Presentation is loading. Please wait.

Presentation is loading. Please wait.

Best Practices for Securing Oracle EBS R12

Published byHannah Boone Modified over 8 years ago

Similar presentations

Presentation on theme: "Best Practices for Securing Oracle EBS R12"— Presentation transcript:

1 Best Practices for Securing Oracle EBS R12
Oracle EBS R12 - Security Best Practices for Securing Oracle EBS R12

2 Agenda Overview Oracle TNS Listener Security Oracle Database Security
Oracle Application Tier Security E-Business Suite Security Desktop Security Operating Environment Security Q&A

3 Overview In today’s environment, a properly secured computing infrastructure is critical. When securing the infrastructure, a balance must be struck between risk of exposure, cost of security and value of the information protected. Each organization determines its own correct balance. To that end, this presentation describes security measures that will be put in place for securing Oracle E-Business Suite R12.

4 Overview - Continued

5 Oracle TNS Listener Security
Enable “Validate Node Checking” tcp.validnode_checking = YES tcp.invited_nodes = ( X.X.X.X, hostname, ... ) tcp.excluded_nodes = ( hostname, X.X.X.X, ... ) Specify Connection Timeout CONNECT_TIMEOUT_$ORACLE_SID = 10 Enable TNS Listener Password $lsnrctl LSNRCTL> set current_listener $ORACLE_SID LSNRCTL> change_password LSNRCTL> set password LSNRCTL> save_config $ echo "ADMIN_RESTRICTIONS_DBLSNR = ON" >> listener.ora LSNRCTL> reload Enable Admin Restrictions ADMIN_RESTRICTIONS_$ORACLE_SID=ON Enable TNS Listener Login LOG_STATUS = ON LOG_DIRECTORY_$ORACLE_SID = $TNS_ADMIN LOG_FILE_$ORACLE_SID = $ORACLE_SID

6 Oracle Database Security
Disable XDB dispatchers='(PROTOCOL=TCP) (SERVICE=sidXDB)' Remove OS trusted login REMOTE_OS_AUTHENT=FALSE Implement two or more profiles for password management Password Parameters Application Profile Administrator Profile FAILED_LOGIN_ATTEMPTS Unlimited 5 PASSWORD_LIFE_TIME 90 PASSWORD_REUSE_TIME 180 PASSWORD_REUSE_MAX PASSWORD_LOCK_TIME 7 PASSWORD_GRACE_TIME 14 PASSWORD_VERIFY_FUNCTION Recommended

7 Oracle Database Security - Continued
Change default installation passwords Default database administration schemas Schemas belonging to optional database features neither used nor patched by E-Business Suite Schemas belonging to optional database features used but not patched by E-Business Suite Schemas belonging to optional database features used and patched by E-Business Suite Schemas common to all E-Business Suite products Schemas associated with specific E-Business Suite products Restrict Access to SQL trace files _TRACE_FILES_PUBLIC=FALSE Remove OS trusted roles REMOTE_OS_ROLES=FALSE Limit file system access within PL/SQL Avoid: UTL_FILE_DIR = * Limit dictionary access O7_DICTIONARY_ACCESSIBILITY = FALSE Configure DB for Auditing AUDIT_TRAIL = OS AUDIT_FILE_DEST = /u01/logs/db/audit Audit DB Connections SQL> audit session; Audit DB schema changes SQL> audit user;

8 Oracle Application Tier Security
Remove Application Server Banner Set ServerSignature off Set ServerTokens Prod Protect Administrative Web Pages <Location "uri-to-protect"> Order deny,allow Deny from all Allow from localhost <list of TRUSTED IPs> </Location> Disable Test Pages <Location ~ "^/fcgi-bin/echo.*$"> Configure Logging

9 E-Business Suite Security - Continued
Change Passwords for Seeded Application User Accounts Account Product/Purpose Change Disable ANONYMOUS FND/AOL – Anonymous for non-logged users Y APPSMGR Routine maintenance via concurrent requests ASGADM Mobile gateway related products N ASGUEST Sales Application guest user AUTOINSTALL AD CONCURRENT MANAGER FND/AOL: Concurrent Manager FEEDER SYSTEM AD – Supports data from feeder system GUEST Guest application user

10 E-Business Suite Security - Continued
Consider Using Single Sign-On (SSO) Refer to ML Doc ID Create New User Accounts Safely Create Shared Responsibilities Instead of Share Accounts Configure Concurrent Manager for Safe Authentication Activate Server Security Tighten Logon and Session Profile Options 30 ICX_SESSION_TIMEOUT 180 SIGNON_PASSWORD_NO_REUSE Yes SIGNON_PASSWORD_HARD_TO_GUESS 8 SIGNON_PASSWORD_LENGTH Recommendation Profile Option Name

11 Desktop Security Configure Browser Update Browser
Refer to ML Doc ID Update Browser Turn off Browser Auto Complete Set Policy for Unattended PC Sessions

12 Operating Environment Security
Cleanup file ownership and access Cleanup file permissions Eliminate Telnet connections Eliminate FTP connections Verify Network configuration

13 QA

14 Copyright Information
Neither TUSC or the authors guarantee this document to be error-free. Please provide comments/questions to: TUSC © This document cannot be reproduced without expressed written consent from an officer of TUSC

15 References Best Practices for Securing Oracle E-Business Suite/Oracle Corporation Version 3.0.2 Oracle Metalink Oracle Technology Network (OTN)

Download ppt "Best Practices for Securing Oracle EBS R12"

Similar presentations

Oracle 10g Database Administrator: Implementation and Administration

Oracle 10g Database Administrator: Implementation and Administration
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
1 Oracle Financial System Mary Ann Carr September 14, 2000.

1 Oracle Financial System Mary Ann Carr September 14, 2000.
Chapter 9 Auditing Database Activities

Chapter 9 Auditing Database Activities
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Understanding Active Directory

Understanding Active Directory
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
Database Security Managing Users and Security Models.

Database Security Managing Users and Security Models.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
10 Copyright © 2005, Oracle. All rights reserved. Implementing Oracle Database Security.

10 Copyright © 2005, Oracle. All rights reserved. Implementing Oracle Database Security.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.

Copyright 2007, Information Builders. Slide 1 WebFOCUS Authentication Mark Nesson, Vashti Ragoonath Information Builders Summit 2008 User Conference June.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
EDUCATION YOU CAN TRUST ® Windows SharePoint Services Course Review Review provided by: DNS Computing Services, LLC

EDUCATION YOU CAN TRUST ® Windows SharePoint Services Course Review Review provided by: DNS Computing Services, LLC
5 Copyright © 2008, Oracle. All rights reserved. Configuring the Oracle Network Environment.

5 Copyright © 2008, Oracle. All rights reserved. Configuring the Oracle Network Environment.
11 Copyright © 2004, Oracle. All rights reserved. Oracle Database Security.

11 Copyright © 2004, Oracle. All rights reserved. Oracle Database Security.

Similar presentations

Ads by Google