brent mosher senior sales consultant applications technology oracle corporation
TRANSCRIPT
![Page 1: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/1.jpg)
![Page 2: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/2.jpg)
Brent MosherSenior Sales ConsultantApplications TechnologyOracle Corporation
![Page 3: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/3.jpg)
Oracle E-Business SuiteSecurity Management
![Page 4: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/4.jpg)
Agenda
Security Guidelines Secure Architectures 11i.10 User Management Questions and Answers
![Page 5: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/5.jpg)
SecuritySecurityGuidelineGuideline
ss
![Page 6: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/6.jpg)
Security Policy
Authentication
Authorization
Auditing
Not just for the
paranoid any more!
Not just for the
paranoid any more!
![Page 7: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/7.jpg)
Patching
Security Alerts– Oracle Quarterly Critical Patch Update (CPU)
Middle of January, April, July, October Covers all Oracle products http://www.oracle.com/technology/deploy/security
– Also monitor alerts for your Hardware platform. Operating System Java Management tools, …
![Page 8: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/8.jpg)
11i Security Best Practices
MetaLink article 189367.1– Maintained continuously, check periodically for
updated advice (see change log) Major document update released 12/06/2004
– Assumes current patch level 11.5.9 + Recommended Patch Level or 11.5.10
– Most advice is now automated via latest AutoConfig and OAM
![Page 9: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/9.jpg)
Oracle Database
Get to recommended database: 9.2.0.5+ Harden the database and server machine… Check privileges on APPLSYSPUB/PUB
– $FND_TOP/patch/115/sql/afpub.sql Change default passwords for Apps accounts
– Listed in FND_ORACLE_USERID– Use FNDCPASS
![Page 10: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/10.jpg)
Oracle Database
Do not expose APPS password– Create alternate accounts
Named accounts per human/system Limited grants to APPS, according to role
Audit changes to database security and setup– Heavy auditing on human accounts, less on APPS– Restrict access to audit information
![Page 11: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/11.jpg)
OAM Trusted Host Registration
![Page 12: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/12.jpg)
OAM Security Dashboard
![Page 13: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/13.jpg)
OAM Page Flow Logging
![Page 14: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/14.jpg)
SecureSecureArchitectArchitect
uresures
![Page 15: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/15.jpg)
Application Server
Use SSL (HTTPS) for Web Listener– Recommended for internal use as well– New SSL Setup wizard in OAM 11.5.10– Manual Setup: Metalink 123718.1, 277574.1– Performance considerations
mod_ssl: about 15% increase in CPU load Hardware accelerators now supported
![Page 16: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/16.jpg)
OAM SSL Configuration Wizard
![Page 17: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/17.jpg)
External Server Security
External Server
Internal Server
External PC
Internal PC
Control which responsibilities are externally available. Users accessing from outside your firewall will see a restricted set of Responsibilities in the Navigator.
![Page 18: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/18.jpg)
External Server Security
Mark External Servers– Node Trust Level (Server Profile Option)
Set to "External" for externally facing servers Set to "Normal" at Site level
Mark Externally available Responsibilities– Responsibility Trust Level (Profile Option)
Set to "External" for externally available resps Set to "Normal" at Site level'
External access restricted by security system
![Page 19: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/19.jpg)
DMZ Reverse Proxy (future)
Relays valid requests to Application Server– Apache or WebCache
No Applications Code on this tier
– URL filtering limits access to specific pages External product teams will supply URL patterns Mitigates the "unnecessary code" problem
Certification in progress– Look for white paper in process note 287176.1
![Page 20: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/20.jpg)
E-Business Suite Configuration
Harden EBS Security Setup– Check GUEST user privileges– Review access to powerful forms (Security, SQL)– Check settings of critical profile options– Enable Auditing
Sign-on Audit at the "Form" level Audit Trail for key security tables
![Page 21: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/21.jpg)
11i.1011i.10UserUser
ManagemManagementent
![Page 22: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/22.jpg)
11i Basic Security
Responsibility User– Menu(s)
Function(s)
Resp
Resp
Resp
Resp
Resp
![Page 23: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/23.jpg)
New Model: User Management
Optional 11i.10 permission repository– Full registry of what is available– Administration at the business level
Roles simplify administration– Grants to Roles represent policy, rarely change– Hierarchical Roles reuse common setup
Allows for delegated administration– Security Administrator defines Role Permissions– Role Administrators manage Role Membership
![Page 24: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/24.jpg)
Role Based Access Control
– A Role is the actions and activities assigned to a person or group.
– A role can be modeled using Responsibilities Permissions Function Security Policies Data Security Policies
– A user can be assigned several roles.– A role can be assigned to several users.
![Page 25: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/25.jpg)
Role Based Access Control Description
Roles
Function
Security Rules
Data Security
Rules
Permissions Responsibilities
![Page 26: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/26.jpg)
User Management Key Features
– Role Based Management– Role Inheritance– Self Service Registration– Delegated User Management
![Page 27: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/27.jpg)
Role Based Role Based ManagementManagement
![Page 28: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/28.jpg)
Registration ProcessDescription
Types of Registration Processes– Self Service Account Requests– Requests for Additional Access – Account Creation and Access Role
Assignment by Administrators
![Page 29: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/29.jpg)
Registration Process
Link generated using User Management’s registration
link generator
Link generated using User Management’s registration
link generator
![Page 30: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/30.jpg)
Request Access
![Page 31: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/31.jpg)
Delegated Administration
1. Create a role that that represents a set of local administrators
2. Identify the subset of users the admin can manage and the administrative functions that can performed on this user set
3. Identify the organizational relationships the admin can manage
4. Choose roles that the administrator can administer
5. Grant any other permissions if necessary
![Page 32: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/32.jpg)
Delegated Administration
Create Role
![Page 33: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/33.jpg)
Delegated Administration
![Page 34: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/34.jpg)
Delegated Administration
Org A
Org BPartner Admin
Of Org A
Reseller of
![Page 35: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/35.jpg)
Delegated AdministrationHow to Setup this Feature
![Page 36: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/36.jpg)
ResourceResourcess
![Page 37: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/37.jpg)
User Management Strategic Implementation Program
Ensure smooth implementations for new products
Requires willingness and commitment Discuss with local applications sales team
![Page 38: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/38.jpg)
Oracle Metalink Notes
Note 258281.1 - About User Management Note 189367.1 – Security Best Practices Note 287176.1 – DMZ Configuration RBAC
http://csrc.nist.gov/rbac/rbac-std-ncits.pdf
![Page 39: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/39.jpg)
AQ&Q U E S T I O N SQ U E S T I O N S
A N S W E R SA N S W E R S
![Page 40: Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation](https://reader035.vdocuments.net/reader035/viewer/2022070410/56649ea45503460f94ba8dc2/html5/thumbnails/40.jpg)