Authentication; Authorization; Accounting And Auditing - Oracle X5-2 Security Manual

Authentication

Restrict access to hot-plug or hot-swap devices in particular because they can be easily
■
removed.
Store spare field-replaceable units (FRUs) and customer-replaceable units (CRUs) in a
■
locked cabinet. Restrict access to the locked cabinet to authorized personnel.
Authentication
Authentication is how a user is identified, typically through confidential information such as
user name and password. Authentication ensures that users of hardware or software are who
they say they are.
Set up authentication features such as a password system in your platform operating systems
■
to ensure that users are who they say they are.
Ensure that your personnel use employee badges properly to enter the computer room.
■
For user accounts: use access control lists where appropriate; set time-outs for extended
■
sessions; set privilege levels for users.

Authorization

Authorization allows administrators to control what tasks or privileges a user may perform
or use. Personnel can only perform the tasks and use the privileges that have been assigned
to them. Authorization refers to restrictions placed on personnel to work with hardware and
software.
Allow personnel to work only with hardware and software that they are trained and
■
qualified to use.
Set up a system of Read/Write/Execute permissions to control user access to commands,
■
disk space, devices, and applications.

Accounting and Auditing

Accounting and auditing refer to maintaining a record of a user's activity on the system. Oracle
servers have software and hardware features that allow administrators to monitor login activity
and to maintain hardware inventories.
Use system logs to monitor user logins. Monitor system administrator and service accounts
■
in particular because those accounts have access to commands that if used incorrectly could
8 Oracle Server X5-2 Security Guide • May 2015