Oracle Hardware Management Pack Security Guide

Oracle Advanced Support Gateway Installation Guide

Introduction to Oracle Solaris 11.1 Virtualization Environments

Sun Network QDR InfiniBand Gateway Switch. Hardware Security Guide

SPARC and Netra SPARC T4 Series Servers. Security Guide

Sun Storage 16 Gb Fibre Channel PCIe Universal Host Bus Adapter Security Guide. For HBA Model

Oracle Dual Port QDR InfiniBand Adapter M3. Security Guide

Sun Ethernet Fabric Operating System. RMON Administration Guide

Sun Rack II Power. Product Notes

Sun ZFS Appliance Monitor. Security Guide, Version 1.0

Oracle Fabric Interconnect. Security Guide

Sun Server X3-2 (formerly Sun fire X4170 M3) Security Guide

Oracle Hardware Management Pack for Oracle Solaris 11.3 Installation Guide

Oracle Virtual Networking Host Drivers for Oracle Linux. Product Notes

Sun SNMP Management Agent Version Release Notes

Sun Integrated Lights Out Manager (ILOM) 2.0

Sun Flash Accelerator F20 PCIe Card

Sun Storage 2500-M2 Arrays. Site Preparation Guide

Oracle Solaris Studio 12.4: Code Analyzer Tutorial

Netra Server X5-2 Operating System Installation Guide

Oracle Advanced Support Gateway Program Documentation. Third Party Licenses and Notices

Oracle Virtual Networking Host Drivers for VMware ESX 6.0 Release Notes

Sun SPARC Enterprise T5120 and T5220 Servers

Sun Ethernet Fabric Operating System BFD Administration Guide

Oracle Solaris Studio 12.3 Installation Guide

Oracle Virtual Networking Host Drivers for Windows Server 2012 and 2012 R2. Release Notes

Oracle X5 Series Servers Administration Guide

Sun Netra T5220 Server

Oracle Virtual Desktop Client User Guide for Version 2.1

Oracle ILOM Protocol Management Reference for SNMP and IPMI Firmware Release 3.2.x

Oracle Enterprise Manager

Managing SMB File Sharing and Windows Interoperability in Oracle Solaris 11.2

Oracle Enterprise Manager

Introduction to Virtual Datacenter

Sun Blade 6000 Modular System. Service Manual

Configuring and Managing Printing in Oracle Solaris 11.2

Oracle Retail MICROS Stores2 Functional Document Tax Free - Manual Receipt Number Assignment Release September 2015

Oracle Fusion Middleware. 1 Oracle Identity Management Templates

Oracle Retail MICROS Stores2 Functional Document Sales - Reasons Release September 2015

Managing SMB File Sharing and Windows Interoperability in Oracle Solaris 11.3

Oracle Advanced Support Gateway Security Guide

Required Ports and Protocols. Communication Direction Protocol and Port Purpose Enterprise Controller Port 443, then Port Port 8005

Oracle Integrated Lights Out Manager (ILOM) 3.0. Maintenance and Diagnostics CLI and Web Guide

Managing Serial Networks Using UUCP and PPP in Oracle Solaris 11.2

N1 Grid Service Provisioning System 5.0 User s Guide for the Linux Plug-In

StorageTek Library Attach for Window Servers

Oracle Enterprise Manager

Pillar Axiom Path Manager 3.4. Installation Guide and Release Notes. for Windows

Oracle Enterprise Manager Ops Center. Ports and Protocols. Ports and Protocols 12c Release 3 ( )

Oracle ZFS Storage ZS3-BA. Installation and Configuration Guide

NetFlow Collection and Processing Cartridge Pack User Guide Release 6.0

SPARC T5-2 Server Installation Guide

Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 Part Number: E April 2016

Sun Management Center 3.6 Version 5 Add-On Software Release Notes

Sun Management Center Change Manager Release Notes

Managing SAN Devices and Multipathing in Oracle Solaris 11.3

Sun StorEdge A5000 Installation Guide

Managing Auditing in Oracle Solaris 11.3

Functional Enhancements

About Contract Management

Oracle Retail MICROS Stores2 Functional Document General - License Control Release September 2015

Sun TM SNMP Management Agent Release Notes, Version 1.6

Oracle Cloud E

Oracle Cloud E

Fujitsu M10/SPARC M10 Systems

Copyright

Oracle Audit Vault Administrator s Guide Oracle Audit Vault Auditor s Guide Oracle Enterprise Manager Cloud Control Administrator s Guide

Siebel Application Deployment Manager Guide. Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013

Working With Oracle Solaris 11.2 Directory and Naming Services: DNS and NIS


Managing sendmail Services in Oracle Solaris 11.2

Oracle Cloud. Creating a Business Intelligence Cloud Extract E

Oracle Retail Clearance Optimization Engine. Overview. About Patch Releases. Release Notes Release

Oracle Communications Network Charging and Control. Release: 4.4

Start Here. Installation and Documentation Reference. Sun StorEdgeTM 6120 Array

Oracle Enterprise Manager. Introduction to the Oracle Virtual Networking Plug-in. Requirements. Supported Versions

Review Employee Leave Balances

Sun Server X4-2. Installation Guide for Linux Operating Systems

New Features in Primavera Contract Management 14.1

Solaris 9 9/05 Installation Roadmap

Siebel Installation Guide for UNIX. Siebel Innovation Pack 2013 Version 8.1/8.2, Rev. A April 2014

IBM WebSphere Portal Reference Guide Release 9.2

Pre-Installation Instructions

Oracle Virtual Desktop Infrastructure. VDI Demo (Microsoft Remote Desktop Services) for Version 3.2

Oracle Cloud. What s New for Oracle Compute Cloud Service (IaaS) Topics. July What's New for Oracle Compute Cloud Service (IaaS) Release 16.

Reviewing Employee History

Sun Management Center 3.6 Version 4 Add-On Software Release Notes

Oracle VM. Paravirtual Drivers Installation Guide for Microsoft Windows for Release E May 2012

Oracle Java Micro Edition Software Development Kit

Sun StorEdge RAID Manager Release Notes

Third Party System Management Integration Solution

Oracle Cloud E

Siebel Installation Guide for Microsoft Windows. Siebel Innovation Pack 2013 Version 8.1/8.2, Rev. A April 2014

Altiris Patch Management Solution for Windows 7.6 from Symantec Third-Party Legal Notices

Sun StorEdge N8400 Filer Release Notes

Oracle Business Intelligence Publisher. 1 Oracle Business Intelligence Publisher Certification. Certification Information 10g Release 3 (

Oracle FLEXCUBE Direct Banking Release Help Desk User Manual. Part No. E

Sun SNMP Management Agent Release Notes, Version 1.5.5

Siebel Social Media Guide. Siebel Innovation Pack 2013 Version 8.1/8.2 September 2013

Transcription:

Netra Modular System Security Guide Part No: E59326-01 August 2015

Part No: E59326-01 Copyright 2015, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle. Documentation Accessibility For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc. Access to Oracle Support Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup? ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.

