For example, the home directory on a rank-and-file corporate employee's host is presumably less sensitive than a credit card company's subscriber data. The sensitivity of data is measured by how dangerous it would be for the data to be accessed by a malicious user. A network that includes 1000 hosts and 2000 users has more points of entry for an attacker than a network of 5 hosts and 2 users. The number of assets and principals associated with a domain plays an important role in domain security. In the lowest level of security, any principal can access any asset in the domain. In a medium level of security, the asset owner and the administrator of the domain both have access to the asset. For example, only the owner of a client host can read or modify data from this host. In the highest level of security, the only principal with access to an asset is the owner. The relationships between assets and principals partially determine the level of security in the Oracle Secure Backup administrative domain: Onlookers might own a host outside the domain. These users do not fall into any of the preceding categories of principals, but can access a larger network that contains the Oracle Secure Backup domain. These users might have access to the corporate network and to the hosts in the administrative domain (although not necessarily root access).
These Oracle Secure Backup users have administrative rights in the domain, access to the tapes containing backup data, and the rights required to perform backup and restore operations.Įach database administrator has complete access to his or her own database.Įach host owner has complete access to its file system.
Principals are users who either have access to the assets associated with the administrative domain or to a larger network that contains the domain. Metadata about the database and file-system data Oracle Secure Backup can supplement but not replace the physical and network security provided by administrators.ĭatabase and file-system data requiring backup
#Right backup authenticity software
Network backup software such as Oracle Secure Backup is only one component of a secure backup network. SSL protects the administrative domain from eavesdropping, message tampering or forgery, and replay attacks. After a Secure Sockets Layer (SSL) connection is established between hosts, control and data messages are encrypted when transmitted over the network. A host within the domain uses an X.509 certificate for host authentication. By default, all hosts that run Oracle Secure Backup must have their identity verified before they can join the administrative domain. Oracle Secure Backup meets these requirements in its default configuration. Software components must not expose the hosts they run on to attack.įor example, daemons should be prevented from listening on a well-known port and performing arbitrary privileged operations.ĭata managed by the backup software must not be viewable, erasable, or modifiable by unauthorized users.īackup software must permit authorized users to perform these tasks. Your backup network must meet the following requirements to be both useful and secure: The task of the security administrator is to learn the types of possible attacks and techniques to guard against them. Any such network has a level of vulnerability to malicious attacks. An Oracle Secure Backup administrative domain is a network of hosts.
0 kommentar(er)
