Security Principles for Network Communications

Overview

For administration of network security and network-management devices, Oracle requires IT personnel to use secure protocols with authentication, authorization, and strong encryption. Network devices must be located in an environment protected with physical access controls and other physical security measure standards defined by Global Physical Security (GPS).

Communications to and from the Oracle corporate network must pass through network security devices at the border of Oracle’s internal corporate network.

Remote connections to the Oracle corporate network must exclusively use virtual private networks (VPN) that have been approved via the Corporate Security Solution Assurance Process (CSSAP).

Access to the Oracle corporate network by suppliers and third parties is subject to limitations and prior approval per Oracle’s Third-Party Network Access Policy.

Asset Management

Network devices must be registered in an Oracle-approved information systems inventory per Oracle Information Systems Inventory Policy. This policy requires the inventory and documented ownership of all information systems processing critical and highly critical information assets throughout their lifecycle by means of an approved inventory system.

Intrusion Detection

Oracle employs intrusion-detection systems within the Oracle intranet to provide continuous surveillance for intercepting and responding to security events as they are identified. Oracle utilizes a network-based monitoring approach to detect attacks on open firewall ports within Oracle's intranet. Events are analyzed using signature detection, which is a pattern matching of environment settings and user activities against a database of known attacks. Oracle updates the signature database as soon as new releases become available for commercial distribution. Alerts are forwarded to Oracle's IT security for review and response to potential threats.

Separation of Internal and External Networks

In network security, DMZs are named after the military term “demilitarized zone.” Network DMZs operate in a similar way, as a physical or logical buffer zone, providing an additional layer of security between two separate networks.

Internet-facing DMZs (DMZs) are principal and critical points into and out of Oracle networks. Maintaining access control to DMZs is necessary to ensure security protection for DMZ assets and for Oracle’s internal network. Oracle’s internet-facing DMZ policy defines requirements for DMZ networks.

Wireless Networks

The Oracle Wireless Network Policy guides the provision and use of wireless networks and connectivity to access the Oracle corporate network. Oracle IT manages wireless networks and monitors for unauthorized wireless networks.