StorageTek Linear Tape File System, Library Edition

Similar documents
Oracle Communications Configuration Management

Oracle Hospitality OPERA Exchange Interface Cloud Authentication. October 2017

Database Change Reference Release 6.3

Security Guide Release 4.0

Oracle Hospitality Cruise Meal Count System Security Guide Release 8.3 E

PeopleSoft Fluid Required Fields Standards

What s New for Cloud at Customer What's New for the Cloud Services on Oracle Cloud at Customer New Documentation for Oracle Cloud at Customer

Oracle Hospitality Suite8 Export to Outlook User Manual Release 8.9. July 2015

Oracle Hospitality Cruise Fine Dining System Security Guide Release E

OKM Key Management Appliance

Microsoft Active Directory Plug-in User s Guide Release

PeopleSoft Fluid Icon Standards

Oracle Hospitality Cruise AffairWhere Security Guide Release E April 2017

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Installing and Updating Local Software Packages 12c Release

Oracle Utilities Opower Custom URL Configuration

Oracle Hospitality RES 3700 Server Setup Guide Release 5.5 E May 2016

Oracle Enterprise Manager Ops Center

Oracle Cloud What's New for Oracle WebCenter Portal Cloud Service

Report Management and Editor!

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Hardware and Software Configuration

Materials Control. Account Classes. Product Version Account Classes. Document Title: Joerg Trommeschlaeger

JavaFX. JavaFX System Requirements Release E

Oracle Hospitality ecommerce Integration Cloud Service Security Guide Release 4.2 E

General Security Principles

Recipe Calculation Survey. Materials Control. Copyright by: MICROS-FIDELIO GmbH Europadamm 2-6 D Neuss Date: August 21 st 2007.

Oracle. Field Service Cloud Using the Parts Catalog

Oracle Hospitality MICROS Commerce Platform Release Notes Release Part Number: E December 2015

Oracle SL500/SL3000/SL8500 Security Guide E

Managing Zone Configuration

Oracle Hospitality Query and Analysis Languages and Translation Configuration Guide. March 2016

Microsoft Internet Information Services (IIS) Plug-in User s Guide Release

Oracle Fusion Middleware

Oracle Hospitality BellaVita Hardware Requirements. June 2016

Oracle Retail MICROS Stores2 Functional Document Sales - Receipt List Screen Release September 2015

Defining Constants and Variables for Oracle Java CAPS Environments

What s New for Oracle Cloud Stack Manager. Topics: July Oracle Cloud. What's New for Oracle Cloud Stack Release

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Creating vservers 12c Release 1 ( )

Taleo Enterprise Deep Linking Configuration Guide Release 17

Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 E June 2016

Oracle Linux. UEFI Secure Boot Signing Key Update Notice

Oracle Hospitality ecommerce Integration Cloud Service Security Guide Release 18.1 E

Oracle Fusion Middleware Creating Domain Templates Using the Domain Template Builder. 12c ( )

Oracle Enterprise Manager Ops Center E Introduction

Oracle Payment Interface Installation and Reference Guide Release E April 2018

Introduction to Auto Service Request

Oracle Banking Channels Bank User Base

Copyright 1998, 2009, Oracle and/or its affiliates. All rights reserved.

Documentation Accessibility. Access to Oracle Support

Oracle Hospitality Cruise Shipboard Property Management System Topaz Signature Device Installation Guide Release 8.00 E

Release for Microsoft Windows

Oracle Hospitality Materials Control. Server Sizing Guide

Oracle Enterprise Manager Ops Center. Introduction. Creating Oracle Solaris 11 Zones 12c Release 2 ( )

Oracle Retail MICROS Stores2 Functional Document Stores2 for Portugal Disaster Recovery Release

Oracle Enterprise Manager Ops Center. Introduction. Provisioning Oracle Solaris 10 Operating Systems 12c Release 2 ( )

Oracle Communications Policy Management Configuring NetBackup for Upgrade Method of Procedure

MySQL Port Reference

Oracle Identity Manager Connector Guide for Dropbox. Release

Microsoft.NET Framework Plug-in User s Guide Release

Oracle Enterprise Manager Ops Center. Overview. What You Need. Create Oracle Solaris 10 Zones 12c Release 3 ( )

Oracle Simphony Venue Management (SimVen) Installation Guide Release Part Number: E

Oracle MICROS Simphony Server Setup Guide Server Version 1. April 2015

Export generates an empty file

Oracle Argus Safety. 1 Configuration. 1.1 Configuring a Reporting Destination for the emdr Profile. emdr Best Practices Document Release 8.0.

Oracle Database Mobile Server

JD Edwards EnterpriseOne Licensing

1 Understanding the Cross Reference Facility

Oracle. Field Service Cloud Using Android and ios Mobile Applications 18B

Oracle Enterprise Manager

Oracle Virtual Desktop Client for ipad. Release Notes for Release 1.2

Oracle mymicros.net, icare, myinventory and mylabor Self Host Release Notes Release v April 2015

Oracle Enterprise Manager Ops Center

Oracle Communications Convergent Charging Controller. Sample Message Flows Reference Guide Release 6.0.1

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need

Oracle Communications Order and Service Management. OSM New Features

User's Guide Release

Live Help On Demand Analytics

Oracle Fusion Middleware Oracle Stream Analytics Release Notes. 12c Release ( )

Oracle Hospitality Suite8 XML Export of Invoice Data for Hungarian Tax Authority Release and Higher E November 2016

Oracle Database Firewall. 1 Downloading the Latest Version of This Document. 2 Known Issues. Release Notes Release 5.

Contents About Connecting the Content Repository... 5 Prerequisites for Configuring a Content Repository and Unifier... 5

Oracle Hospitality Simphony First Edition Venue Management (SimVen) Installation Guide Release 3.8 Part Number: E

Oracle Communications MetaSolv Solution

Oracle NoSQL Database Integration with SQL Developer. Release 18.1

Oracle Human Capital Management Cloud Using the HCM Mobile Application. Release 13 (update 18C)

Oracle Hospitality BellaVita Adding a New Language Release 2.7. September 2015

Oracle Cloud Getting Started with Oracle WebCenter Portal Cloud Service

Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E November 2017

Release Notes for Oracle GoldenGate for Big Data 12c ( )

Oracle Hospitality Simphony Venue Management Release Notes Release 3.9 E March 2017

New Features in Primavera Professional 15.2

Elastic Charging Engine 11.3 RADIUS Gateway Protocol Implementation Conformance Statement Release 7.5

PeopleSoft Fluid Related Action Standards

Oracle Utilities Opower Solution Extension Partner SSO

Oracle Enterprise Manager

Oracle Communications Services Gatekeeper

Oracle Hospitality Simphony Engagement Cloud Service Release Notes Release 2.0 E January 2016

About these Release Notes

Materials Control Recipe Reduction based on Article Defaults

Oracle Hospitality 9700 Point-of-Sale Server Setup Guide - Server Version 2 Release 4.0 Part Number: E July 2016

Transcription:

StorageTek Linear Tape File System, Library Edition Security Guide Release 1 E38511-02 July 2016

StorageTek Linear Tape File System, Library Edition Security Guide, Release 1 E38511-02 Copyright 2013, 2016, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.

Contents Preface... v Audience... Documentation Accessibility... v v 1 Overview Product Overview... 1-1 Security... 1-1 Physical... 1-1 Network... 1-2 User Access... 1-2 General Security Principles... 1-2 Keep Software Up To Date... 1-2 Restrict Network Access... 1-2 Keep Up To Date on Latest Security Information... 1-2 2 Secure Installation Understand Your Environment... 2-1 Which resources need to be protected?... 2-1 From whom are the resources being protected?... 2-1 What will happen if the protections on strategic resources fail?... 2-1 Installing Linear Tape File System Library Edition (LTFS-LE)... 2-1 Post Installation Configuration... 2-1 Assign the user (admin) password... 2-2 Enforce password management... 2-2 3 Security Features A B Secure Deployment Checklist References iii

iv

Preface This document describes the security features of Oracle s StorageTek Linear Tape File System, Library Edition (LTFS-LE). Audience This guide is intended for anyone involved with using security features and secure installation and configuration of LTFS-LE. Documentation Accessibility For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc. Access to Oracle Support Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired. v

