Keeping Software Up To Date

One of the principles of good security practice is to keep all software versions and patches up to date. This document assumes that you are running ACSLS 8.5 or a later release, with all relevant maintenance applied. Running the latest ACSLS release assures that you have the latest enhancements and fixes. Contact Oracle for the latest patches for ACSLS.

Apply all significant security patches to the OS and to services installed with the OS. Please apply these patches selectively, because applying all available updates may install new features and even new OS releases that ACSLS has not been tested with.

Restricting Network Access to Critical Services

Keep both the ACSLS and the libraries that it manages behind a firewall.

Using a private network for TCP/IP communications between ACSLS and tape libraries is recommended.

Following the Principle of Least Privilege

The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. User privileges should be reviewed periodically to determine relevance to current job responsibilities.

On ACSLS, this means that operators who only issue routine commands using cmd_proc should login as the acssa user. System administrators who login as the acsss user also have access to a wider range of utilities and configuration commands. Use of the acsdb user ID is not needed for normal operations.

Monitoring System Activity

System security stands on three legs: good security protocols, proper system configuration, and system monitoring. Auditing and reviewing audit records address this third requirement. Each component within a system has some degree of monitoring capability. Follow audit advice in this document and regularly monitor audit records.

Keeping Up To Date on Latest Security Information

Oracle continually improves its software and documentation. Check this document every release for revisions.