| 1 | <?xml version='1.0' encoding='UTF-8'?>
|
|---|
| 2 | <!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
|
|---|
| 3 | <topic xml:lang="en-us" id="security-general">
|
|---|
| 4 | <title>General Security Principles</title>
|
|---|
| 5 |
|
|---|
| 6 | <body>
|
|---|
| 7 | <p>
|
|---|
| 8 | The following principles are fundamental to using any application
|
|---|
| 9 | securely.
|
|---|
| 10 | </p>
|
|---|
| 11 | <ul>
|
|---|
| 12 | <li>
|
|---|
| 13 | <p><b outputclass="bold">Keep software up to date</b>. One
|
|---|
| 14 | of the principles of good security practise is to keep all
|
|---|
| 15 | software versions and patches up to date. Activate the
|
|---|
| 16 | Oracle VM VirtualBox update notification to get notified when a new
|
|---|
| 17 | Oracle VM VirtualBox release is available. When updating
|
|---|
| 18 | Oracle VM VirtualBox, do not forget to update the Guest Additions.
|
|---|
| 19 | Keep the host operating system as well as the guest operating
|
|---|
| 20 | system up to date.
|
|---|
| 21 | </p>
|
|---|
| 22 | </li>
|
|---|
| 23 | <li>
|
|---|
| 24 | <p><b outputclass="bold">Restrict network access to critical
|
|---|
| 25 | services.</b> Use proper means, for instance a
|
|---|
| 26 | firewall, to protect your computer and your guests from
|
|---|
| 27 | accesses from the outside. Choosing the proper networking mode
|
|---|
| 28 | for VMs helps to separate host networking from the guest and
|
|---|
| 29 | vice versa.
|
|---|
| 30 | </p>
|
|---|
| 31 | </li>
|
|---|
| 32 | <li>
|
|---|
| 33 | <p><b outputclass="bold">Follow the principle of least
|
|---|
| 34 | privilege.</b> The principle of least privilege states
|
|---|
| 35 | that users should be given the least amount of privilege
|
|---|
| 36 | necessary to perform their jobs. Always execute Oracle VM VirtualBox
|
|---|
| 37 | as a regular user. We strongly discourage anyone from
|
|---|
| 38 | executing Oracle VM VirtualBox with system privileges.
|
|---|
| 39 | </p>
|
|---|
| 40 | <p>
|
|---|
| 41 | Choose restrictive permissions when creating configuration
|
|---|
| 42 | files, for instance when creating /etc/default/virtualbox, see
|
|---|
| 43 | <xref href="linux_install_opts.dita">Automatic Installation Options</xref>. Mode 0600 is preferred.
|
|---|
| 44 | </p>
|
|---|
| 45 | </li>
|
|---|
| 46 | <li>
|
|---|
| 47 | <p><b outputclass="bold">Monitor system activity.</b>
|
|---|
| 48 | System security builds on three pillars: good security
|
|---|
| 49 | protocols, proper system configuration and system monitoring.
|
|---|
| 50 | Auditing and reviewing audit records address the third
|
|---|
| 51 | requirement. Each component within a system has some degree of
|
|---|
| 52 | monitoring capability. Follow audit advice in this document
|
|---|
| 53 | and regularly monitor audit records.
|
|---|
| 54 | </p>
|
|---|
| 55 | </li>
|
|---|
| 56 | <li>
|
|---|
| 57 | <p><b outputclass="bold">Keep up to date on latest security
|
|---|
| 58 | information.</b> Oracle continually improves its
|
|---|
| 59 | software and documentation. Check this note yearly for
|
|---|
| 60 | revisions.
|
|---|
| 61 | </p>
|
|---|
| 62 | </li>
|
|---|
| 63 | </ul>
|
|---|
| 64 | </body>
|
|---|
| 65 |
|
|---|
| 66 | </topic>
|
|---|