vi

1 1Overview This section gives an overview of LTFS-LE and explains the general principles of its security. Product Overview Today, tape storage faces the threat of being relegated entirely into the backup and archive market, even as customers beg for a more cost efficient storage platform that could be used for nearline storage because of perceived usability and performance issues. The pioneering groundwork from StorageTek and Sun engineers to eradicate this attack line from disk vendors finally manifested itself in 2010 with the debut of the Linear Tape File System (LTFS) for single tape drives. First released as an open-source specification by IBM and the LTO consortium, LTFS allows a single drive to be treated like a thumb drive or memory stick. This new presentation abstracted the pains of tape storage and made it more usable. In addition, it opened new possibilities for increasing the value of tape as industries that require their storage to be portable now have a cost-effective storage platform. Oracle adopted the specification with its T10000C tape drive. However, LTFS for a single drive has limited value for both the customer and Oracle. Extending LTFS to an entire library allows customers to essentially have thousands of thumb drives. They can then manage petabytes of data in their library through just a basic desktop explorer interface. Not only does this make tape easier to use, it also gives users peace of mind because all their content is written in an open format. Customers will no longer be chained to their backup application or other proprietary format. In addition, the portability benefits are greatly enhanced. Finally, LTFS Library Edition (LTFS-LE) enables future Oracle applications and middleware to use tape as a storage format by providing a single, simple access point. Security Physical There are three aspects to LTFS-LE security: physical, network, and user access. It is required that LTFS-LE is installed on a standalone server within an organization s data center. Physical access to the server would be dictated by customer company policy. Overview 1-1

General Security Principles Network User Access It is required that LTFS-LE be added or configured to a Customer internal firewall protected network. This network needs SSH and SNMP access to libraries for which data will be accessed. The LTFS-LE Application access is controlled by username and password authentication. These are set up during initial installation by the customer. Passwords must meet Oracle standard requirements. General Security Principles Keep Software Up To Date The following principles are fundamental to using any product securely. One of the principles of good security practice is to keep all software versions and patches up to date. This document is for the software level of: LTFS-LE Release 1.0 or higher Note: It is expected that libraries, library software, and drives also meet minimum firmware version levels that are connected to the LTFS-LE application. These firmware levels are specified in the LTFS-LE release notes. Restrict Network Access Keep the LTFS-LE host server behind a data center firewall. The firewall provides assurance that access to these systems is restricted to a known network route, which can be monitored and restricted, if necessary. As an alternative, a firewall router substitutes for multiple, independent firewalls. Identifying the hosts allowed to attach to the library and blocking all other hosts is recommended where possible. Keep Up To Date on Latest Security Information Oracle continually improves its software and documentation. Check this document every release for revisions. 1-2 StorageTek Linear Tape File System, Library Edition Security Guide

2 2Secure Installation This section outlines the planning process for a secure installation and describes several recommended deployment topologies for the systems. The following will not detail the installation, configuration, and administration of the LTFS-LE application. The installation, configuration, and administration will be covered in the LTFS-LE Installation and Administration Guide 1.0. Understand Your Environment To better understand security needs, the following questions must be asked: Which resources need to be protected? For LTFS-LE, the host server and the associated network must be protected from unauthorized access From whom are the resources being protected? LTFS-LE must be protected from everyone on the Internet, external users, and unauthorized internal users. What will happen if the protections on strategic resources fail? It is possible that someone could maliciously cause data loss to tape storage with unauthorized access to LTFS-LE. Installing Linear Tape File System Library Edition (LTFS-LE) LTFS-LE should only be installed on systems that are within the same protected (firewalled) network infrastructure as the monitored devices. Customer access controls should be enforced on the systems where LTFS-LE is installed to assure restricted access to the application. Refer to the following LTFS-LE user guides for installation instructions. Oracle LTFS-LE Planning and Installation Post Installation Configuration There is no post installation configuration security changes. The configuration is set by the customer during installation. Secure Installation 2-1

Post Installation Configuration Assign the user (admin) password. The customer administration account password is set by the customer during the installation. Enforce password management Customer Corporate password management rules, such as password length, history, and complexity must be applied to the administrator password. 2-2 StorageTek Linear Tape File System, Library Edition Security Guide

3 3Security Features This section outlines the specific security mechanisms offered by the product. The LTFS-LE application provides user with encrypted password roles for protection. This is not the only line of security to protect the application. The application should be in a physically secured data center that also has a secured network, which allows access per authorized users only. Security Features 3-1

3-2 StorageTek Linear Tape File System, Library Edition Security Guide

A ASecure Deployment Checklist The following security checklist includes guidelines that help secure the tape drive: 1. Enforce password management. 2. Enforce access controls. 3. Restrict network access. a. A firewall should be implemented. b. The firewall must not be compromised. c. System access should be monitored. d. Network IP addresses should be checked. 4. Contact your Oracle Services, Oracle Tape Library Engineering, or account representative to report suspected vulnerabilities in LTFS-LE or Oracle Tape Libraries. Secure Deployment Checklist A-1

A-2 StorageTek Linear Tape File System, Library Edition Security Guide

B BReferences Oracle LTFS-LE Planning and Installation References B-1

B-2 StorageTek Linear Tape File System, Library Edition Security Guide

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback