Presentation is loading. Please wait.

Presentation is loading. Please wait.

1. Oracle Enterprise Manager Security Best Practices Huaqing Wang, Senior Product Manager, Oracle Ravi Pinnamaneni, Consulting Member of Technical Staff,

Similar presentations


Presentation on theme: "1. Oracle Enterprise Manager Security Best Practices Huaqing Wang, Senior Product Manager, Oracle Ravi Pinnamaneni, Consulting Member of Technical Staff,"— Presentation transcript:

1 1

2 Oracle Enterprise Manager Security Best Practices Huaqing Wang, Senior Product Manager, Oracle Ravi Pinnamaneni, Consulting Member of Technical Staff, Oracle

3 3 The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracles products remains at the sole discretion of Oracle.

4 4 Agenda Oracle Enterprise Manager Overview Security Best Practices Managing Enterprise Manager Security using Enterprise Manager Q & A Appendix

5 5 Agenda Oracle Enterprise Manager Overview Security Best Practices Managing Enterprise Manager Security using Enterprise Manager Q & A Appendix

6 6 © 2010 Oracle Corporation 6 Business-Driven IT Management

7 7 Enterprise Manager Security Certification Common Criteria EAL 4+ Enterprise Manager security feature development process rigorously vetted and certified by independent government agency Certified with Common Criteria Evaluation Assurance Level (EAL) 4+ with ID# BSI-DSZ-CC on Aug., 27, 2010 Comprehensive evaluation process took 2+ years to complete EAL4+ is highest mutually recognized level among governments worldwide

8 8 Oracle Enterprise Manager Architecture Overview Oracle Management Agent (Management Agent) – An integral software component deployed on each monitored host – Responsible for monitoring and managing the hosts and all the targets running on those hosts, communicating the information (metrics, configurations,etc.) to Oracle Management Service (OMS) Oracle Management Service Oracle Management Repository Oracle Management Agent Grid Control Console

9 9 Oracle Enterprise Manager Architecture Overview Oracle Management Service (OMS) – J2EE Web application that orchestrates with Oracle Management Agents to discover targets, monitor and manage them, and upload the collected information to Oracle Management Repository for future reference and analysis – Renders the user interface for the Grid Control Console Oracle Management Service Oracle Management Repository Oracle Management Agent Grid Control Console

10 10 Oracle Enterprise Manager Architecture Overview Oracle Management Repository (Management Repository) – An Oracle database where all the information (metrics, configurations, etc.) collected by the Oracle Management Agents gets stored Oracle Management Service Oracle Management Repository Oracle Management Agents Grid Control Console

11 11 Oracle Enterprise Manager Architecture Overview Grid Control Console – A web user interface from where you can monitor and administer your entire computing environment Oracle Management Service Oracle Management Repository Oracle Management Agent Grid Control Console

12 12 Agenda Oracle Enterprise Manager Overview Security Best Practices Managing Enterprise Manager Security using Enterprise Manager Q & A Appendix

13 13 Enterprise Security Considerations and Threats Security ConsiderationSecurity Threat Data confidentiality and integrityMan-in-the-Middle attacks Data availabilityDenial-of-Service attacks AuthenticationPassword crack attacks Segregation of dutiesExploitation of authorization Non-repudiationRepudiation

14 14 Security ConsiderationSecurity Threat Data confidentiality and integrityMan-in-the-Middle attacks Data availabilityDenial-of-Service attacks AuthenticationPassword crack attacks Segregation of dutiesExploitation of authorization Non-repudiationRepudiation Enterprise Security Considerations and Threats Data confidentiality and integrity – Not disclosed to any entities unless they are authorized to access – Not changed, destroyed, or lost in unauthorized or accidental manner Man-in-the-Middle attacks – Interrupts, intercepts, modifies or fabricates data in transit Interrupted/Stolen Management Agent OMS

15 15 Security ConsiderationSecurity Threat Data confidentiality and integrityMan-in-the-Middle attacks Data availabilityDenial-of-Service attacks AuthenticationPassword crack attacks Segregation of dutiesExploitation of authorization Non-repudiationRepudiation Enterprise Security Considerations and Threats Data Availability – Available and usable upon demand by an authorized entity Denial-of-Service attacks – Makes Management Repository or OMS unavailable to intended users by flooding them with more requests than they can handle – Management Agent OMS Hacker