Référence: E59326-01 Copyright 2015, Oracle et/ou ses affiliés. Tous droits réservés. Ce logiciel et la documentation qui l accompagne sont protégés par les lois sur la propriété intellectuelle. Ils sont concédés sous licence et soumis à des restrictions d utilisation et de divulgation. Sauf stipulation expresse de votre contrat de licence ou de la loi, vous ne pouvez pas copier, reproduire, traduire, diffuser, modifier, breveter, transmettre, distribuer, exposer, exécuter, publier ou afficher le logiciel, même partiellement, sous quelque forme et par quelque procédé que ce soit. Par ailleurs, il est interdit de procéder à toute ingénierie inverse du logiciel, de le désassembler ou de le décompiler, excepté à des fins d interopérabilité avec des logiciels tiers ou tel que prescrit par la loi. Les informations fournies dans ce document sont susceptibles de modification sans préavis. Par ailleurs, Oracle Corporation ne garantit pas qu elles soient exemptes d erreurs et vous invite, le cas échéant, à lui en faire part par écrit. Si ce logiciel, ou la documentation qui l accompagne, est concédé sous licence au Gouvernement des Etats-Unis, ou à toute entité qui délivre la licence de ce logiciel ou l utilise pour le compte du Gouvernement des Etats-Unis, la notice suivante s applique: U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. Ce logiciel ou matériel a été développé pour un usage général dans le cadre d applications de gestion des informations. Ce logiciel ou matériel n est pas conçu ni n est destiné à être utilisé dans des applications à risque, notamment dans des applications pouvant causer des dommages corporels. Si vous utilisez ce logiciel ou matériel dans le cadre d applications dangereuses, il est de votre responsabilité de prendre toutes les mesures de secours, de sauvegarde, de redondance et autres mesures nécessaires à son utilisation dans des conditions optimales de sécurité. Oracle Corporation et ses affiliés déclinent toute responsabilité quant aux dommages causés par l utilisation de ce logiciel ou matériel pour ce type d applications. Oracle et Java sont des marques déposées d Oracle Corporation et/ou de ses affiliés. Tout autre nom mentionné peut correspondre à des marques appartenant à d autres propriétaires qu Oracle. Intel et Intel Xeon sont des marques ou des marques déposées d Intel Corporation. Toutes les marques SPARC sont utilisées sous licence et sont des marques ou des marques déposées de SPARC International, Inc. AMD, Opteron, le logo AMD et le logo AMD Opteron sont des marques ou des marques déposées d Advanced Micro Devices. UNIX est une marque déposée d The Open Group. Ce logiciel ou matériel et la documentation qui l accompagne peuvent fournir des informations ou des liens donnant accès à des contenus, des produits et des services émanant de tiers. Oracle Corporation et ses affiliés déclinent toute responsabilité ou garantie expresse quant aux contenus, produits ou services émanant de tiers, sauf mention contraire stipulée dans un contrat entre vous et Oracle. En aucun cas, Oracle Corporation et ses affiliés ne sauraient être tenus pour responsables des pertes subies, des coûts occasionnés ou des dommages causés par l accès à des contenus, produits ou services tiers, ou à leur utilisation, sauf mention contraire stipulée dans un contrat entre vous et Oracle. Accessibilité de la documentation Pour plus d informations sur l engagement d Oracle pour l accessibilité à la documentation, visitez le site Web Oracle Accessibility Program, à l adresse http://www.oracle.com/ pls/topic/lookup?ctx=acc&id=docacc. Accès au support électronique Les clients Oracle qui ont souscrit un contrat de support ont accès au support électronique via My Oracle Support. Pour plus d informations, visitez le site http://www.oracle.com/ pls/topic/lookup?ctx=acc&id=info ou le site http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs si vous êtes malentendant.

Contents Security Overview... 7 Basic Security Principles... 7 Advanced Security Considerations... 7 Security Features... 8 Network Traffic Isolation... 9 Oracle ILOM for Secure Management... 9 Planning a Secure Environment... 11 Default Network... 11 User Accounts... 12 Default Security Settings... 12 Securing the Hardware... 13 Access Restrictions... 13 Serial Numbers... 14 Hard Drives... 14 Securing the Software... 15 Prevent Unauthorized Access (Oracle Linux)... 15 Prevent Unauthorized Access (Oracle ILOM)... 15 Prevent Unauthorized Access (Oracle VM Server With Oracle Linux)... 15 Oracle Hardware Management Pack Security... 16 Locating Related Security Guides... 17 Security Guides... 17 5

