Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1414717.1
Update Date:2012-02-20
Keywords:
Solution Type  Technical Instruction Sure

Solution  1414717.1 :   SL3000/SL8500 - Security Between SDP and Library  

Related Items 
    

  • Sun StorageTek SL3000 Modular Library System
    •  
  • Sun StorageTek SL8500 Modular Library System
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>TAPE>Tape Hardware>SN-TP: SL3000-8500 Library
    •  






In this Document

  Goal

  Solution






Applies to: 
 
Sun StorageTek SL3000 Modular Library System - Version: Not Applicable and later   [Release: N/A and later ]
Sun StorageTek SL8500 Modular Library System - Version: Not Applicable and later    [Release: N/A and later]
Information in this document applies to any platform.



Goal

Network security people at a customer site has asked the following:

What if someone succeeds to hack into the SDP box, will it be possible to hack into the a SL8500 (which is connected) and from there go to the customers network.

I think that It would not be possible, but I need to know why it would not be.

Solution

It's unlikely a hacker could brute force in over the SDP box, even if he barren the ports/ip segments to find the sdp box, that would most likely cause an alarm/drop from any modern Firewall.

SDP is not "directly" connected to the customer network, as it should be behind a firewall separating his internal network. It's an appliance like environment isolated trough a IPSec VPN over a cisco router (DMZ <-> Router/vpn <-> SDP), where only internal route/ip is given to Oracle isolated from the customer network, like Raghu says, it follows the AAA ruleset, hence only authorized personnel has access to it, and everything is logged.

The data connection established over the hardware, is not connected directly to customer data (SL8500) only allows snmp-like data to be sent in to SDP, modification is almost impossible since its mostly firmware based equipment.

SDP has been built on basis of CERT (center of Internet security expertise.), and its security is based on several policies, practices, implementations and decisions that protect customer business data.

The SDP has several security and privacy capabilities designed to ensure the highest level of confidentiality in the communications process.  The SDP leverages key security technologies as well as a secure architecture, strict authentication and user policies, and encryption to ensure that data is safely transmitted between customer environment and the Oracle technical support analysts.  The SDP does not access, gather, or transmit customer data.

    SDP does not give hackers access to your corporate network.  Following the mantra "Authentication, Authorization, and Accounting," SDP leverages secure hardened front-end and back-end servers in NOC; uses secure 128-bit or better encryption, and sets up individual accounts that require authorization to specific Oracle data.  The SDP also provides for strict accounting of user access to customer site. The SDP site unit is secure per CERT guidelines and testing.

Attached are some of the connectivity models used on the SDP.


Provided by [email protected]


Provided by [email protected]



Attachments

This solution has no attachment


















       

Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.

 Feedback