16 16 Security ConsiderationSecurity Threat Data confidentiality and integrityMan-in-the-Middle attacks Data availabilityDenial-of-Service attacks AuthenticationPassword crack attacks Segregation of dutiesExploitation of authorization Non-repudiationRepudiation Enterprise Security Considerations and Threats Authentication – The process to verify the identity, usually username and password, claimed by a user Password crack attacks – Obtains password from an authentication exchange, then uses the password to log on to Enterprise Manager Grid Control For examples: guess, dictionary and brute force attacks

17 17 Security ConsiderationSecurity Threat Data confidentiality and integrityMan-in-the-Middle attacks Data availabilityDenial-of-Service attacks AuthenticationPassword crack attacks Segregation of dutiesExploitation of authorization Non-repudiationRepudiation Enterprise Security Considerations and Threats Segregation of duties – No person should be given responsibility for more than one related function Exploitation of authorization – Accesses resources (targets, jobs, templates and so on) that he/she should not be authorized to

18 18 Security ConsiderationSecurity Threat Data confidentiality and integrityMan-in-the-Middle attacks Data availabilityDenial-of-Service attacks AuthenticationPassword crack attacks Segregation of dutiesExploitation of authorization Non-repudiationRepudiation Enterprise Security Considerations and Threats Non-repudiation – Network security: Neither sender nor recipient can later deny having processed the information – Web Application security: No one can later deny the actions he/she has taken in the application Repudiation – Refuses authoring of something that happened

19 19 Oracle Enterprise Manager Security Overview 1.Enterprise Manager Infrastructure Security 2.Authentication, Authorization and Audit – The Three As 3.Security of target authentications

20 20 Enterprise Manager Infrastructure Security – Securing individual Enterprise Manager components – Securing communication Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host

21 21 Infrastructure Security Best Practices Securing Enterprise Manager Components Harden the machines on which OMS and Management Repository reside – Remove unsecure services such as FTP, telnet, rlogin and so on – Close UDP and TCP ports for services that are disabled Apply all security patches – Always apply latest relevant CPUs for OS, Oracle Database, Oracle Weblogic Server, OMS and Agents Use privilege delegation tool such as sudo/Powerbroker for the access to the owner of OMR, OMS and Agent Oracle Homes – Disable owner account, oracle, direct log in to hosts – Allow normal users to perform administrative tasks without disclosing password of privileged user Oracle Management Service Oracle Management Repository Oracle Management Agent Grid Control Console

22 22 Infrastructure Security Best Practices Oracle Management Repository Follow best practices for securing the Oracle Database (e.g. Oracle Database Security Checklist) – Restrict operation system access Limiting the number of OS users with access on Oracle Database host Restricting the ability for these users to modify the default file/directory permissions of Oracle Home – Restrict network access to the Repository Check Network IP Address to allow the access to Oracle Database only from authorized nodes – Configure $TNS_ADMIN/protocol.ora file tcp.validnode_checking=yes tcp.included_nodes={list of IP addresses} – If Repository is the only database on the host, we can limit the nodes to OMS nodes only – Please refer to the link for more information ty/twp-security-checklist-database pdf ty/twp-security-checklist-database pdf Oracle Management Service Oracle Management Repository Oracle Management Agent Grid Control Console

23 23 Infrastructure Security Best Practices Oracle Management Service Follow best practices for securing Oracle Weblogic Server (Securing the Production Environment for Oracle Weblogic Server) – Protect WebLogic Server Home directory especially domain directory which contains configuration files, security files, log files and other Java EE resources for the Weblogic domain. Grant only one OS user who runs Weblogic Server the access privilege to the directory – Create no fewer than two user accounts with system administrator privileges To ensure one user maintains account access in case another user becomes locked out by a dictionary/brute force attack – Please refer to web.1111/e13705.pdf for more information web.1111/e13705.pdf Oracle Management Service Oracle Management Repository Oracle Management Agent Grid Control Console

24 24 Infrastructure Security Best Practices Oracle Management Agent Deploy agent via pushing agents from OMS – Secure Shell (SSH) protocol is used in this approach, which ensures the confidentiality and integrity of agent installation Use complex one-time registration passwords with reasonable expiry date – Registration password combined with random keys generated by OMS and agent is used to produce agent key to register and secure the agent – Protect against the possibility of unauthorized agents accessing OMS Oracle Management Service Oracle Management Repository Oracle Management Agent Grid Control Console

25 25 Oracle Enterprise Manager Security Overview Enterprise Manager Infrastructure Security – Securing individual Enterprise Manager components – Securing communication Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host

