Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.

Slides:



Advertisements
Similar presentations
Security Update Server Registration, Active scanning and Windows patching.
Advertisements

ITS NCID Next Generation (NG) Project Overview April 21, 2010.
METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Web Plus Overview Division of Cancer Prevention and Control National Center for Chronic Disease Prevention and Health Promotion CDC Registry Plus Training.
Futures – Alpha Cloud Deployment and Application Management.
Want To Secure Your Database ? Ask Me How! Presented by: Nitesh Chiba, Principal Consultant, RDC Casper Wolmarans, Service Delivery Manager, RDC.
Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.
Understanding Active Directory
Account Reset Console Delegated and secure self password resets Joe Vachon Sales Engineer.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Course 201 – Administration, Content Inspection and SSL VPN
Best Practices for Securing Oracle EBS R12
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Best Practices in Moodle Administration Best Practices in Moodle Administration A variety of topics from technical to practical Jonathan Moore Vice President.
MAE Atlassian Tool Suite Administration Training July 8 th, 2013.
1 Infrastructure Hardening. 2 Objectives Why hardening infrastructure is important? Hardening Operating Systems, Network and Applications.
Securing Microsoft® Exchange Server 2010
Threat Management Gateway 2010 Questo sconosciuto? …ancora per poco! Manuela Polcaro Security Advisor.
Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Philadelphia Area SharePoint User Group Building Customer/Partner Extranets Designing a Secure Extranet with Sharepoint 2007 Russ Basiura RJB Technical.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?
Access Training Linux/Unix Power Broker Access Custom Schema Database Access Customer Training Date: 25-JAN-2005.
Microsoft SharePoint Server 2010 for the Microsoft ASP.NET Developer Yaroslav Pentsarskyy
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
Sudha Iyer Principal Product Manager Oracle Corporation.
Managing the Oracle Application Server with Oracle Enterprise Manager 10g.
Module 6 Securing Content. Module Overview Administering SharePoint Groups Implementing SharePoint Roles and Role Assignments Securing and Auditing SharePoint.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
Database Role Activity. DB Role and Privileges Worksheet.
Security fundamentals Topic 2 Establishing and maintaining baseline security.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Creating SmartArt 1.Create a slide and select Insert > SmartArt. 2.Choose a SmartArt design and type your text. (Choose any format to start. You can change.
Leon Tu Applications Technology Group Oracle Corporation
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
8 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. BI Publisher Server: Administration and Security.
Jack Malloch Product Service Advisor Global Support Services.
- World Class, Industry Leading Customer Support.
JN0-561 Juniper Juniper Networks Certified Internet Associate, J-series Visit:
Secure Data Access with SQL Server 2005 Doug Rees Associate Technologist, CM Group
IS 4506 Windows NTFS and IIS Security Features.  Overview Windows NTFS Server security Internet Information Server security features Securing communication.
CERN IT Department CH-1211 Genève 23 Switzerland t Single Sign On, Identity and Access management at CERN Alex Lossent Emmanuel Ormancey,
Agenda  Microsoft Directory Synchronization Tool  Active Directory Federation Server  ADFS Proxy  Hybrid Features – LAB.
Michael Mast Senior Architect Applications Technology Oracle Corporation.
By: Matt Winkeler.  PCI – Payment Card Industry  DSS – Data Security Standard  PAN – Primary Account Number.
9 Copyright © 2004, Oracle. All rights reserved. Getting Started with Oracle Migration Workbench.
L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Jean-Philippe Baud, IT-GD, CERN November 2007
Nithyamoorthy S Core Mind Technologies
Stop Those Prying Eyes Getting to Your Data
Michael Mast Senior Architect
My Oracle Support (The next generation Metalink experience) lynn
Welcome to our first session!
What Is Sharepoint? Mohsen Ashkboos
Oracle E-Business Suite cybersecurity risks and mitigation
Implementing Database Roles in the Enterprise Geodatababse
SharePoint Online Authentication Patterns
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation

Oracle E-Business Suite Security Management

Agenda  Security Guidelines  Secure Architectures  11i.10 User Management  Questions and Answers

Security Guidelines

Security Policy  Authentication  Authorization  Auditing Not just for the paranoid any more!

Patching  Security Alerts – Oracle Quarterly Critical Patch Update (CPU)  Middle of January, April, July, October  Covers all Oracle products  – Also monitor alerts for your Hardware platform.  Operating System  Java  Management tools, …

11i Security Best Practices  MetaLink article – Maintained continuously, check periodically for updated advice (see change log)  Major document update released 12/06/2004 – Assumes current patch level  Recommended Patch Level or – Most advice is now automated via latest AutoConfig and OAM

Oracle Database  Get to recommended database:  Harden the database and server machine…  Check privileges on APPLSYSPUB/PUB – $FND_TOP/patch/115/sql/afpub.sql  Change default passwords for Apps accounts – Listed in FND_ORACLE_USERID – Use FNDCPASS

Oracle Database  Do not expose APPS password – Create alternate accounts  Named accounts per human/system  Limited grants to APPS, according to role  Audit changes to database security and setup – Heavy auditing on human accounts, less on APPS – Restrict access to audit information

OAM Trusted Host Registration

OAM Security Dashboard

OAM Page Flow Logging

Secure Architectures

Application Server  Use SSL (HTTPS) for Web Listener – Recommended for internal use as well – New SSL Setup wizard in OAM – Manual Setup: Metalink , – Performance considerations  mod_ssl: about 15% increase in CPU load  Hardware accelerators now supported

OAM SSL Configuration Wizard

External Server Security External Server Internal Server External PC Internal PC Control which responsibilities are externally available. Users accessing from outside your firewall will see a restricted set of Responsibilities in the Navigator.

External Server Security  Mark External Servers – Node Trust Level (Server Profile Option)  Set to "External" for externally facing servers  Set to "Normal" at Site level  Mark Externally available Responsibilities – Responsibility Trust Level (Profile Option)  Set to "External" for externally available resps  Set to "Normal" at Site level'  External access restricted by security system

DMZ Reverse Proxy (future)  Relays valid requests to Application Server – Apache or WebCache  No Applications Code on this tier – URL filtering limits access to specific pages  External product teams will supply URL patterns  Mitigates the "unnecessary code" problem  Certification in progress – Look for white paper in process note

E-Business Suite Configuration  Harden EBS Security Setup – Check GUEST user privileges – Review access to powerful forms (Security, SQL) – Check settings of critical profile options – Enable Auditing  Sign-on Audit at the "Form" level  Audit Trail for key security tables

11i.10 User Management

11i Basic Security  Responsibility  User – Menu(s)  Function(s) Res p

New Model: User Management  Optional 11i.10 permission repository – Full registry of what is available – Administration at the business level  Roles simplify administration – Grants to Roles represent policy, rarely change – Hierarchical Roles reuse common setup  Allows for delegated administration – Security Administrator defines Role Permissions – Role Administrators manage Role Membership

Role Based Access Control – A Role is the actions and activities assigned to a person or group. – A role can be modeled using  Responsibilities  Permissions  Function Security Policies  Data Security Policies – A user can be assigned several roles. – A role can be assigned to several users.

Role Based Access Control Description Roles Function Security Rules Data Security Rules PermissionsResponsibilities

User Management Key Features – Role Based Management – Role Inheritance – Self Service Registration – Delegated User Management

Role Based Management

Registration Process Description Types of Registration Processes – Self Service Account Requests – Requests for Additional Access – Account Creation and Access Role Assignment by Administrators

Registration Process Link generated using User Management’s registration link generator

Request Access

Delegated Administration 1. Create a role that that represents a set of local administrators 2. Identify the subset of users the admin can manage and the administrative functions that can performed on this user set 3. Identify the organizational relationships the admin can manage 4. Choose roles that the administrator can administer 5. Grant any other permissions if necessary

Delegated Administration Create Role

Delegated Administration

Org A Org B Partner Admin Of Org A Reseller of

Delegated Administration How to Setup this Feature

Resources

User Management Strategic Implementation Program  Ensure smooth implementations for new products  Requires willingness and commitment  Discuss with local applications sales team

Oracle Metalink Notes  Note About User Management  Note – Security Best Practices  Note – DMZ Configuration  RBAC ncits.pdfhttp://csrc.nist.gov/rbac/rbac-std- ncits.pdf

A Q & Q U E S T I O N S A N S W E R S

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.