Presentation is loading. Please wait.

Presentation is loading. Please wait.

Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation.

Published byIlene Chambers Modified over 9 years ago

Similar presentations

Presentation on theme: "Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation."— Presentation transcript:

1

2 Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation

3 Oracle E-Business Suite Security Management

4 Agenda  Security Guidelines  Secure Architectures  11i.10 User Management  Questions and Answers

5 Security Guidelines

6 Security Policy  Authentication  Authorization  Auditing Not just for the paranoid any more!

7 Patching  Security Alerts – Oracle Quarterly Critical Patch Update (CPU)  Middle of January, April, July, October  Covers all Oracle products  http://www.oracle.com/technology/deploy/security – Also monitor alerts for your Hardware platform.  Operating System  Java  Management tools, …

8 11i Security Best Practices  MetaLink article 189367.1 – Maintained continuously, check periodically for updated advice (see change log)  Major document update released 12/06/2004 – Assumes current patch level  11.5.9 + Recommended Patch Level or 11.5.10 – Most advice is now automated via latest AutoConfig and OAM

9 Oracle Database  Get to recommended database: 9.2.0.5+  Harden the database and server machine…  Check privileges on APPLSYSPUB/PUB – $FND_TOP/patch/115/sql/afpub.sql  Change default passwords for Apps accounts – Listed in FND_ORACLE_USERID – Use FNDCPASS

10 Oracle Database  Do not expose APPS password – Create alternate accounts  Named accounts per human/system  Limited grants to APPS, according to role  Audit changes to database security and setup – Heavy auditing on human accounts, less on APPS – Restrict access to audit information

11 OAM Trusted Host Registration

12 OAM Security Dashboard

13 OAM Page Flow Logging

14 Secure Architectures

15 Application Server  Use SSL (HTTPS) for Web Listener – Recommended for internal use as well – New SSL Setup wizard in OAM 11.5.10 – Manual Setup: Metalink 123718.1, 277574.1 – Performance considerations  mod_ssl: about 15% increase in CPU load  Hardware accelerators now supported

16 OAM SSL Configuration Wizard

17 External Server Security External Server Internal Server External PC Internal PC Control which responsibilities are externally available. Users accessing from outside your firewall will see a restricted set of Responsibilities in the Navigator.

18 External Server Security  Mark External Servers – Node Trust Level (Server Profile Option)  Set to "External" for externally facing servers  Set to "Normal" at Site level  Mark Externally available Responsibilities – Responsibility Trust Level (Profile Option)  Set to "External" for externally available resps  Set to "Normal" at Site level'  External access restricted by security system

19 DMZ Reverse Proxy (future)  Relays valid requests to Application Server – Apache or WebCache  No Applications Code on this tier – URL filtering limits access to specific pages  External product teams will supply URL patterns  Mitigates the "unnecessary code" problem  Certification in progress – Look for white paper in process note 287176.1

20 E-Business Suite Configuration  Harden EBS Security Setup – Check GUEST user privileges – Review access to powerful forms (Security, SQL) – Check settings of critical profile options – Enable Auditing  Sign-on Audit at the "Form" level  Audit Trail for key security tables

21 11i.10 User Management

22 11i Basic Security  Responsibility  User – Menu(s)  Function(s) Res p

23 New Model: User Management  Optional 11i.10 permission repository – Full registry of what is available – Administration at the business level  Roles simplify administration – Grants to Roles represent policy, rarely change – Hierarchical Roles reuse common setup  Allows for delegated administration – Security Administrator defines Role Permissions – Role Administrators manage Role Membership

24 Role Based Access Control – A Role is the actions and activities assigned to a person or group. – A role can be modeled using  Responsibilities  Permissions  Function Security Policies  Data Security Policies – A user can be assigned several roles. – A role can be assigned to several users.

25 Role Based Access Control Description Roles Function Security Rules Data Security Rules PermissionsResponsibilities

26 User Management Key Features – Role Based Management – Role Inheritance – Self Service Registration – Delegated User Management

27 Role Based Management

28 Registration Process Description Types of Registration Processes – Self Service Account Requests – Requests for Additional Access – Account Creation and Access Role Assignment by Administrators

29 Registration Process Link generated using User Management’s registration link generator

30 Request Access

31 Delegated Administration 1. Create a role that that represents a set of local administrators 2. Identify the subset of users the admin can manage and the administrative functions that can performed on this user set 3. Identify the organizational relationships the admin can manage 4. Choose roles that the administrator can administer 5. Grant any other permissions if necessary

32 Delegated Administration Create Role

33 Delegated Administration

34 Org A Org B Partner Admin Of Org A Reseller of

35 Delegated Administration How to Setup this Feature

36 Resources

37 User Management Strategic Implementation Program  Ensure smooth implementations for new products  Requires willingness and commitment  Discuss with local applications sales team

38 Oracle Metalink Notes  Note 258281.1 - About User Management  Note 189367.1 – Security Best Practices  Note 287176.1 – DMZ Configuration  RBAC http://csrc.nist.gov/rbac/rbac-std- ncits.pdfhttp://csrc.nist.gov/rbac/rbac-std- ncits.pdf

39 A Q & Q U E S T I O N S A N S W E R S

40

Download ppt "Brent Mosher Senior Sales Consultant Applications Technology Oracle Corporation."

Similar presentations

Security Update Server Registration, Active scanning and Windows patching.

Security Update Server Registration, Active scanning and Windows patching.
ITS NCID Next Generation (NG) Project Overview April 21, 2010.

ITS NCID Next Generation (NG) Project Overview April 21, 2010.
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government.

Jason Ming Sun ICT Academic Systems University of South Africa Government CIO Summit Towards reducing costs of doing business in government.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Web Plus Overview Division of Cancer Prevention and Control National Center for Chronic Disease Prevention and Health Promotion CDC Registry Plus Training.

Web Plus Overview Division of Cancer Prevention and Control National Center for Chronic Disease Prevention and Health Promotion CDC Registry Plus Training.
Futures – Alpha Cloud Deployment and Application Management.

Futures – Alpha Cloud Deployment and Application Management.
Want To Secure Your Database ? Ask Me How! Presented by: Nitesh Chiba, Principal Consultant, RDC Casper Wolmarans, Service Delivery Manager, RDC.

Want To Secure Your Database ? Ask Me How! Presented by: Nitesh Chiba, Principal Consultant, RDC Casper Wolmarans, Service Delivery Manager, RDC.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.

NETOP ONDEMAND What’s new in version 2.1? DECEMBER 09 NETOP ONDEMAND1.
Understanding Active Directory

Understanding Active Directory
Account Reset Console Delegated and secure self password resets Joe Vachon Sales Engineer.

Account Reset Console Delegated and secure self password resets Joe Vachon Sales Engineer.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Best Practices for Securing Oracle EBS R12

Best Practices for Securing Oracle EBS R12
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Similar presentations

Ads by Google