Planning Security for an Administrative Domain
6-6 Oracle Secure Backup Installation and Configuration Guide
As with the single system network type, the administrative domain exists in a network
environment that is secure. Administrators secure each host, tape device, and tapes by
external means. Active attacks by a hacker are not likely. Administrators assume that
security maintenance and administration for the domain requires almost no overhead.
Backup and system administrators are primarily concerned with whether Oracle
Secure Backup moves data between hosts efficiently.
Corporate Network
In this environment, multiple administrative domains, multiple media server hosts,
and numerous client hosts exist in a corporate network.
The number of hosts, devices, and users in the administrative domains is extremely
large. Data backed up includes both highly sensitive data such as human resources
information and less sensitive data such as the home directories of low-level
employees. Backups probably occur on the same corporate network used for e-mail,
and Internet access. The corporate network is protected by a firewall from the broader
Internet.
The assets include basically every piece of data and every computer in the corporation.
Each administrative domain can have multiple users. Some host owners can have their
own Oracle Secure Backup account to initiate a restore of their file systems or
databases.
The security requirements for this backup environment are different from the single
system and data center examples. Given the scope and distribution of the network,
compromised client hosts are highly likely. For example, someone could steal a laptop
used on a business trip. Malicious employees could illicitly log in to computers or run
tcpdump or similar utilities to listen to network traffic.
The compromise of a client host must not compromise an entire administrative
domain. A malicious user on a compromised computer must not be able to access data
that was backed up by other users on other hosts. This user must also not be able to
affect normal operation of the other hosts in the administrative domain.
Security administration and performance overhead is expected. Owners of sensitive
assets must encrypt their backups, so physical access to backup media does not reveal
the backup contents. The encryption and decryption must be performed on the client
host itself, so sensitive data never leaves the host in unencrypted form.
Choosing Secure Hosts for the Administrative and Media Servers
Your primary task when configuring security for your domain is providing physical
and network security for your hosts and determining which hosts should perform the
administrative server and media server roles.
When choosing administrative and media servers, remember that a host should only
be an administrative or media server if it is protected by both physical and network
security. For example, a host in a data center could be a candidate for an
administrative server because it presumably belongs to a private, secured network
accessible to a few trusted administrators.
Note: Oracle Secure Backup offers an optional and highly
configurable backup encryption mechanism that ensures that data
stored on tape is safe from prying eyes. Backup encryption is fully
integrated with Oracle Secure Backup and is ready to use as soon as
Oracle Secure Backup is installed. Backup encryption applies to both
file-system data and Recovery Manager (RMAN) generated backups.
To Next Page
Loading...
Need help?
General