TIPS AND TRICKS. Johan Olivier SECURITY

Similar documents
Service Description VMware Workspace ONE

Security Enhancements in Informatica 9.6.x

Oracle Database Security and Audit. Authentication and authorization

Oracle Payment Interface Token Proxy Service Security Guide Release 6.1 E November 2017

NetIQ Secure Configuration Manager Installation Guide. October 2016

Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 E June 2016

Netwrix Auditor for SQL Server

CHANGES TO ITS INTEGRATOR PRODUCT SUITE AND RELEASE STRATEGY Presented by: Frans Pelser

OpenIAM Identity and Access Manager Technical Architecture Overview

Veritas NetBackup Appliance Security Guide

Server Installation Guide

3. Optionally, if you want to use the new Web SSO feature, complete the steps in Adding Web Single Sign-On Functionality.

Oracle Database 11g: Security Release 2

Quick Start Guide to Installing Your SSL-Explorer Server using the Linux RPM Installer

Veritas NetBackup Appliance Security Guide

Aimetis Symphony Mobile Bridge. 2.7 Installation Guide

Ekran System v.6.0 Privileged User Accounts and Sessions (PASM)

User Guide Windows 7 New Account Creating Limited

Sophos Mobile Control Technical guide

Security Guide Release 4.0

Advanced PDS Topics. Andrew Walsh Team Lead, NA Primo Support Teams

Axway Validation Authority Suite

VII. Corente Services SSL Client

Unified Security Platform. Security Center 5.4 Hardening Guide Version: 1.0. Innovative Solutions

Oracle Database 11g: Security Release 2

Minfy MS Workloads Use Case

Self-Service Password Reset

Integration Guide. Dell EMC Data Domain Operating System and Gemalto KeySecure. DD OS and Gemalto KeySecure Integration. Version 6.

M2M / IoT Security. Eurotech`s Everyware IoT Security Elements Overview. Robert Andres

Evaluation Guide Host Access Management and Security Server 12.4 SP1 ( )

Deploying High Availability and Business Resilient R12 Applications over the Cloud

CA XCOM Data Transport Gateway

SECURITY DOCUMENT. 550archi

Clientless SSL VPN Remote Users

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

VMware Horizon 7 Administration Training

SnapCenter Software 4.0 Concepts Guide

Microsoft SQL Installation and Setup

Oracle Hospitality OPERA Property Management Security Guide Versions: Part Number: E

Streaming Profile Recipe

Oracle Enterprise Manager. 1 Introduction. System Monitoring Plug-in for Oracle Enterprise Manager Ops Center Guide 11g Release 1 (

McAfee epolicy Orchestrator Release Notes

Innovative uses as result of DNSSEC

Automation Anywhere Enterprise 10 LTS

PCI DSS Compliance. White Paper Parallels Remote Application Server

ISEC7 - B*Nator EMM Suite. Check Before Installation Guide

CN!Express CX-6000 Single User Version PCI Compliance Status Version June 2005

VMware vcloud Air SOC 1 Control Matrix

ForeScout Extended Module for Carbon Black

Reference manual Integrated database authentication

Server Software Installation Guide

Troubleshoot. What to Do If. Locate chip.log File

Cyber Security Requirements for Electronic Safety and Security

Polycom RealPresence Access Director System

vcloud Director User's Guide

IBM BigInsights Security Implementation: Part 1 Introduction to Security Architecture

Phil Schwan Technical

Troubleshoot. What to Do If. Locate chip.log File. Procedure

Procedure for Connecting to OIL VPN

Safeguarding Cardholder Account Data

Exam : JN Title : Juniper Networks Certified Internet Assoc(JNCIA-SSL) Exam. Version : Demo

Colligo Briefcase. for Good Technology. Administrator Guide

HikCentral V.1.1.x for Windows Hardening Guide

Installing AX Server with PostgreSQL (multi-server)

OpenID Cloud Identity Connector. Version 1.3.x. User Guide

Configuring Cisco Unity and Unity Connection Servers

Security System Guide

ADFS integration with Ibistic Commerce Platform A walkthrough of the feature and basic configuration

CLIQ Remote - System description and requirements

WebLogic Security Top Ten

Most Common Security Threats (cont.)

Configuring Proxy Settings. STEP 1: (Gathering Proxy Information) Windows

Secure Messaging Buyer s Guide

Installing the Management Software

RSA Identity Governance and Lifecycle Collector Data Sheet for Zendesk

EUROPEAN MIDDLEWARE INITIATIVE

Veritas Exam ST0-202 Symantec Mobile Management Suite (CMS/ITMS) 2013 Version: 7.0 [ Total Questions: 139 ]

McAfee Security Connected Integrating epo and MFECC

MCSA Guide to Networking with Windows Server 2016, Exam

Configure IBM Rational Synergy with 3 rd Party LDAP Server. Release

Randtronics Data Privacy Manager

1. Security of your personal information collected and/or processed through AmFIRST REIT s Web Portal; and

Troubleshooting Cisco DCNM

Connection Broker Advanced Connections Management for Multi-Cloud Environments. Security Review

Polycom RealPresence Access Director System, Virtual Edition

TECHNICAL WHITE PAPER AUGUST 2017 REVIEWER S GUIDE FOR VIEW IN VMWARE HORIZON 7: INSTALLATION AND CONFIGURATION. VMware Horizon 7 version 7.

Evaluation Guide Host Access Management and Security Server 12.4

IBM Security Access Manager Version May Advanced Access Control Configuration topics IBM

vcloud Director User's Guide

Application Note. Providing Secure Remote Access to Industrial Control Systems Using McAfee Firewall Enterprise (Sidewinder )

Securing ArcGIS Services

Habanero BMC Configuration Guide

Oracle Health Sciences Information Gateway. 1 Introduction. Security Guide Release 2.0.1

Installing and Configuring vcenter Multi-Hypervisor Manager

HPE Security ArcSight Connectors

One Identity Management Console for Unix 2.5.1

Cisco CTL Client Setup

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

SSL Certificates Enrollment, Collection, Installation and Renewal

Locking down a Hitachi ID Suite server

Transcription:

TIPS AND TRICKS Johan Olivier SECURITY

Desktop JRE versions - Back office application Integrator 3 (FMW Forms 11GR2) JRE 1.6 and 1.7 Upgrade to JRE 1.8 The server must be on Java patch level 1.7 Integrator 4.1 (FMW Forms 12c) JRE 1.8 JRE Upgrade guide obtainable from Adapt IT Page 2

Secure certificates Apache proxy SSL certificates Keep track of expiry dates Use of both server and domain certificates can be used on 4.1. JAR signing certificates Adapt IT provide this at application level Plan for downtime required when new certificate become available. Adapt IT will notify in advance. New signed jars will replace current jars on test and production servers. SIGNER CERTIFICATE X.509, CN=ADAPTIT, OU=DBA, O=ADAPTIT, L=DURBAN NORTH, ST=KWAZULU-NATAL, C=ZA [certificate is valid from 5/16/17 2:00 AM to 8/15/20 1:59 AM] (Expire 15 August 2020) X.509, CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US [certificate is valid from 12/10/13 2:00 AM to 12/10/23 1:59 AM] Page 3

Basic Architecture Page 4

Security overview The Integrator product is built on the underlying Oracle software stack. This allows AdaptIT to leverage on all the security features offered by Oracle. It has to be noted the level of security features enabled may require additional licensing from Oracle base products. It would therefore be the choice of the system owner to enable additional features. The latest version of the operating system security features can be enabled to control access. Standard infrastructure setup make use of proxy and firewall features and secure certificates. Page 5

Security overview Authentication Password policy is a requirement at operating system level, database level and application level. Password authentication at application level uses Oracle Internet Directory services. Session Validation Application rules apply on privileges which are defined at database and application level. These include update/delete and view/select privileges. These can be enhanced by Oracle data masking which allow privileged owners to view and change data of sensitive nature. OWASP (Open Web Security Project )Vulnerability Protection Numerous interrogation software both commercial and open source are available to detect vulnerabilities. https://www.owasp.org/index.php/category:vulnerability_scanning_tools Page 6

Security overview Secure Data Transmission In addition to SSL infrastructure security data can be encrypted at database level. Audit logs Standard ITS application audit logs are enabled. System owners can enable additional own defined audit logs. In addition database audit features can be enabled to make use of 12c unified audit features. Page 7

Access policies Passwords Enforce password policy determined by Institution at all levels. Enable OS password change policy including password strength. Enable DB password policy. Change administration console passwords. Standard policy rules include these minimum requirements. Minimum of 8 characters which must include one uppercase and one special character. Audit logs Please note any audit features has to be maintained by system owners Page 8

Disclaimer The information, comments and material presented in this presentation are provided for information purposes only. The presentation is not addressing all possible technical or business aspects and does not claim to be complete or exhaustive Adapt IT reserves the right to change its business or product development plans as circumstances dictate. This document may not be reproduced or distributed without the written permission of Adapt IT (Pty) Ltd.

THANK YOU Database Administrator / Johan Olivier : johan. olivier@adaptit.co.za Page 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback