Oracle Health Sciences Information Gateway. 1 Introduction. Security Guide Release 2.0.1

Similar documents
Copyright 1998, 2009, Oracle and/or its affiliates. All rights reserved.

JavaFX. JavaFX System Requirements Release E

Oracle Hospitality OPERA Exchange Interface Cloud Authentication. October 2017

General Security Principles

Security Guide Release 4.0

Defining Constants and Variables for Oracle Java CAPS Environments

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Installing and Updating Local Software Packages 12c Release

Oracle Health Sciences Information Manager. Overview. Cross-Enterprise Document Sharing Actors and Transactions

Oracle Communications Configuration Management

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Creating vservers 12c Release 1 ( )

1 Understanding the Cross Reference Facility

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need

Oracle Enterprise Manager Ops Center

Oracle Enterprise Manager

Oracle Enterprise Manager Ops Center. Introduction. Creating Oracle Solaris 11 Zones Guide 12c Release 1 ( )

PeopleSoft Fluid Required Fields Standards

New Features in Primavera Professional 15.2

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need

Oracle Database Firewall. 1 Downloading the Latest Version of This Document. 2 Known Issues. Release Notes Release 5.

OKM Key Management Appliance

Oracle Banking Channels Bank User Base

What s New for Cloud at Customer What's New for the Cloud Services on Oracle Cloud at Customer New Documentation for Oracle Cloud at Customer

Oracle Database Mobile Server

What s New for Oracle Cloud Stack Manager. Topics: July Oracle Cloud. What's New for Oracle Cloud Stack Release

Oracle Cloud What's New for Oracle WebCenter Portal Cloud Service

JD Edwards EnterpriseOne. Overview. Prerequisites. Web Client for ipad Quick Start Guide Release 8.98 Update 4, Service Pack 5

Oracle WebCenter Portal. Starting Points for Oracle WebCenter Portal Installation

Database Change Reference Release 6.3

Introduction to Auto Service Request

Materials Control. Account Classes. Product Version Account Classes. Document Title: Joerg Trommeschlaeger

Secure Configuration Guide

Oracle Utilities Opower Custom URL Configuration

PeopleSoft Fluid Icon Standards

Managing Zone Configuration

Oracle Hospitality Cruise Meal Count System Security Guide Release 8.3 E

Oracle Hospitality MICROS Commerce Platform Release Notes Release Part Number: E December 2015

Oracle Enterprise Manager. 1 Introduction. System Monitoring Plug-in for Oracle Enterprise Manager Ops Center Guide 11g Release 1 (

Oracle Enterprise Data Quality for Product Data

Oracle Utilities Advanced Spatial and Operational Analytics

Report Management and Editor!

Oracle Enterprise Manager Ops Center. Overview. What You Need. Create Oracle Solaris 10 Zones 12c Release 3 ( )

Oracle Hospitality Suite8 Export to Outlook User Manual Release 8.9. July 2015

Oracle Enterprise Manager Ops Center. Introduction. Provisioning Oracle Solaris 10 Operating Systems 12c Release 2 ( )

Oracle Exadata Healthchecks Plug-in Contents

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Hardware and Software Configuration

Microsoft Active Directory Plug-in User s Guide Release

Oracle Hospitality Query and Analysis Languages and Translation Configuration Guide. March 2016

JD Edwards EnterpriseOne Licensing

Oracle Argus Safety. 1 Configuration. 1.1 Configuring a Reporting Destination for the emdr Profile. emdr Best Practices Document Release 8.0.

Oracle Hospitality Cruise Fine Dining System Security Guide Release E

Oracle WebCenter Portal

Recipe Calculation Survey. Materials Control. Copyright by: MICROS-FIDELIO GmbH Europadamm 2-6 D Neuss Date: August 21 st 2007.

Microsoft Internet Information Services (IIS) Plug-in User s Guide Release

StorageTek Linear Tape File System, Library Edition

JavaFX. JavaFX 2.2 System Requirements Release 2.2 E

Oracle Fusion Middleware. 1 Introduction. 1.1 Supported Functionality and Intended Use. 1.2 Limitations

Documentation Accessibility. Access to Oracle Support

MySQL Port Reference

Oracle Retail MICROS Stores2 Functional Document Sales - Receipt List Screen Release September 2015

Oracle Enterprise Manager Ops Center E Introduction

Oracle Configuration Manager

Importing an SNA Custom Handshake Class

Oracle Enterprise Manager Ops Center. Introduction. Creating Oracle Solaris 11 Zones 12c Release 2 ( )

Contents About Connecting the Content Repository... 5 Prerequisites for Configuring a Content Repository and Unifier... 5

Oracle Tuxedo Mainframe Adapter for SNA

Oracle Utilities Smart Grid Gateway

Oracle Fusion Middleware. 1 Contents. 2 Where to Find Oracle WebLogic Tuxedo Connector Samples. 3 Configuring the Oracle WebLogic Tuxedo Connector