26 26 Infrastructure Security Best Practices Securing Communication Overview Various communications within Enterprise Manager – Between OMS and agent (Bidirectional) – Between browsers and OMS – Between OMS and Management Repository – Between OMS and targets Communications in firewall environments Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host Firewall

27 27 Infrastructure Security Best Practices Securing Communication Between OMS and Agents Securing communication between OMS and Agents (Bidirectional) – It is secure locked out-of-box ( and after), which means the communication is only over HTTPS – Security aspects of communication over HTTPS What secure protocol is used – Secure Socket Layer (SSL) v3 – Transportation Layer Security (TLS) v1 What strong cipher suites are used Is certificate from well-known Certificate Authority (CA) Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host

28 28 Infrastructure Security Best Practices Securing communication Enable TLS v1 only for communication between OMS and Management Agents – OMS: emctl stop oms emctl secure oms -protocol TLSv1 Append - Dweblogic.security.SSL.protocolVer sion=TLS1 to JAVA_OPTIONS in Domain_Home/bin/startEMServer.sh. emctl start oms – Agent: Update $Agent_Home/sysman/config/emd.properties – allowTLSonly=true Oracle Management Service Oracle Management Repository Oracle Management Agent Grid Control Console TLS v1

29 29 Infrastructure Security Best Practices Securing Communication Overview Various communications within Enterprise Manager – Between OMS and agent (Bidirectional) – Between browsers and OMS – Between OMS and Management Repository – Between OMS and targets Communications in firewall environments Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host Firewall

30 30 Infrastructure Security Best Practices Configuring Enterprise Manager for Firewalls Firewalls are commonplace in most mature and modern IT infrastructures Two areas where Enterprise Manager and firewalls will interact – Navigate between Enterprise Manager components separated by firewalls – Communicate with managed targets that are behind firewalls Enterprise Manager is designed to cope with both cases but…. – …this is one of the least understood areas when deploying Enterprise Manager in a secure environment Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host Firewall

31 31 Infrastructure Security Best Practices Configure Enterprise Manager for Firewalls Best Practices: – Get firewalls into first design of the solution Carefully analyze your protocol requirements between Enterprise Manager and the Managed Targets in your environment, e.g., – HTTP/HTTPS for communication between OMS and Agents – SQL*Net for the communication between OMS and Oracle Database targets – ICPM and UDP for the communication between beacons and managed targets Consider placement of OMSs when laying down your Enterprise Manager topology – Work closely with the network team on design of groups and Access Control List (ACL) for groups of targets Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host Firewall

32 32 Infrastructure Security Best Practices Configuring Enterprise Manager for Firewalls Lots of different permutations with Enterprise Manager when dealing with Firewalls…. – Configuring agents on a host protected by a firewall – Configuring OMS on a host protected by a firewall – Firewalls between OMS and OMR – Firewall between your browser and Grid Grid Control – Firewalls between the Grid Control and a managed database target – Firewalls used with multiple OMS – …… Lets take a tour through some of these Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host Firewall

33 33 Infrastructure Security Best Practices Configure Enterprise Manager for Firewalls Configure Oracle Management Agent on a host protected by a firewall – Configure Oracle Management Agent to use proxy server for its upload to OMS Update the following parameters in file $AGENT_HOME/sysman/config/emd.properties REPOSITORY_PROXYHOST=proxyhostname.domain REPOSITORY_PROXYPORT =port If authentication is required, edit the following parameters as well REPOSITORY_PROXYREALM=realm REPOSITORY_PROXYUSER=proxyuser REPOSITORY_PROXYPWD=proxypassword – Configure firewall to allow inbound communication from OMS to Agent Port 3872 (default) Port range (non-default) Oracle Management Service Oracle Management Repository Oracle Management Agent Grid Control Console Firewall Oracle Management Agent

34 34 Infrastructure Security Best Practices Configure Enterprise Manager for Firewalls Configure Oracle Management Service on a host protected by a firewall – Configure OMS to use proxy server for its communication to agents outside the firewall Update the following OMS properties via emctl set property command: – emctl set property –name -value PROXYHOST=proxyhostname.domain PROXYPORT =port If there are some agents on the hosts that are inside the firewall, set dontProxyfor property for these hosts dontPROXYFor = hostname1,hostname2 – Configure firewall to allow inbound communication from Agents to OMS Default HTTP/HTTPS Ports: 4889/1159 Non-default port range / Oracle Management Service Oracle Management Repository Oracle Management Agent Grid Control Console Firewall

