Security Principles for Network Communications


For administration of network security and network-management devices, Oracle requires IT personnel to use secure protocols with authentication, authorization, and strong encryption. Network devices must be located in an environment protected with physical access controls and other physical security measure standards defined by Global Physical Security (GPS).

Communications to and from the Oracle corporate network must pass through network security devices at the border of Oracle’s internal corporate network.

Remote connections to the Oracle corporate network must exclusively use virtual private networks (VPN) that have been approved via the Corporate Security Solution Assurance Process (CSSAP).

Access to the Oracle corporate network by suppliers and third parties is subject to limitations and prior approval per Oracle’s Third-Party Network Access Policy.

Asset Management

Network devices must be registered and inventoried in an Oracle-approved information system per Oracle Information Systems Asset Inventory Policy . This policy requires the accurate inventory and documented ownership of all information systems processing information assets throughout their lifecycle.

Intrusion Detection

Oracle employs intrusion-detection systems within the Oracle intranet to provide continuous surveillance for intercepting and responding to security events as they are identified. Oracle utilizes a network-based monitoring approach to detect attacks on open firewall ports within Oracle's intranet. Events are analyzed using signature detection, which is a pattern matching of environment settings and user activities against a database of known attacks. Oracle updates the signature database as soon as new releases become available for commercial distribution. Alerts are forwarded to Oracle's IT security for review and response to potential threats.

Separation of Internal and External Networks

In network security, DMZs are named after the military term “demilitarized zone.” Network DMZs operate in a similar way, as a physical or logical buffer zone, providing an additional layer of security between two separate networks.

DMZs (“demilitarized zones”) are critical network areas providing separation between subnetworks inside Oracle corporate network and the internet. Network access control mechanisms are required to control communications in and around the DMZs so as to maintain adequate network segregation and prevent exposing sensitive IT resources. Oracle’s Network Security Policy defines requirements for the use of network DMZs.

Wireless Networks

Oracle’s Network Security Policy establishes formal requirements for the provision and use of wireless networks and connectivity to access the Oracle corporate network, including network segmentation requirements. Oracle IT manages wireless networks and monitors for unauthorized wireless networks.