Security is very important factors for Oracle Apps DBAs.
The Metalink Doc : [ID 403537.1], Secure Configuration Guide for Oracle E-Business Suite Release 12, Shares us the Guide for R12 Security configuration and Security check script.
Login to metalink and make us of it …. Very helpful Security Guide and Scripts are very helpful too..
Below are the Extracts (Unless you have metalink access, you wont get those these).
Secure Configuration Guide for Oracle E-Business Suite Release 12
This document provides practical advice for secure configuration of the Oracle E-Business Suite Release 12.0 and 12.1.
Secure Configuration Guide for Oracle E-Business Suite Release 12 Version 1.1.1 (PDF)
Additionally, the following zip file provides a set of scripts to verify the proper setting of many of the values recommended in this document.
Oracle E-Business Suite Security Configuration Check Scripts (ZIP)
The document contains the following sections:
•Overview ?Keep software up to date
?Restrict network access to critical services
?Follow the principle of least privilege
?Monitor system activity
?Keep up to date on latest security information
• Oracle TNS Listener Security ?Harden operating environment
?Add IP restrictions or enable Valid Node Checking
?Specify connection timeout
?Enable encryption of network traffic
?Enable TNS Listener password (only if required)
?Enable admin restrictions
?Enable TNS Listener logging
• Oracle Database Security ?Harden operating environment
?Disable XDB
?Review database links
?Remove operating system trusted remote logon
?Implement two profiles for password management
?Change default installation passwords
?Restrict access to SQL trace files
?Remove operating system trusted remote roles
?Limit file system access within PL/SQL
?Limit dictionary access
?Revoke unneccessary grants given to APPLSYSPUB
?Configure the database for auditing
?Audit database connections
?Audit database schema changes
?Audit other activities
?Audit administrators and their actions
?Review audit records
?Maintain audit records
?Secure audit records
• Oracle Application Tier Security ?Harden operating environment
?Harden Apache configuration
?Protect administrative web pages
?Configure logging
• Oracle E-Business Suite Security
?Harden operating environment
?Strike passwords from adpatch logs
?Set Workflow notification mailer SEND_ACCESS_KEY to N
?Set Tools environment variables
?Restrict filetypes that may be uploaded
?Enable Antisamy HTML filter
?Use SSL (HTTPS) between browser and web server
?Avoid Weak Ciphers and Protocols for SSL (HTTPS)
?Use External Webtier if exposing any part of EBS to the internet
?Use Terminal Services for client-server programs
?Change passwords for seeded application user accounts
?Switch to Hashed Passwords
?Tighten logon and session profile options
?Consider using Single-Sign-On
?Create new user accounts safely
?Create shared responsibilities instead of shared accounts
?Configure Concurrent Manager for safe authentication
?Configure Concurrent Manager for Start and Stop without the APPS password
?Activate Server Security
?Create DBC files securely
?Review and limit Responsibilities and Permissions
?Set other security related profile options
?Restrict responsibilities by web server trust level
?Set Sign-On audit level
?Monitor system activity with OAM
?Retrieve audit records using Reports
?Retrieve audit records using SQL
?Purge audit records
?Review data tracked (no Reports available)
?Configuring audit trail
?Generate and identify audit trail objects
?Choose tables to audit
?Retrieve audit records using SQL
?Purge audit records
?References on Oracle E-Business Suite auditing
• Desktop Security
?Configure browser
?Update browser
?Turn off AutoComplete
?Set policy for unattended PC sessions
• Operating Environment Security ?Cleanup file ownership and access
?Cleanup file permissions
?Lockdown operating system libraries and programs
?Filter IP packets
?Prevent spoofing
?Eliminate telnet, rsh and ftp daemons
?Verify network configuration
?Monitor for attacks
?Configure accounts securely
?Limit root access
?Manage user accounts
?Secure NFS
?Secure operating system devices
?Secure executables
?Secure file access
• Extras for Experts
?Detect and Prevent Duplicate User Sessions
?Customize Password Validation
?Encrypt Credit Cards
?Advanced Security/Networking Option (ASO/ANO)
?Advanced Security/Transparent Data Encryption (ASO/TDE)
?Practice Safe Cloning
?Hardening External Procedure (EXTPROC) Services
?EXTPROC Listener Configuration
?EXTPROC Testing Procedure
• Appendix A: Running Web-Scanning Tools
• Appendix B: Sensitive Administrative Pages
• Appendix C: Database Schemas found in Oracle E-Business Suite
• Appendix D: Processes used by Oracle E-Business Suite
• Appendix E: Ports used by Oracle E-Business Suite
• Appendix F: Sample Linux Hardening of the Application Tier
• Appendix G: Security Check Scripts
• Appendix H: References & More Resources
Keywords: E-Business, Secure Configuration, Hardening, Best Practice, Security
Recommended Posts