35 35 Oracle Enterprise Manager Security Overview 1.Enterprise Manager Infrastructure Security 2.Authentication, Authorization and Audit – The Three As 3.Security of target authentications

36 36 Authentication, Authorization and Auditing The Three As Authentication – Determines whether someone is in fact who it is declared to be while accessing Enterprise Manager Grid Control Authorization – Provides access control to secure resources and functionalities within Enterprise Manager such as targets, jobs, templates, reports, etc. Audit – Keeps track of the actions happened within Enterprise Manager to prevent repudiation Oracle Enterprise Manager Authorization Audit Jobs, Templates Reports, etc Databases Applications Hosts Application Servers View Reports Blackout Targets Submit Jobs Manage Metrics Manage Alerts …… Authentication

37 37 Authentication, Authorization and Auditing The Three As Authentication – Determines whether someone is in fact who it is declared to be while accessing Enterprise Manager Grid Control Authorization – Provides access control to secure resources and functionalities within Enterprise Manager such as targets, jobs, templates, reports, etc. Audit – Keeps track of the actions happened within Enterprise Manager to prevent repudiation Oracle Enterprise Manager Authorization Audit Jobs, Templates Reports, etc Databases Applications Hosts Application Servers View Reports Blackout Targets Submit Jobs Manage Metrics Manage Alerts …… Authentication

38 38 The Three As Best Practices Authentication Repository-based authentication (Default) – Use password profile to enforce the password control such as password complexity, failed login attempt, password reuse max, password life time, etc. Leverage Grid Control user authentication to Oracle Single Sign- on (OSSO) or Enterprise User Security (EUS) – Simplify the identity management across the enterprise – Both SSO and EUS enable your users to authenticate to Grid Control by using their credentials stored in LDAP server Oracle Enterprise Manager Oracle Management Repository(OMR) OSSO LDAP Server EUS Default

39 39 The Three As Best Practices Authentication Disable SYSMAN logging into Grid Control console by issuing the following SQL statement on Repository UPDATE MGMT_CREATED_USERS SET SYSTEM_USER=-1 WHERE user_name=SYSMAN If you want to enable SYSMAN logging into Grid Control Console later on: UPDATE MGMT_CREATED_USERS SET SYSTEM_USER=1 WHERE user_name=SYSMAN Change password for both SYSMAN and MGMT_VIEW on a regular basis – Prevent password crack attacks – emctl config oms -change_repos_pwd -change_in_db – emctl config oms –change_view_user_pwd

40 40 Authentication, Authorization and Auditing The Three As Authentication – Determines whether someone is in fact who it is declared to be while accessing Enterprise Manager Grid Control Authorization – Provides access control to secure resources and functionalities within Enterprise Manager such as targets, jobs, templates, reports, etc. Audit – Keeps track of the actions happened within Enterprise Manager to prevent repudiation Oracle Enterprise Manager Authorization Audit Jobs, Templates Reports, etc Databases Applications Hosts Application Servers View Reports Blackout Targets Submit Jobs Manage Metrics Manage Alerts …… Authentication

41 41 The Three As Best Practices Authorization Overview Two-step authorization process enables fine- grained access and segregation of duties: – Enterprise Manager authorization Controls the access to the resources and functionalities within Enterprise Manager – Manage target metrics thresholds – Set alert notification rules – Enable/disable Enterprise Manager packs – Target authorization Controls the access to the resources and functionalities within the target – CREATE new TABLE – Back-up database – Tune SQL Enforced by target security model Depends on the credential used to connect to the target Oracle Enterprise Manager Enterprise Manager Authorization Jobs, Templates Reports, etc Databases Applications Hosts Application Servers View Reports Blackout Targets Submit Jobs Manage Metrics Manage Alerts …… Oracle Enterprise Manager Target Connect to target Target Authorization

42 42 The Three As Best Practices Authorization Overview Example: – Create new user, SQLTuningDBA, who is only responsible for tuning 2 of 100 managed database targets Enterprise Manager authorization – Create EM user SQLTuningDBA – Grant VIEW Target Privilege on the 2 DB targets of interest Target authorization – Target credentials used should have the following database privileges select_any_catalog administer sql tuning set execute on dbms_workload_repository Oracle Enterprise Manager Connect as database user A Database 1Database 2 Databases SQLTuning DBA Connect as database user B

43 43 The Three As Best Practices Enterprise Manager Authorization Overview What type of administrator should the new user be? Normal Enterprise Manager Administrator – Has NO access to anything unless granted privileges Super Administrator – Has FULL privileges on all targets and the ability to create Super Administrators