Oracle Enterprise Manager Ops Center

Oracle Utilities Work and Asset Management Integration to Primavera P6 Enterprise Project Portfolio Management

JavaFX. JavaFX System Requirements Release E

Export generates an empty file

Oracle Database Express Edition

Oracle Fusion Middleware Creating Domain Templates Using the Domain Template Builder. 12c ( )

Oracle Enterprise Manager Ops Center. Introduction. What You Will Need. Configure and Install Root Domains 12c Release 3 (

Oracle. Field Service Cloud Using the Parts Catalog

Materials Control Recipe Reduction based on Article Defaults

Oracle Enterprise Manager

Oracle Communications Policy Management Configuring NetBackup for Upgrade Method of Procedure

Oracle Hospitality BellaVita Hardware Requirements. June 2016

Oracle Communications Order and Service Management. OSM New Features

Taleo Enterprise Deep Linking Configuration Guide Release 17

Oracle Linux. UEFI Secure Boot Signing Key Update Notice

Oracle Hospitality Cruise AffairWhere Security Guide Release E April 2017

Oracle Enterprise Manager Ops Center

Oracle Fusion Middleware

Supported Browsers. Known Issues. Topics: Oracle Cloud. Known Issues for Oracle Java Cloud Service Release

Oracle NoSQL Database Integration with SQL Developer. Release 18.1

Oracle. Field Service Cloud Using Android and ios Mobile Applications 18B

Materials Control. Installation MC POSWebService. Product Version Joerg Trommeschlaeger. Date: Version No. of Document: 1.

Modeling Network Integrity Release 7.3.1

See Network Integrity Installation Guide for more information about software requirements and compatibility.

Oracle Payment Interface Installation and Reference Guide Release E April 2018

Module Code Entries Utility Oracle FLEXCUBE Universal Banking Release [December] [2016]

Downloading Oracle Configuration Manager

Introduction to Administration

Oracle Enterprise Data Quality. 1 Overview. 2 Prerequisites. Siebel Connector Installation Guide 11g Release 1 ( )

Spend less on file attachment storage space Reliably back up your data or file attachments Use your OpenAir data in your reporting tools

Oracle Fusion Middleware

Oracle Fusion Middleware

Oracle Hospitality OPERA Cloud Services Security Guide Release 1.20 E June 2016

Transcription:

Oracle Health Sciences Information Gateway Security Guide Release 2.0.1 E37114-02 October 2013 This guide describes important security management options for Oracle Health Sciences Information Gateway (HIG). 1 Introduction This guide presents the following security guidelines and recommendations: Configuring Strong Passwords on the Database Changing the Default Apache James Server s Root Password Restricting Access to Sensitive Files and Directories Securing the Oracle Databases Using SSL Configuring Other Apache James Parameters to Secure Health Email Server Closing All Unused Open Ports Keeping Telnet Service Disabled for Remote Session Keeping Other Unused Services Disabled 1

2 Configuring Strong Passwords on the Database Although the importance of passwords is well known, the following basic rule of security management is worth repeating: Ensure all your passwords are strong. You can strengthen passwords by creating and using password policies for your organization. For guidelines on securing passwords and for additional ways to protect passwords, refer to the Oracle Database Security Guide specific to the database release you are using. You should modify the following passwords to use your policy-compliant strings: Passwords for the database default accounts, such as SYS and SYSTEM. Database application-specific schema accounts, such as JAMESUSER and DIRECTUSER. Note: Ensure that you do not set a password for the database listener in the listener.ora file. The local operating system authentication will secure the listener administration. The remote listener administration is disabled when the password is not set. This prevents brute force attacks on the listener password. 3 Changing the Default Apache James Server s Root Password To prevent unauthorized access to Apache James Admin Console, Oracle recommends that you change the James admin password (sometimes referred to as the root password) immediately after configuring the Oracle Secure Health Email server. Oracle has extended the Apache James Server to read encrypted password stored in config.xml. To change and encrypt the password, refer to the Secure Health Email Installation and Configuration Guide Release 2.0.1, section H, Password Encoding. Since the administrative passwords are present in the Apache James config.xml file (<james_home>/apps/james/sar-inf/config.xml), the OS user should have readable permissions on the Apache James server. 4 Restricting Access to Sensitive Files and Directories Oracle recommends limiting the access to the files and directory containing sensitive information. In Linux environment, default files and directories to 740 or 640 permissions as applicable. Some of the sensitive files are listed below: Apache James: Below files have encrypted passwords or reference to them. - config.xml file under <james_home>apps/james/sar-inf - beans.xml under <james_home>/bin/ - config.properties under <james_home>/bin/ Log files are stored under the following directories: 2

- <james_home>/temp/ - <james_home>/apps/james/logs/ GlassFish: - <GlassFish_home>/domains/<domain_name>/config/domain.xml - <GlassFish_home>/domains/<domain_name>/logs 5 Securing the Oracle Databases The Oracle Secure Health Email server deals with sensitive and personal information. It is recommended to take all necessary steps to secure the Oracle database used for storing emails, inbox, as well as database used as OHIM Public Key Directory, for storing keys, certificates, and trust anchors of users. Oracle recommends securing these database servers. Use TDE (Transparent Data Encryption) to protect the credentials and email stores. Note that TDE is part of the Oracle Advanced Security Option and is an additional cost. To protect this information from the DBA, use the Oracle Data Vault (also an additional cost option). 6 Using SSL Oracle recommends to configure the Oracle Secure Health Email server to be used with SSL connections. The following are the configuration steps: Edit ssl server socket factory and update it with the correct keystore path and passwords. Enable both smtpserver and pop3server for TLS use. If you are connecting to remote SMTP gateway or SMTP server through SSL, ensure to specify javax.net.ssl.sslsocketfactory to be used as socket factory by ExtendedRemoteDelivery mailet. For more details, refer to Oracle Secure Health Email Installation and Configuration Guide, Release 1.2, E22884-01 and the following Apache James 2.3.2 Wiki pages: http://james.apache.org/server/2.3.2/usingtls.html http://james.apache.org/server/2.3.2/smtp_configuration.html http://james.apache.org/server/2.3.2/pop3_configuration.html Oracle recommends using two-way SSL while using GlassFish or WebLogic application servers. CONNECT Gateway, Adapters, and XCA Gateway applications are standard Java EE application and can utilize an industry standard security infrastructure and framework. There is no configuration required on the applications. The application Server (WebLogic or GlassFish) provides SSL service. For more information about configuring SSL, see the Application Server's documentation. When SSL or TLS is configured, it is recommended to use TLS_RSA_WITH_AES_128_ CBC_SHA cipher instead of SSL_RSA_WITH_3DES_EDE_CBC_SHA for TLS authentication. 3

7 Configuring Other Apache James Parameters to Secure Health Email Server The Secure Health Email Server is built on top of Apache James Server and the VM template is configured with the following parameter to improve security. Oracle recommends that you continue to use the following configurations. config.xml (<james_home>/apps/james/sar-inf/) file elements. Table 1 Apache James Parameters XPath to Configuration Element /config/smtpserver/handler/authrequired /config/smtpserver/handler/authorizedaddre sses /config/smtpserver/handler/verifyidentity Description Enables SMTP authentication Authorizes specific addresses or networks Verifies sender addresses, ensuring that the sender address matches the authenticated user 8 Closing All Unused Open Ports Keep only the minimum number of ports open. You should close ports that are not in use. Configure Secure Health Email server with only minimum number of required ports. If you are using standard SMTP and POP3 ports then you may want to open port 25 and 110. If you change these default standard ports in Apache James configuration file, ensure you close unused standard ports. 9 Keeping Telnet Service Disabled for Remote Session By default, Telnet listens on port 23. Telnet, which sends clear-text passwords and user names through a log in, is a security risk to your servers. If the Telnet service is available on any system, it is recommended to disable Telnet in favor of Secure Shell (SSH). Disabling Telnet protects your system security. 10 Keeping Other Unused Services Disabled Secure Health Email server, CONNECT Gateway, Adapter, and XCA Gateway servers does not use following protocols, services, or information for its functionality: Identification Protocol (identd): Identifies the owner of a TCP connection on UNIX. Simple Network Management Protocol (SNMP): Manages and reports information about different systems. File Transfer Protocol (FTP): Transfers or copies file from one host to another. FTP is inherently insecure and should be disabled. Network News Transfer Protocol (NNTP): Apache James 2.3.2 server supports NNTP apart from SMTP and POP3 protocols. NNTP is an Internet application protocol used for transporting Usenet news articles between news servers and for reading and posting articles by end-user client applications. 4

11 Documentation Accessibility For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc. Access to Oracle Support Oracle customers have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired. Oracle Health Sciences Information Gateway Security Guide, Release 2.0.1 E37114-02 Copyright 2012, 2013, Oracle and/or its affiliates. All rights reserved. This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited. The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing. If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is applicable: U.S. GOVERNMENT RIGHTS Programs, software, databases, and related documentation and technical data delivered to U.S. Government customers are "commercial computer software" or "commercial technical data" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, the use, duplication, disclosure, modification, and adaptation shall be subject to the restrictions and license terms set forth in the applicable Government contract, and, to the extent applicable by the terms of the Government contract, the additional rights set forth in FAR 52.227-19, Commercial Computer Software License (December 2007). Oracle America, Inc., 500 Oracle Parkway, Redwood City, CA 94065. This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group. This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services. 5

6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback