Security Guide Release 4.0

Similar documents
Oracle Hospitality OPERA Exchange Interface Cloud Authentication. October 2017

Oracle Communications Configuration Management

What s New for Cloud at Customer What's New for the Cloud Services on Oracle Cloud at Customer New Documentation for Oracle Cloud at Customer

Database Change Reference Release 6.3

Oracle Linux. UEFI Secure Boot Signing Key Update Notice

Oracle Utilities Opower Custom URL Configuration

Oracle Hospitality Cruise Meal Count System Security Guide Release 8.3 E

Microsoft Active Directory Plug-in User s Guide Release

Microsoft Internet Information Services (IIS) Plug-in User s Guide Release

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Creating vservers 12c Release 1 ( )

PeopleSoft Fluid Required Fields Standards

Oracle Hospitality Suite8 Export to Outlook User Manual Release 8.9. July 2015

Oracle Hospitality MICROS Commerce Platform Release Notes Release Part Number: E December 2015

PeopleSoft Fluid Icon Standards

Oracle Hospitality Cruise Fine Dining System Security Guide Release E

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Installing and Updating Local Software Packages 12c Release

Report Management and Editor!

Copyright 1998, 2009, Oracle and/or its affiliates. All rights reserved.

Oracle Payment Interface Installation and Reference Guide Release E April 2018

What s New for Oracle Cloud Stack Manager. Topics: July Oracle Cloud. What's New for Oracle Cloud Stack Release

Taleo Enterprise Deep Linking Configuration Guide Release 17

Oracle. Field Service Cloud Using the Parts Catalog

Oracle. Field Service Cloud Using Android and ios Mobile Applications 18B

JavaFX. JavaFX System Requirements Release E

Oracle Cloud What's New for Oracle WebCenter Portal Cloud Service

Oracle Hospitality Cruise Shipboard Property Management System Topaz Signature Device Installation Guide Release 8.00 E

Recipe Calculation Survey. Materials Control. Copyright by: MICROS-FIDELIO GmbH Europadamm 2-6 D Neuss Date: August 21 st 2007.

Oracle Hospitality ecommerce Integration Cloud Service Security Guide Release 4.2 E

Oracle Configuration Manager

Microsoft.NET Framework Plug-in User s Guide Release

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Hardware and Software Configuration

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need

Managing Zone Configuration

Oracle Hospitality Query and Analysis Languages and Translation Configuration Guide. March 2016

StorageTek Linear Tape File System, Library Edition

Oracle Enterprise Manager Ops Center

Oracle Retail MICROS Stores2 Functional Document Sales - Receipt List Screen Release September 2015

Oracle Argus Safety. 1 Configuration. 1.1 Configuring a Reporting Destination for the emdr Profile. emdr Best Practices Document Release 8.0.

OKM Key Management Appliance

Oracle Hospitality e7 Point-of-Sale Release Notes. Release 4.2

Oracle Simphony Venue Management (SimVen) Installation Guide Release Part Number: E

Oracle Fusion Middleware

Oracle Enterprise Manager

Oracle Cloud Using Oracle E-Business Suite Adapter Endpoint Configuration Wizard. Release 17.3

Oracle Hospitality Simphony Engagement Cloud Service Release Notes Release 2.0 E January 2016

Oracle Hospitality ecommerce Integration Cloud Service Security Guide Release 18.1 E

Release for Microsoft Windows

Oracle Hospitality BellaVita Hardware Requirements. June 2016

Oracle Hospitality RES 3700 Server Setup Guide Release 5.5 E May 2016

Oracle Banking Channels Bank User Base

General Security Principles

Oracle Hospitality Cruise AffairWhere Security Guide Release E April 2017

1 Understanding the Cross Reference Facility

Defining Constants and Variables for Oracle Java CAPS Environments

Oracle Hospitality Simphony First Edition Venue Management (SimVen) Installation Guide Release 3.8 Part Number: E

Oracle Hospitality Simphony Venue Management Release Notes Release 3.9 E March 2017