6 Netra Modular System Security Guide August 2015

Security Overview Oracle s Netra Modular System is a preintegrated, precabled platform that can be completely virtualized to reduce costs and deployment time in your data center. The modular system includes the hardware that you specified and is assembled at the factory and shipped to you. These topics describe security concepts and features for the modular system: Basic Security Principles on page 7 Advanced Security Considerations on page 7 Security Features on page 8 Basic Security Principles Follow these basic security principles for all modular system software and hardware: Authentication Authentication is how a user is identified, typically through confidential information such as user name and password, or shared keys. Authentication ensures that users of hardware or software are who they say they are. By default, local user names and passwords are used for authentication. Shared key-based authentication is also available. Accounting and Auditing Accounting and auditing maintain a record of a user's activity on the system. The modular system software and hardware features allow administrators to monitor login activity and maintain hardware inventories: User logins are monitored through system logs. System administrator and service accounts have access to commands that used incorrectly could cause harm and data loss. Hardware assets are tracked through serial numbers. Oracle part numbers are electronically recorded on all cards, modules, and motherboards, and can be used for inventory purposes. Advanced Security Considerations In addition to the basic security principles, the modular system addresses survivability and defense in depth. The modular system delivers a well-integrated set of security capabilities to Security Overview 7

Security Features satisfy important security requirements and concerns. The following sections describe these principles: Survivability of Mission-Critical Workloads Organizations that select hardware and software platforms for mission-critical workloads can be assured that the modular system can prevent or minimize the damage caused from accidental and malicious actions taken by internal users or external parties. As part of the Oracle Maximum Availability Architecture best practices, the following practices increase survivability: Ensuring that the components used have been designed, engineered, and tested to work well together in support of secure deployment architectures. The modular system supports secure isolation, access control, quality of service, and secure management. Reducing the default attack surface of its constituent products helps minimize the overall exposure of the machine. Protecting the machine, including its operational and management interfaces, using a complement of open and vetted protocols, and APIs capable of supporting traditional security goals of strong authentication, access control, confidentiality, integrity, and availability. Verifying that software and hardware contain features that keep the service available even when failures occur. These capabilities help in cases where attackers attempt to disable one or more individual components in the system. Defense in Depth to Secure the Operating Environment The modular system employs multiple, independent, and mutually-reinforcing security controls to help create a secure operating environment for workloads and data. The modular system supports the principle of defense in depth as follows: Offering a strong complement of protections to secure information in transit, in use, and at rest. Security controls are available at the server and network layers. Each layer's unique security controls can be integrated with the others to enable the creation of strong, layered security architectures. Supporting the use of well-defined and open standards, protocols, and interfaces. The modular system can be integrated into existing security policies, architectures, practices, and standards. Security Features The modular system hardware and software are hardened. Oracle also provides recommended secure configurations for services such as NTP and SSH. In addition, the modular system's architecture provides security capabilities to the core components. These security capabilities are most often applied by organizations that are deploying a layered security strategy. The capabilities are grouped into the following categories: Network Traffic Isolation on page 9 Oracle ILOM for Secure Management on page 9 8 Netra Modular System Security Guide August 2015

Security Features Network Traffic Isolation If you want to consolidate IT infrastructure, implement shared service architectures, and deliver secure multitenant services, consider isolating the network traffic. The modular system provides the flexibility to implement the isolation policies and strategies based on needs. At the physical network level, client access is isolated from device management and interdevice communication. Client and management network traffic are isolated on separate networks. Client access is provided over a redundant 10 Gbps Ethernet network that ensures reliable, high-speed access to services running on the system. Management access is provided over a physically separate 1 Gbps Ethernet network. This provides a separation between operational and management networks. Organizations can choose to further segregate network traffic over the client access Ethernet network by configuring virtual LANs (VLANs). VLANs segregate network traffic based on their requirements. Oracle recommends the use of encrypted protocols over VLANs to assure the confidentiality and integrity of communications. Oracle ILOM for Secure Management Collections of security controls and capabilities are necessary to properly secure individual applications and services. It is equally important to have comprehensive management capabilities to sustain the security of the deployed services and systems. The modular system uses the security management capabilities of Oracle ILOM. Oracle ILOM is an SP embedded in the modular system's compute nodes. Oracle ILOM is used to perform out-of-band management activities, such as the following: Provide secure access to perform secure lights-out management of the database and storage servers. Access includes web-based access protected by SSL, command-line access using Secure Shell, and IPMI v2.0 and SNMPv3 protocols. Separate duty requirements using a role-based access control model. Individual users are assigned to specific roles that limit the functions that can be performed. Provide an audit record of all logins and configuration changes. Each audit log entry lists the user performing the action, and a timestamp. The audit record enables organizations to detect unauthorized activity or changes, and attribute those actions back to specific users. For more information about Oracle ILOM security, refer to the Oracle ILOM Security Guide at http://www.oracle.com/goto/ilom/docs. Security Overview 9

