Copyright © 2012 Splunk Inc. Splunking PeopleSoft Marquis Montgomery Security Architect/Team Lead, Corporate Security.

Slides:

Advertisements

Similar presentations

Refeng Wu CQ5 WCM System Administrator

Advertisements

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

Client Principal in the wild

ATTACKING AUTHENTICATION The Web Application Hacker’s Handbook, Ch. 6 Presenter: Jie Huang 10/31/2012.

Web Application Security SSE USTC Qing Ding. Agenda General security issues Web-tier security requirements and schemes HTTP basic authentication based.

GoldenGate Monitoring and Troubleshooting

Securing Oracle Databases CSS-DSG JTrumbo. Audit Recommendations -Make sure databases are current with patches. -Ensure all current default accounts &

Chapter 9 Auditing Database Activities

MITP 458 Application Layer Security By Techjocks.

Confidential Date Project ONE CLICK : 12/26/2006 Oracle Single Sign-On Sridhar Gangapuram Manager, Oracle Applications (Phoenix) Roger Raj Sr. Technical.

Mark Harr Multi-Tier Development in.Net.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Introduction To Windows NT ® Server And Internet Information Server.

CSE 190: Internet E-Commerce

Securing Enterprise Applications Rich Cole. Agenda Sample Enterprise Architecture Sample Enterprise Architecture Example of how University Apps uses Defense.

Presenter: Raman Chohan. AGENDA Oracle Best Practices Oracle Backups Why upgrade to Oracle 11? Performance Troubleshooting axiUm Pre-Upgrade Checklist.

1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Technical Support Presentation Using the Cisco Technical Support.

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

Copyright © 2007, SAS Institute Inc. All rights reserved. SAS Activity-Based Management Survey Kit (ASK): User Management & Security.

Coppin State College PeopleSoft Architecture: Installing & Configuring Or “What I wish I knew a year ago!”

PI Data Access via OLE DB/SQL

9/10/20151 Hyperion Enterprise 6.5 New Features & Functionality Robert Cybulski, CPA Finit Solutions.

Everything the web administrator needs to know about MOM 2005 Chris Adams Program Manager IIS Product Unit Microsoft Corp.

Troubleshooting Replication and Geodata Services

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Eric Westfall – Indiana University James Bennett – Indiana University ADMINISTERING A PRODUCTION KUALI RICE INFRASTRUCTURE.

Integration Broker PeopleTools Integration Broker Steps –Introduction & terminologies –Application Server PUB/SUB services (Application Server)

Protecting Patron Information in a Consortial Environment Issues and Strategies Jennifer Kuntz

Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.

Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:

Mastering Windows Network Forensics and Investigation Chapter 13: Logon and Account Logon Events.

Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.

Eric Westfall – Indiana University James Bennett – Indiana University ADMINISTERING A PRODUCTION KUALI RICE INFRASTRUCTURE.

Electronic data collection system eSTAT in Statistics Estonia: functionality, authentication and further developments issues 4th June 2007 Maia Ennok,

Module 8: Planning and Troubleshooting IPSec. Overview Understanding Default Policy Rules Planning an IPSec Deployment Troubleshooting IPSec Communications.

Coppin State College PeopleSoft 8.x Architecture: Installing & Configuring Or “What I wish I knew a year ago!”

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 9 Auditing Database Activities.

An Enterprise Computer Architecture ASIG – Sept 12, 2001.

Copyright © 2006 Pilothouse Consulting Inc. All rights reserved. Impersonation in SharePoint Developers use impersonation when an application needs to.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

©Copyright Audit Serve, Inc All Rights Reserved Application design issues which cause database management issues Database Authentication Approaches:

Using MOS – Latest Features, Enhancements and OCM Deployment Methods April C. Sims, DBA Southern Utah University Session # 338.

Overview of Security Investments in SQL Server 2016 and Azure SQL Database Jamey Johnston 1/15/2016Security Investments in SQL Server 2016 and Azure SQL.

F5 APM & Security Assertion Markup Language ‘sam-el’

1 © 2004 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Technical Support Seminar Using the Cisco Technical Support Website.

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

Enterprise Resource Planning - PeopleSoft. An ERP system is a business support system that maintains in a single database the data needed for a variety.

1 Global Marketing Confidential Stat – Simplify Change Management and Version Control with Stat Fernando Volonte Product Manager.

Putting Your Head in the Cloud Working with SQL Azure David Postlethwaite 18/06/2016David Postlethwaite.

1 Copyright © 2005, Oracle. All rights reserved. Oracle Database Administration: Overview.

Srinivas Balivada USC CSCE548 07/22/2016.  Cookies are generally set server-side using the ‘Set-Cookie’ HTTP header and sent to the client  In PHP to.

Defense In Depth: Minimizing the Risk of SQL Injection

562: Power of Single Sign-On in OpenEdge

User Portal Error Messages

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

Nicholas Hsiao Critical Log Review Checklist for Security Incidents – By ArcSight Logger For template guidelines or applying this.

Building Regression Tests With PeopleSoft Test Framework

API Security Auditing Be Aware,Be Safe

What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.

SAP ABAP Online Training

Getting Started with LANGuardian

Security & Architecture

Oracle HFM Implementation Boot Camp

End-user measurement combined with deep technical visibility

Create New User in Database. First Connect the System.

We Need To Talk Security

Presentation transcript:

Copyright © 2012 Splunk Inc. Splunking PeopleSoft Marquis Montgomery Security Architect/Team Lead, Corporate Security

AGENDA What is PeopleSoft? Realistic PeopleSoft architectures Limitations we’re trying to mitigate Use cases & how we do it How you can do it

PeopleSoft vs PeopleTools PeopleSoft Version –Denoted by module with two numbers (HCM 9.1, SA 8.9) PeopleTools Version –Denoted with three numbers ( ) –[major release]. [minor release]. [dot release] 3

Basic Architecture PeopleSoft Internet Architecture (PIA) v8 –Also called Pure Internet Architecture 3-tier vs 2-tier –3-tier via the web (web, app, db) –2-tier via Application Designer (app, db) 4

Realistic Architecture

PeopleSoft in the Enterprise 6 PRD DEV TST STG

PeopleSoft Limitations Generic ID’s used (and often required) for application maintenance –‘VP1’ level ID in the application –SYSADM at the database tier (App -> DB) Row level auditing within the application is expensive Limited (or no) security information from Oracle about vulnerabilities Many versions of PSFT and PTools, long upgrade cycle & patching quarterly not always possible Widely distributed system with lots of log sources 7

WebLogic Use Cases 1) Table of IP to web requests (Time, IP, GET/POST, response code) 2) Breakdown by response code (200, 404, 304, etc) 3) URL history per IP 4) Portions of the app accessed the most (pageletname) 5) No app server available / no available application server domain / Jolt session pool 6) IB connector errors (free form search / troubleshooting) 7) DetectCSRF 8) Untrusted Server Certificate chain 8

Application Server Use Cases 1) All errors, notices, & warnings 2) Authentication failures 3) Authentication succeeded 4) Guest activity 5) LDAP Errors & failures 6) New auth token 7) password encryption notices 8) password expired 9) switch user attempt 10) Invalid user / pwd over threshold alert 9

Database Server Use Cases 1) Authentication success 2) Authentication failure 3) Drops, alters, rollbacks, commits  DBA activity 4) DBA activity (depending on logging)  Sensitive data selects (National ID field) 10

WebLogic Log Sources 11 Log nameContents 1. AccessClient IP, date & time, URL request, response code 2. ServletsDebug & troubleshooting information from clients, some security alerts (CSRF) 3. StderrError messages related to the webservers

BEA Tuxedo Log Sources 12 Log nameContents 1. authentication success / fail, 2. TuxlogApp server restart activity, Tuxedo version 3. Tuxaccess# of clients on app server, logon / logoff activity, username, client IP 4. WatchsrvPID, current state, version, domains booted

Let’s see how it looks DEMO 13

How you can do it WebLogic – – ng/EnableAndConfigureHTTPLogs.htmlhttp://docs.oracle.com/cd/E12840_01/wls/docs103/ConsoleHelp/taskhelp/loggi ng/EnableAndConfigureHTTPLogs.html PeopleSoft App Server – Oracle DB – 14

How you can do it Splunk PeopleSoft TA – CedarCrestone Oracle 10G TA – CedarCrestone Oracle 11G TA – 15

Q&A (Thank 16