44 44 The Three As Best Practices Enterprise Manager Authorization Overview What type of administrator should the new user be? What System Privilege(s) should the user have? Enterprise Manager offers 10 System Privileges (4 new in 11g Release 1),e.g., – Should the user be able to VIEW any targets – Should the user be able to ADD new targets? Normal Enterprise Manager Administrator – Has NO access to anything unless granted privileges Super Administrator – Has FULL privileges on all targets and the ability to create Super Administrators

45 45 The Three As Best Practices Enterprise Manager Authorization Overview What type of administrator should the new user be? What System Privilege(s) should the user have? Should the user only be able to monitor the databases of his own department? Normal Enterprise Manager Administrator – Has NO access to anything unless granted privileges Super Administrator – Has FULL privileges on all targets and the ability to create Super Administrators Enterprise Manager offers 10 System Privileges (4 new in 11g Release 1),e.g., – Should the user be able to VIEW any targets – Should the user be able to ADD new targets? What target should the user be able to access?

46 46 The Three As Best Practices Enterprise Manager Authorization Overview What type of administrator should the new user be? What System Privilege(s) should the user have? Enterprise Manager provides 7 Target Privileges, e.g., – Should the user be able to blackout target 1, 2 and 3? – Should the user be able to change metric threshold setting for target 4, 5 and 6? Whether the user is able to tune performance of target 1 depends on the credential he uses to connect to target 1 Normal Enterprise Manager Administrator – Has NO access to anything unless granted privileges Super Administrator – Has FULL privileges on all targets and the ability to create Super Administrators Enterprise Manager offers 10 System Privileges (4 new in 11g Release 1),e.g., – Should the user be able to VIEW any targets – Should the user be able to ADD new targets? What targets should the user be able to access? Should the user only be able to monitor the databases of his own department? What Target Privilege(s) should the user have

47 47 The Three As Best Practices Enterprise Manager Authorization Overview What type of administrator should the new user be? What System Privilege(s) should the user have? If groups of targets are always monitored and managed in the same way, do we have to grant the privileges on these individual targets to the user? Privilege Propagating Group – Privileges granted on the group automatically granted on its members Normal Enterprise Manager Administrator – Has NO access to anything unless granted privileges Super Administrator – Has FULL privileges on all targets and the ability to create Super Administrators Enterprise Manager offers 10 System Privileges (4 new in 11g Release 1),e.g., – Should the user be able to VIEW any targets – Should the user be able to ADD new targets? What targets should the user be able to access? Should the user only be able to monitor the databases of his own department? What Target Privilege(s) should the user have Enterprise Manager provides 7 Target Privileges, e.g., – Should the user be able to blackout target 1, 2 and 3? – Should the user be able to change metric threshold setting for target 4, 5 and 6? Whether the user is able to tune performance of target 1 depends on the credential he uses to connect to target 1 Privilege Propagating Group

48 48 The Three As Best Practices Enterprise Manager Authorization Overview What type of administrator should the new user be? What System Privilege(s) should the user have? If groups of targets are always monitored and managed in the same way, do we have to grant the privileges on these individual targets to the user? Privilege Propagating Group – Privileges granted on the group automatically granted on its members Normal Enterprise Manager Administrator – Has NO access to anything unless granted privileges Super Administrator – Has FULL privileges on all targets and the ability to create Super Administrators Enterprise Manager offers 10 System Privileges (4 new in 11g Release 1),e.g., – Should the user be able to VIEW any targets – Should the user be able to ADD new targets? What targets should the user be able to access? Should the user only be able to monitor the databases of his own department? What Target Privilege(s) should the user have Enterprise Manager provides 7 Target Privileges, e.g., – Should the user be able to blackout target 1, 2 and 3? – Should the user be able to change metric threshold setting for target 4, 5 and 6? Whether the user is able to tune performance of target 1 depends on the credential he uses to connect to target 1 Privilege Propagating Group Role If there are a set of users sharing the same responsibilities, do we have to grant all the individual privileges one by one to these users? Role -- Set of privileges

49 49 The Three As Best Practices Enterprise Manager Authorization Reduce the number of Super Administrators – Super Administrators have FULL privilege on all targets and could create additional Super Administrators Grant only the minimum set of privileges – Follow the principle of least privilege to grant only the minimum set of privileges to the users to fulfill his responsibility Achieve segregation of duties and simplify authorization management – Grant roles instead of individual privileges to users – Use roles along with Privilege Propagating groups Monitor privilege/role operations through Enterprise Manager Auditing Oracle Enterprise Manager Authorization Jobs, Templates Reports, etc Databases Applications Hosts Application Servers

