![]() | Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition | ||
|
|
![]() |
||||||||||||
Solution Type Technical Instruction Sure Solution 1414717.1 : SL3000/SL8500 - Security Between SDP and Library
In this Document
Applies to:Sun StorageTek SL3000 Modular Library System - Version: Not ApplicableSun StorageTek SL8500 Modular Library System - Version: Not Applicable and later [Release: N/A and later] Information in this document applies to any platform. GoalNetwork security people at a customer site has asked the following:What if someone succeeds to hack into the SDP box, will it be possible to hack into the a SL8500 (which is connected) and from there go to the customers network. I think that It would not be possible, but I need to know why it would not be. SolutionIt's unlikely a hacker could brute force in over the SDP box, even if he barren the ports/ip segments to find the sdp box, that would most likely cause an alarm/drop from any modern Firewall.SDP is not "directly" connected to the customer network, as it should be behind a firewall separating his internal network. It's an appliance like environment isolated trough a IPSec VPN over a cisco router (DMZ <-> Router/vpn <-> SDP), where only internal route/ip is given to Oracle isolated from the customer network, like Raghu says, it follows the AAA ruleset, hence only authorized personnel has access to it, and everything is logged. The data connection established over the hardware, is not connected directly to customer data (SL8500) only allows snmp-like data to be sent in to SDP, modification is almost impossible since its mostly firmware based equipment. SDP has been built on basis of CERT (center of Internet security expertise.), and its security is based on several policies, practices, implementations and decisions that protect customer business data. The SDP has several security and privacy capabilities designed to ensure the highest level of confidentiality in the communications process. The SDP leverages key security technologies as well as a secure architecture, strict authentication and user policies, and encryption to ensure that data is safely transmitted between customer environment and the Oracle technical support analysts. The SDP does not access, gather, or transmit customer data. SDP does not give hackers access to your corporate network. Following the mantra "Authentication, Authorization, and Accounting," SDP leverages secure hardened front-end and back-end servers in NOC; uses secure 128-bit or better encryption, and sets up individual accounts that require authorization to specific Oracle data. The SDP also provides for strict accounting of user access to customer site. The SDP site unit is secure per CERT guidelines and testing. Attached are some of the connectivity models used on the SDP. Provided by [email protected] Provided by [email protected] Attachments This solution has no attachment |
||||||||||||
|