Skip Headers
Oracle® Key Manager 3 Security Guide
Release 3.0
E49728-01
  Go To Table Of Contents
Contents

Previous
Previous
 
Next
Next
 

1 Overview

This section gives an overview of the product and explains the general principles of application security.

Product Overview

The Oracle Key Manager (OKM) creates, stores, and manages encryption keys. It consists of the following components:

The OKM uses TCP/IP networking for the connections between KMAs, Agents, and workstations where the Oracle Key Manager GUI and CLIs are running. To provide flexible network connections, three interfaces are provided for network connections on each KMA:

See the example in the following image:

Figure 1-1 Connections to the KMA

Description of Figure 1-1 follows
Description of "Figure 1-1 Connections to the KMA"

General Security Principles

The following principles are fundamental to using any application securely.

Keep Software Up To Date

One of the principles of good security practice is to keep all software versions and patches up to date. The latest Oracle Key Manager upgrade packages and installers are available on the My Oracle Support web site: http://support.oracle.com.

Restrict Network Access to Critical Services

Keep your business applications behind a firewall. The firewall provides assurance that access to these systems is restricted to a known network route, which can be monitored and restricted, if necessary. As an alternative, a firewall router substitutes for multiple, independent firewalls.

Follow the Principle of Least Privilege

The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. Over-ambitious granting of responsibilities, roles, grants, and so on especially earlier on in an organization's life cycle when people are few and work needs to be done quickly, often leaves a system wide open for abuse. User privileges should be reviewed periodically to determine relevance to current job responsibilities.

Monitor System Activity

System security stands on three legs: good security protocols, proper system configuration, and system monitoring. Auditing and reviewing audit records address this third requirement. Each component within a system has some degree of monitoring capability. Follow audit advice in this document and regularly monitor audit records.

Keep Up To Date on Latest Security Information

Oracle continually improves its software and documentation. Check the My Oracle Support web site yearly for revisions.