Oracle Hospitality Suite8 XML Export of Invoice Data for Hungarian Tax Authority Release and Higher E November 2016

Materials Control. Account Classes. Product Version Account Classes. Document Title: Joerg Trommeschlaeger

Introduction to Auto Service Request

Oracle Enterprise Manager

Export generates an empty file

JD Edwards EnterpriseOne Licensing

User's Guide Release

Oracle Identity Manager Connector Guide for Dropbox. Release

Oracle. Sales Cloud Using Sales for Outlook. Release 13 (update 18A)

Oracle Communications Convergent Charging Controller. Sample Message Flows Reference Guide Release 6.0.1

New Features in Primavera Professional 15.2

Oracle Hospitality Simphony Venue Management Installation Guide Release 3.10 E March 2018

Oracle mymicros.net, icare, myinventory and mylabor Self Host Release Notes Release v April 2015

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need

Oracle Hospitality Materials Control. Server Sizing Guide

Oracle Human Capital Management Cloud Using the HCM Mobile Application. Release 13 (update 18C)

Oracle Utilities Advanced Spatial and Operational Analytics

Oracle Retail MICROS Stores2 Functional Document Malta Taxation Release July 2017

Oracle Hospitality Cruise Fleet Management Release Notes Release 9.0 E

Oracle Cloud Getting Started with Oracle WebCenter Portal Cloud Service

Oracle Cloud Known Issues for Trial and Paid Subscriptions. Release 18.1

Oracle Cloud E

Oracle Utilities Opower Solution Extension Partner SSO

Oracle Enterprise Manager Ops Center

Oracle Cloud. Oracle Cloud Adapters Postinstallation Configuration Guide E

Documentation Accessibility. Access to Oracle Support

Oracle Enterprise Manager Ops Center. Introduction. Creating Oracle Solaris 11 Zones 12c Release 2 ( )

Managing Personally Identifiable Information in P6 Professional

Oracle Health Sciences Information Gateway. 1 Introduction. Security Guide Release 2.0.1

Oracle Database Mobile Server

Live Help On Demand Analytics

Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 E June 2016

Oracle Communications Order and Service Management. OSM New Features

Oracle Enterprise Manager Ops Center E Introduction

Oracle Enterprise Manager Ops Center. Overview. What You Need. Create Oracle Solaris 10 Zones 12c Release 3 ( )

Oracle Communications MetaSolv Solution

Oracle NoSQL Database Integration with SQL Developer. Release 18.1

Release Notes for Oracle GoldenGate for Big Data 12c ( )

Oracle Hospitality Inventory Management Security Guide Release 9.1 E

Oracle Database Firewall. 1 Downloading the Latest Version of This Document. 2 Known Issues. Release Notes Release 5.

Oracle Fusion Middleware Creating Domain Templates Using the Domain Template Builder. 12c ( )

Oracle Database Appliance Accessibility Guide. Release

Oracle Retail MICROS Stores2 Functional Document Stores2 for Portugal Disaster Recovery Release

Oracle Virtual Desktop Client for ipad. Release Notes for Release 1.2

Transcription:

[1]Oracle Communications Session Monitor Security Guide Release 4.0 E89197-01 November 2017

Oracle Communications Session Monitor Security Guide, Release 4.0 E89197-01 Copyright 2017, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable: U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.

Contents Preface... v Audience... v Downloading Oracle Communications Documentation... v Documentation Accessibility... v Document Revision History... v 1 Session Monitor Secure Configuration Administrative Password... 1-1 User Accounts... 1-1 Encryption and Certificates... 1-1 Connections with Oracle SBCs... 1-1 On the SBC... 1-2 In PSA... 1-2 Unsecure Option... 1-2 Connection between ME and MEC... 1-2 Email Notifications... 1-2 Connections with ISR... 1-2 iii

iv

Preface This guide provides guidelines and recommendations for setting up Oracle Communications Session Monitor in a secure configuration. The Oracle Communications Session Monitor product family includes the following products: Operations Monitor Enterprise Operations Monitor Fraud Monitor Control Plane Monitor Audience This guide is intended for systems administrators, network administrators, and network operations team who install and administer Session Monitor. Downloading Oracle Communications Documentation Oracle Communications Session Monitor documentation and additional Oracle documentation is available from the Oracle Help Center Web Site: http://docs.oracle.com Documentation Accessibility For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc. Access to Oracle Support Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired. Document Revision History The following table lists the revision history for this document: v

Version Date Description E89197-01 November 2017 Initial release. vi

1 1Session Monitor Secure Configuration This document covers the necessary configuration of the Oracle Communications Operations Monitor (OCOM) system and of its environment to ensure secure operations. To follow these recommendations, you need access to Platform Setup Application (PSA) and to all the installed products, their manual, and possibly the administration tools for your networks. Administrative Password User Accounts PSA must be protected by a password of your choice on all OCOM machines. All the session products come with an administrator account to access their respective interface. To restrict access to these products, connect to their interface, and change the administrator account password on each. For administrator user credentials, contact your Oracle Sales Representative. OCOM features fine-grained multi-user capabilities which allows the administrator to create restricted accounts for day-to-day usage. Referring to each product manual, create one account for each person who uses the product, and set their permissions to allow their necessary tasks. You need to set a temporary password and communicate it with the end users, who should then change it. It is possible to force a user to do so by expiring its password. It is recommended to enforce a strict passwords policy by enabling the features and regularly expire passwords. Encryption and Certificates Each OCOM server uses a unique certificate to guarantee its authenticity and protect users data. The certificates are initially self-signed, and a warning will be shown to users on their first access. To improve security of the connection and suppress these warnings, it is recommended that you sign the server certificate using your organization's Public Key Infrastructure (PKI). Follow the steps on the Server Certificate screen, and consult with your network administrator to sign the certificates of each OCOM server. Plain HTTP access is not allowed. Connections with Oracle SBCs In OCOM connections from Oracle SBCs to ME machines are encrypted. These connections use TLS on port 4740. Unsecure connections are not allowed by default, unless the system has been upgraded from an earlier release that did not support it. Authentication is achieved by means of certificates. In a stand- alone scenario, you can Session Monitor Secure Configuration 1-1

On the SBC register the SBC certificate in Platform Setup Application as a trusted certificate, and register OCOM certificate in the SBC. If you prefer to manage certificates within a PKI, you can instead sign these certificates, and register the trusted Certificate Authority (CA) in each machine. On the SBC In PSA Follow instructions in the Oracle Support note to: Configure the connection to OCOM Create a certificate for the SBC Register the certificate of OCOM, which can be downloaded from PSA on the panel Server Certificate. Alternatively, register the CA used to sign it. Enable TLS In PSA, go to the panel, Trusted Certificates. Use the form to upload the certificate(s) of the SBC(s), which then appear in the list of trusted certificates. Alternatively, upload the CA that is used to sign SBCs certificates. The certificate format is X.509 / PEM. X.509 extensions are not supported, only the validity of signatures is verified. Unsecure Option If you do not wish to use encrypted connections, for instance for testing, you can allow unsecure connections from SBCs on the Trusted Certificate panel. You can then disable the TLS option in the SBC. These connections will use port 4739. However, this setup is not recommended in production. Connection between ME and MEC Email Notifications Connections with ISR The MEC machines can access the ME machines using HTTPS. Make sure that the urls entered in the AE to reach the ME machines start with https://. OCSM products can send notification emails. For this, it require access to an SMTP server, configurable with PSA. If the server requires authentication, an account needs to be created for OCOM. This account should not grant any other privileges that the product does not require. OCSM also supports TLS connections to the SMTP server. Connection with ISR is performed using HTTP protocol. OCOM interacts with the external system and the complete security feature depends on both parties configurations. Hence, it is recommended to use FACE server hostname only with HTTPS protocol scheme. 1-2 Session Monitor Security Guide

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback