Planning Security for an Administrative Domain
Managing Security for Backup Networks 6-7
Oracle Secure Backup cannot itself provide physical or network security for any host
nor verify whether such security exists. For example, Oracle Secure Backup cannot
stop malicious users from performing the following illicit activities:
■ Physically compromising a host
An attacker who gains physical access to a host can steal or destroy the primary or
secondary storage. For example, a thief could break into an office and steal servers
and tapes. Encryption can reduce some threats to data, but not all. An attacker
who gains physical access to the administrative server compromises the entire
administrative domain.
■ Accessing the operating system of a host
Suppose an onlooker steals a password by observing the owner of a client host
entering his or her password. This malicious user could telnet to this host and
delete, replace, or copy the data from primary storage. The most secure backup
system in the world cannot protect data from attackers if they can access the data
in its original location.
■ Infiltrating or eavesdropping on the network
Although backup software can in some instances communicate securely over
insecure networks, it cannot always do so. Network security is an important part
of a backup system, especially for communications based on Network Data
Management Protocol (NDMP).
■ Deliberately misusing an Oracle Secure Backup identity
If a person with Oracle Secure Backup administrator rights turns malicious, then
he or she can wreak havoc on the administrative domain. For example, he or she
could overwrite the file system on every host in the domain. No backup software
can force a person always to behave in the best interests of your organization.
Determining the Distribution Method of Host Identity Certificates
After you have analyzed your backup environment and considered how to secure it,
you can decide how each host in the domain obtains its identity certificate. Oracle
Secure Backup uses Secure Sockets Layer (SSL) to establish a secure and trusted
communication channel between domain hosts. Each host has an identity certificate
signed by the Certification Authority (CA) that uniquely identifies this host within
the domain. The identity certificate is required for authenticated SSL connections.
The administrative server of the administrative domain is the CA for the domain.
After you configure the administrative server, you can create each media server and
client in the domain in either of the following modes:
■ automated certificate provisioning mode
In this case, no manual administration is required. When you configure the hosts,
the CA issues identity certificates to the hosts over the network.
■ manual certificate provisioning mode
In this case, you must manually import the identity certificate for each host into its
wallet.
See Also:
■ "Host Authentication and Communication" on page 6-9
■ "Certification Authority" on page 6-10
To Next Page
Loading...
Need help?
General