50 50 Authentication, Authorization and Auditing The Three As Authentication – Determines whether someone is in fact who it is declared to be while accessing Enterprise Manager Grid Control Authorization – Provides access control to secure resources and functionalities within Enterprise Manager such as targets, jobs, templates, reports, etc. Audit – Keeps track of the actions happened within Enterprise Manager to prevent repudiation Oracle Enterprise Manager Authorization Audit Jobs, Templates Reports, etc Databases Applications Hosts Application Servers View Reports Blackout Targets Submit Jobs Manage Metrics Manage Alerts …… Authentication

51 51 The Three As Best Practices Audit Extended actions audited by Enterprise Manager – 61 actions (33 new actions in 11g Release 1) – For example, User login/logoff, and privilege granting/revoking, changes on monitoring template, changes on user defined policies, and database target start/stop/restart Built-in externalization service to purge audit data from Repository and export to external file system automatically emcli update_audit_setting - file_prefix= - directory_name= - file_size = - data_retention_period= GUI interface to view and search audit data – Setup ->Management Service and Repository -> Audit Data Oracle Enterprise Manager Authorization Audit Jobs, Templates Reports, etc Databases Applications Hosts Application Servers Authentication

52 52 TheThree As Best Practices Audit Enable Audit for EM Operations emcli enable_audit If you only care about a subset of actions, you can just enable the auditing for them emcli update_audit_settings – audit_switch=ENABLE – operations_to_enable=LOGIN;LOGOUT Configure the externalization service to purge the audit data from the Repository to an external file system on a regular basis. emcli update_audit_setting -directory="EM_DIR" -file_prefix="emgc_audit" -file_size=" " -data_retention_period="60 Oracle Enterprise Manager Authorization Audit Jobs, Templates Reports, etc Databases Applications Hosts Application Servers Authentication

53 53 Oracle Enterprise Manager Security Overview 1.Enterprise Manager Infrastructure Security 2.Authentication, Authorization and Audit – The Three As 3.Security of target authentications

54 54 Database SolarisLinux Applications Windows Application Server Agent Targets Enterprise Manager Grid Control Oracle Management Repository Oracle Management Service Enterprise Manager Users Target Authentication Credentials are stored encrypted Credentials – Credentials are typically username and password required to access targets such as databases, hosts, etc. – Stored encrypted in Repository or Agent Usages of credentials: – Collect metrics in the background as well as in real-time – Perform jobs like Backup, Patching, Cloning, etc. – Real-time target administration like start, stop,etc. – Connect to My Oracle Support for patches Preferred credentials – per user basis – Default credential – per target type – Target credential – per target – Target credential overrides default credential Security of Target Authentication Credential System

55 55 Target Authentication Best Practices Credential System Do not set preferred credentials for group/common accounts, e.g., SYSMAN. The following SQL statement gives you the result of preferred credential setting: SELECT t.target_name,tc.user_name,tc.cred ential_set_name FROM MGMT_TARGET_CREDENTIALS tc, MGMT_TARGETS t WHERE tc.target_guid=t.target_guid Keep track of the operations on credential by enabling auditing the corresponding actions Use emcli verbs to synchronize credentials between Enterprise Manager and its database targets emcli update_db_password user_name=DBUserName change_at_target=yes Database Management Agent Oracle Management Repository Oracle Management Service Preferred Credentials UDM Collection Credentials Job Credentials Monitoring Credentials Enterprise Manager Grid Control Database User

56 56 Target Authentication Best Practices Host Target Authentication Configure Pluggable Authentication Module(PAM) to take advantage of rich authentication approaches to Host access – Kerberos, RADIUS and LDAP supported to take advantage of the centralized identity storage and management – WebIV : How to configure Agent with PAM to support LDAP authentication Privilege Delegation (sudo/PowerBroker) supported across Enterprise Manager – Enable users to perform administrative tasks without providing credentials for functional accounts

57 57 Threats vs. Best Practices Security ThreatsBest Practices Man-in-the-Middle AttacksSecuring the communication Enable TLS v1 protocol Configure firewalls …… Denial-of-Service AttacksSecure individual Enterprise Manager components …… Exploitation of AuthorizationPrinciple of least privileges Auditing the authorization actions …… Password crack AttacksChange password on a regular basis Enable password profile to enforce password control …… RepudiationEnable auditing for Grid Control actions

58 58 Agenda Oracle Enterprise Manager Overview Security Best Practices Managing Enterprise Manager Security using Enterprise Manager Q & A Appendix

59 59 Oracle Enterprise Manager Manage its Own Security Monitor its own security compliance – Security policies Define the desired behaviors of systems in terms of security – Security at a glance Provides an overview of the security health of the enterprise for all targets or specific groups – Notification of violations , Page, SNMP Traps, etc. Fix its own security violations – Corrective actions – CPU Advisory – Patching automation Connects to MOS to discover and pull in new patches Rapidly deploys security patches Oracle Enterprise Manager Monitor EM security compliance Fix EM security violations Oracle Management Service Oracle Management Repository Oracle Management Agent

60 60 Useful Whitepapers Oracle Database Security Best Practices – security-checklist-database pdf Oracle Weblogic Server Security Best Practices – pdf Oracle Enterprise Manager Security Deployment Best Practices – security-best-practices pdf

61 Additional Oracle Enterprise Manager Sessions Thursday, Sept. 23Location 3:00 p.m - The X-Files: Managing the Oracle Exadata and Highly Available Oracle Databases Moscone S. Room 102 3:00 p.m. - Monitoring and Diagnosing Oracle RAC Performance with Oracle Enterprise Manager Moscone S. Room 310

62 Oracle Enterprise Manager 11g Resource Center Access Videos, Webcasts, White Papers, and More Oracle.com/enterprisemanager11g

63 63

64 64

65 65 Appendix

66 66 Infrastructure Security Best Practices Oracle Management Repository Secure the Oracle Listener to defend Denial- of-Service (DoS) attacks – Enable Connection Rate Limiter feature Configure $TNS_ADMIN/admin/listener.ora – Connection_rate_Listenername = n – Rate_limit in ADDRESS section of listener endpoint configuration Listenername=(ADDRESS= (PROTOCOL=tcp) (HOST=Server1) (PORT=1521) (RATE_LIMIT=yes)) – Please refer to the link for more information /enterprise-edition/oraclenetservices- connectionratelim pdf /enterprise-edition/oraclenetservices- connectionratelim pdf Oracle Management Service Oracle Management Repository Oracle Management Agent Grid Control Console

67 67 Infrastructure Security Best Practices Secure communication Secure lock OMS – Enforces the communication with OMS only over SSL/TLS – By default OMS is secure locked( and after) – If your instance is upgraded from previous version that is not secure locked, please issue the following command emctl secure lock And the following command can tell you if your OMS is secure locked or not emctl status oms –details HTTP Console Port : 7802 HTTPS Console Port : 5416 HTTP Upload Port : 7654 HTTPS Upload Port : 4473 Agent Upload is locked. OMS Console is locked. Active CA ID: 1 Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host

68 68 Infrastructure Security Best Practices Secure communication Secure the agent – emctl status agent –secure … Agent is secure at HTTPS Port 1838 OMS is secure on HTTPS Port 4473 – emctl secure agent Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host

69 69 Infrastructure Security Best Practices Secure communication Securing communication between OMS and Repository by enabling network security feature of Advanced Security Option (ASO) – ASO is a DB option that combines network encryption, database encryption and strong authentication together to help customers address privacy and compliance requirements – Ensures that the data between OMS and Repository is secure from both confidentiality and integrity standpoints Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host

70 70 Infrastructure Security Best Practices Secure communication Securing communication between OMS and Repository by enabling network security feature of Advanced Security Option (ASO) – Steps: Set the following OMS configuration parameters with the appropriate values by issuing the following command: – emctl set property –name - value oracle.sysman.emRep.dbConn.enableEncryp tion=true oracle.net.encryption_client=REQUESTED oracle.net.encryption_types_client={DES 40C} oracle.net.crypto_checksum_client=REQUE STED oracle.net.crypto_checksum_types_client ={MD5} Add the following to Repositorys $TNS_ADMIN/sqlnet.ora – SQLNET.ENCRYPTION_SERVER = REQUESTED Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host

