Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id: 40112.

Slides:



Advertisements
Similar presentations
Ljubomir Ivaniš CPU d.o.o.
Advertisements

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Lecture 23 Internet Authentication Applications
Chapter 9 Deploying IIS and Active Directory Certificate Services
Grid Security. Typical Grid Scenario Users Resources.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
National Center for Supercomputing Applications Integrating MyProxy with Site Authentication Jim Basney Senior Research Scientist National Center for Supercomputing.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
5 Copyright © 2006, Oracle. All rights reserved. Securing Grid Control.
DGC Paris Community Authorization Service (CAS) and EDG Presentation by the Globus CAS team & Peter Kunszt, WP2.
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
Understanding Active Directory
Security and Policy Enforcement Mark Gibson Dave Northey
Introduction to Oracle Security 中原大學應用數學系 劉 立 民. Know your threats Erasing your data Changing your data in an undetectable manner Reading your data to.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Identity and Access Management
Understanding Active Directory
A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.
APACHE SERVER By Innovationframes.com »
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
May 30 th – 31 st, 2006 Sheraton Ottawa. Microsoft Certificate Lifecycle Manager Saleem Kanji Technology Solutions Professional - Windows Server Microsoft.
Chapter 12: Additional Active Directory Server Roles
Module 10: Designing an AD RMS Infrastructure in Windows Server 2008.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.
Raymond K. Ng Technical Lead - JAAS Platform Security Oracle Corporation.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Module 11: Remote Access Fundamentals
ArcGIS Server and Portal for ArcGIS An Introduction to Security
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Unit 1: Protection and Security for Grid Computing Part 2
Apache HTTP mod_ftp William A. Rowe, Jr. ASF Member, httpd and APR projects Sr. Software Engineer, Covalent Technologies.
TWSd - Security Workshop Part I of III T302 Tuesday, 4/20/2010 TWS Distributed & Mainframe User Education April 18-21, 2010  Carefree Resort  Carefree,
Module 9: Fundamentals of Securing Network Communication.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
Sudha Iyer Principal Product Manager Oracle Corporation.
Building Security into Your System Bill Major Gregory Ponto.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Single Sign-On in the Danish Educational Sector Per Thorboll Deputy director UNI-C.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Web Services Security Patterns Alex Mackman CM Group Ltd
Web Technology – Web Server Setup : Chris Uriarte Meeting 4: Advanced Topics, Continued: Securing the Apache Server and Apache Performance Tuning Rutgers.
Understand Internet Security LESSON Security Fundamentals.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
15 Copyright © 2004, Oracle. All rights reserved. Adding JAAS Security to the Client.
(ITI310) By Eng. BASSEM ALSAID SESSIONS 10: Internet Information Services (IIS)
Oracle Collaboration Suite: Streamline Your Integrated Messaging Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Secure Connected Infrastructure
Secure Sockets Layer (SSL)
IBM Certified WAS 8.5 Administrator
IIS.
The new EDAMIS and its security
Presentation transcript:

Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id: 40112

Security Risks in an Internet Environment Data tampering and fraud Eavesdropping and data theft Falsifying user identities Password-related threats Unauthorized access to data Lack of accountability Hacking

Addressing the Security Challenges Deep data protection –Multi-Layer protection through encryption, extensive auditing, and access control Internet-scale security –SSL –Proxy authentication –Java Secure hosting and data exchange –Public key infrastructure –Enterprise wide user security

Oracle Application Server Security Architecture

Application Server Security  The Oracle Application Server can be used as a client to the database and therefore you can employ the following security features: – Enterprise user security – Authentication and digital certificates – Proxy authentication – Connecting from the middle tier to the database

Java Authentication and Authorization Service  Java Authentication and Authorization Service (JAAS) provides key security services to the Java programmer in the following areas: – Authentication to identify users – Authorization to limit what users can do – Delegation to enable code to be run securely

Securing the Oracle HTTP Server Itself The Oracle HTTP Server supports the following security schemes: – IP-based or domain name–based restriction – Basic authentication through the username and password combination – Certificate distinguished name (DN)-based authorization – Secure Sockets Layer (SSL) protocol

Oracle HTTP Server Security Modules – mod_access is used for restriction. – mod_auth and mod_auth_anon are used for authentication. – mod_ossl is used with SSL. Response OHS Access Control TranslationLogging MIME Type 12345

Host-Based Access Control – mod_access: IP- or domain-based access control – You can use the allow and deny directives within the context of your httpd.conf or.htaccess file: allow from host host... deny from host host...

Host-Based Access Control – The order directive specifies the order in which the allow and deny commands are applied: – The ordering argument can be one of the following: order ordering 1.deny,allow 2.allow,deny

Host-Based Access Control  The allow from or deny from directive: order deny,allow deny from all allow from

User Authentication  Basic authentication is performed by the following modules: – mod_auth – mod_auth_anon  A resource can be a protected user or group-based, or both.  To access the resource, you also need to have the permission as defined by the Require directive.

Combining User- and Host-Based Authentication AuthName "Who are you" AuthType Basic AuthUserFile /ias/Apache/Apache/auth/password Require valid-user order deny,allow deny from all allow from hq1.us.oracle.com Satisfy all

Establishing Secure Web Sessions  The SSL protocol is a standard for secure data transmission over the Internet.  SSL involves three mechanisms: – Encryption – Authentication – Data integrity  SSL is implemented through mod_ossl.

How SSL Works Browser 2 3 Oracle9 i AS 1 4 https Public certificate Session key Request client certificate (opt)

Oracle Wallet Manager  Oracle Wallet Manager is a stand-alone Java application for: – Generating a public/private key pair and creating a certificate request for submission to a CA. – Installing a certificate for the entity. – Configuring trusted certificates for the entity. – Uploading or downloading a wallet to or from an LDAP directory such as Oracle Internet Directory. – Importing wallets and exporting wallets.

Creating a Certificate Request

Exporting a Certificate Request

Oracle HTTP Server with SSL Enabled  Oracle HTTP Server is already SSL enabled after the installation: – SSL is enabled in opmn.xml – There is no specific command to start the Oracle HTTP Server with SSL enabled: $> cd $ORACLE_HOME/dcm/bin $> dcmctl start -ct ohs

What is Single Sign-On?  Oracle Application Server Single Sign-On (SSO) is a service that enables: – Authentication to multiple applications in an enterprise by entering a username and password only once – Centralized administration of username and password combinations for all users in an enterprise

Single Sign-On  SSO technology utilizes : – mod_osso : An HTTP module that provides single sign-on authentication to Oracle9 i AS applications – Oracle Internet Directory: A Lightweight Directory Access Protocol (LDAP) server using an Oracle9 i database as its information store. – Oracle Wallet Manger. A container utility that stores and manages X.509 certificates and trusted certificates

Single Sign-On  Oracle9 i AS SSO technology provides: – Public key infrastructure (PKI) support when using Oracle Internet Directory – Multitier integration

Authenticating Partner Applications Oracle Internet Directory SSO Server Partner Application Oracle HTTP Server

Administering Users With the Delegated Administration Service (DAS) : /oiddas

Lightweight Directory Access Protocol (LDAP)  LDAP offers the following features: – Simplified ISO X.500 Directory Access Protocol – Lightweight, browser-friendly client implementation – Protocol standard defined and maintained by the Internet Engineering Task Force (IETF) – Need for interoperability is driving rapid adoption in the IT community

Oracle Internet Directory (OID)  OID is: – Compliant with LDAP, version 3 – Implemented as an Oracle9 i application  OID includes: – Oracle Directory Server – Oracle Directory Replication Server – Oracle Directory Manager – Command-line tools – Delegated Administration Service (DAS)

OID Architectural Overview Directory administration OID Oracle database Oracle Net connections LDAP over SSL OID clients LDAP

Benefits of OID  OID provides: – Delegated Administration Service (DAS) – Failover in cluster configurations – Support for Oracle Real Application Clusters – Oracle Directory Integration platform, to synchronize with other enterprise repositories including third-party LDAP directories – Password policy management

Identity Management  Centralizes and automates many application user management functions  Faster deployments  Brings OID, SSO, DAS, and other security components into one management system

A Q & Q U E S T I O N S A N S W E R S

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.