10 Netra Modular System Security Guide August 2015

Planning a Secure Environment Put security guidelines in place before the arrival of the Netra Modular System. After the system in installed, periodically review and adjust security guidelines to stay current with the security requirements of your organization. These topics provide security guidelines for the installation of the Netra Modular System: Default Network on page 11 User Accounts on page 12 Default Security Settings on page 12 Contact your IT Security Officer for additional security requirements that pertain to your system and specific environment. Default Network The following figure and descriptions explain the default network for the Netra Modular System. The System/Telemetry Network (light green network) includes the management node's LoM port on VLAN 4090 through the FMM switch. The Telemetry ILOM Network on an internal VLAN 4094 with FMM includes compute nodes Oracle ILOM, and network nodes Oracle ILOM through the FMM switch. The patch panel extends the Telemetry Network to racks 1-7. A multi-rack configuration supports the same subnets and VLAN with a different rack ID The VLAN(1) provides other services to the Telemetry Network through proper authentication. The Data Networks (A &B) provide in-band access to the FSA node. The HA application can manage the racks through the modular system's exposed interfaces (JMX, C- API, and so on). Planning a Secure Environment 11

User Accounts User Accounts This table lists the default users and passwords for the modular system components. Change all default passwords after you install the Netra Modular System. Component Ethernet switches Management and compute nodes User Name and Password root/changeme Note - Secure the enable mode password and secret values for the admin user. root/changeme Default Security Settings The modular system is installed with many default security settings. Whenever possible and practical, configure secure default settings. Refer to the default settings in your version of Oracle ILOM at http://www.oracle.com/goto/ilom/docs. 12 Netra Modular System Security Guide August 2015

Securing the Hardware Physical isolation and access control are the foundation on which you build the security architecture. Ensuring that the physical system is installed in a secure environment protects the system against unauthorized access. Likewise, recording all serial numbers helps prevent the use of unauthorized hardware components. These sections provide general hardware security guidelines for the modular system. Access Restrictions on page 13 Serial Numbers on page 14 Hard Drives on page 14 Access Restrictions Install systems and related equipment in a locked, restricted-access room. If equipment is installed in a rack with a locking door, always lock the rack door until you have to service the components within the rack. Locking the doors also restricts access to hot-plug or hot-swap devices. Store all spare replacement parts in a locked cabinet. Restrict access to the locked cabinet to authorized personnel. Periodically, verify the status and integrity of the locks on the rack and the spares cabinet to guard against, or detect, tampering or doors being accidentally left unlocked. Store cabinet keys in a secure location with limited access. Restrict access to USB consoles. Devices such as system controllers, PDUs, and network switches can have USB connections. Physical access is a more secure method of accessing a component since it is not susceptible to network-based attacks. Connect the console to an external KVM to enable remote console access. KVM devices often support two-factor authentication, centralized access control, and auditing. For more information about the security guidelines and best practices for KVMs, refer to the documentation that came with the KVM device. Securing the Hardware 13

Serial Numbers Serial Numbers Prevent the use of unauthorized hardware components by carefully recording all serial numbers as components are received and taken into inventory. Before any component is installed or used, confirm its authenticity by comparing its serial number against what was recorded when the component was received. Follow these practices to secure hardware: Keep a record of the serial numbers of all your hardware. Security-mark all significant items of computer hardware, such as replacement parts. Use special ultraviolet pens or embossed labels. Keep hardware activation keys and licenses in a secure location that is easily accessible to the system manager in system emergencies. The printed documents might be your only proof of ownership. Wireless radio frequency identification (RFID) readers can further simplify asset tracking. Refer to the Oracle white paper, How to Track Your Oracle Sun System Assets by Using RFID, at http://www.oracle.com/technetwork/articles/systems-hardware-architecture/o11-001-rfid-oracle-214567.pdf. Hard Drives Hard drives are often used to store sensitive information. To protect this information from unauthorized disclosure, sanitize hard drives prior to reusing, decommissioning, or disposing of them. Refer to your data protection policies to determine the most appropriate method to sanitize hard drives. If required, take advantage of Oracle's Customer Data and Device Retention Service. http://www.oracle.com/us/support/library/data-retention-ds-405152.pdf 14 Netra Modular System Security Guide August 2015