71 71 Infrastructure Security Best Practices Secure communication Enable the strong cipher suites for the communication between Enterprise Manager components – Agent Edit $AGENT_HOME/sysman/config/emd.prope rties to configure the strong cipher suites SSLCipherSuites = SSL_RSA_WITH_3DES_EDE_CBC_SHA:SSL_RSA _WITH_RC4_128_SHA:SSL_RSA_WITH_AES_12 8_CBC_SHA:SSL_RSA_WITH_AES_256_CBC_SH A – OMS: Update the following parameter in $INSTANCE_HOME/WebTierIH1/config/O HS/ohs1/httpd_em.conf and ssl.conf files SSLCipherSuite SSL_RSA_WITH_RC4_128_SHA:SSL_RSA_WITH _3DES_EDE_CBC_SHA:SSL_RSA_WITH_DES_CB C_SHA:SL_RSA_EXPORT_WITH_DES40_CBC_SH A Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host

72 72 Infrastructure Security Best Practices Secure communication Use a certificate from well-known Certificate Authority (CA) for the communication – Trusted certificates – Different expiry and key size that meet special security rules – Steps: Create a wallet for each OMS in the grid. Write certificates of all the Certificate Authorities in the certificate chain into file trusted_certs.txt. Download file trusted_certs.txt file to agents host machines Restart Agent after running the add_trust_cert command. emctl secure add_trust_cert -trust_certs_loc Secure OMS and restart it. emctl secure oms -wallet - trust_certs_loc Oracle Management Service Oracle Management Repository Management Agent Grid Control Console Database Application Host

73 73 Infrastructure Security Best Practices Configure Enterprise Manager for Firewalls Firewall between browsers and Grid Control Console – Configure the firewall to allow Grid Control Console to receive HTTP traffic over 7778 Or 7777 if Web cache is used in OMS home – If Grid Control Console is secured as mentioned earlier, configure firewall to allow Grid Control Console to receive HTTPS traffic over port 4443 Browser Oracle Management Service(OMS) Web-based Grid Control Firewall

74 74 Infrastructure Security Best Practices Configure Enterprise Manager for Firewalls Configure firewall between OMS and Repository to allow Oracle Net traffic flow – As mentioned earlier, to secure the communication between OMS and Repository, we need to enable Oracle ASO for Repository – ASO supports the following two types of firewalls Application proxy-based firewalls, such as Network Associates Gauntlet, or Axent Raptor Stateful packet inspection firewalls, such as Check Point Firewall-1, or Cisco PIX Firewall – Some vendors firewalls can be configured to recognize Oracle*Net traffic with their Oracle Net Proxy Traffic Kits Otherwise, define an ACL that allows traffic flow between the subnet hosting the OMS and the subnet hosting the repository Oracle Management Service(OMS) Management Repository Firewall SQL*Net

75 75 Privilege Propagating Group – A special group that the privileges granted on will be propagated to its nested and direct members For a normal group, no matter what privileges (FULL, OPERATOR or VIEW) on the group is granted to you, youll only get VIEW privileges on the group members – System privilege Create Privilege Propagating Group is required to create this type of group – Full privilege on the target is required to add the target as a member of a group – emcli verb to convert the normal group and privilege propagating group emcli modify_group –privilege_propagating =true/false Privilege Propagating System, Redundancy Group, Aggregate Services Privilege Propagating Group

76 76 Infrastructure Security Best Practices Configure Enterprise Manager for Firewalls Configure OMS to use proxy server for its its connections to My Oracle Support to check CPUs Update the following OMS properties via emctl set property command: – emctl set property –name - value PROXYHOST=proxyhostname.domain PROXYPORT =port If there are some agents on the hosts that are inside the firewall, set dontProxyfor property for these hosts dontPROXYFor = hostname1,hostname2 Oracle Management Service(OMS) Firewall My Oracle Support

77 77 Manage Enterprise Manager Security Monitor its own Security Security Policies – Help you quickly identify systems that are not in compliance – Out-of-box policies adopted from industry best practices – Customize policies to meet specific security need in your organization Security at a glance – Helps you to quickly focus on security issues by showing statistics about security policy violations and noting the critical security patches that have not been applied Compliance scores and Violation flux Notification of violations – , Page, SNMP Traps, etc. Security Violations Oracle Enterprise Manager

78 78 Corrective actions to remediate violations CPU Advisories Patching automation – Connects to MOS to discover and pull in new patches – Rapidly deploys security patches Manage Enterprise Manager Security Fix its Own Security Violations Security Violations Oracle Enterprise Manager Corrective Actions


Download ppt "1. Oracle Enterprise Manager Security Best Practices Huaqing Wang, Senior Product Manager, Oracle Ravi Pinnamaneni, Consulting Member of Technical Staff,"

Similar presentations


Ads by Google