Securing the Software Most hardware security is implemented through software measures. These sections provide general software security guidelines for the Netra Modular System. Prevent Unauthorized Access (Oracle Linux) on page 15 Prevent Unauthorized Access (Oracle ILOM) on page 15 Prevent Unauthorized Access (Oracle VM Server With Oracle Linux) on page 15 Oracle Hardware Management Pack Security on page 16 Prevent Unauthorized Access (Oracle Linux) Use Oracle Linux OS commands to restrict access to the software, harden the OS, use security features, and protect applications. Refer to the Oracle Linux Security Guide for Release 6 at http://docs.oracle.com/cd/ E37670_01/E36387/html/index.html. Prevent Unauthorized Access (Oracle ILOM) Use Oracle ILOM commands to restrict access to the Oracle ILOM firmware, change the factory-set password, limit the use of the root superuser account, and secure the private network to the SP. Refer to your version of the Oracle ILOM Security Guide at http://www.oracle.com/goto/ ILOM/docs. Prevent Unauthorized Access (Oracle VM Server With Oracle Linux) Use Oracle Linux commands to restrict access to the Oracle VM Server software, use security features, and protect applications. Refer to the Oracle VM Security Guide for Release 3.3 at http://docs.oracle.com/cd/ E50245_01/E50254/html/index.html. Securing the Software 15

Oracle Hardware Management Pack Security Oracle Hardware Management Pack Security Oracle Hardware Management Pack features two components: an SNMP monitoring agent and a family of cross-operating system command-line interface tools (CLI Tools) for managing your system. Hardware Management Agent SNMP Plugins SNMP is a standard protocol that monitors or manages a system. With the Hardware Management Agent SNMP Plugins, you can use SNMP to monitor Oracle systems in your data center with the advantage of not having to connect to two management points: the host and Oracle ILOM. This functionality enables you to use a single IP address (the host s IP address) to monitor multiple systems. The SNMP Plugins run on the host OS of Oracle systems. The SNMP Plugin extends the native SNMP agent in the host OS to provide additional Oracle MIB capabilities. Oracle Hardware Management Pack itself does not contain an SNMP agent. For Oracle Linux, a module is added to the net-snmp agent. For Microsoft Windows, the plugin extends the native SNMP service. Any security settings related to SNMP for the Oracle Hardware Management Pack are determined by the settings of the native SNMP agent or service, and not by the plugin. Note that SNMPv1 and SNMPv2c provide no encryption and use community strings as a form of authentication. SNMPv3 is more secure and is the recommended version to use because it employs encryption to provide a secure channel, as well as individual user names and passwords. Oracle Hardware Management Pack documentation For security guidelines that are specific to Oracle Hardware Management Pack, refer to the Oracle Hardware Management Pack (HMP) Security Guide at http://www.oracle.com/goto/ohmp/docs. 16 Netra Modular System Security Guide August 2015

Locating Related Security Guides Security Guides These guides describe policies and procedures to keep related products secure: Oracle Server X5-2 Security Guide Oracle Switch ES2-72 and Oracle Switch ES2-64 Security Guide Oracle Linux Security Guide for Release 6 at http://docs.oracle.com/cd/e37670_01/ E36387/html/index.html Oracle ILOM Security Guide at http://www.oracle.com/goto/ilom/docs Oracle VM Security Guide for Release 3.3 at http://docs.oracle.com/cd/e50245_01/ E50254/html/index.html Oracle Hardware Management Pack (HMP) Security Guide at http://www.oracle.com/ goto/ohmp/docs Locating Related Security Guides 17

18 Netra Modular System Security Guide August 2015

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information