Monday, February 13, 2012

Secure Configuration Guide for Oracle E-Business Suite Release 12



Secure Configuration Guide for Oracle E-Business Suite Release 12 [ID 403537.1]
 Modified 30-SEP-2011     Type WHITE PAPER     Status PUBLISHED 

Secure Configuration Guide for Oracle E-Business Suite Release 12

This document provides practical advice for secure configuration of the Oracle E-Business Suite Release 12.0 and 12.1.
The document contains the following sections:
  • Overview
    • Keep software up to date
    • Restrict network access to critical services
    • Follow the principle of least privilege
    • Monitor system activity
    • Keep up to date on latest security information
  • Oracle TNS Listener Security
    • Harden operating environment
    • Add IP restrictions or enable Valid Node Checking
    • Specify connection timeout
    • Enable encryption of network traffic
    • Enable TNS Listener password (only if required)
    • Enable admin restrictions
    • Enable TNS Listener logging
  • Oracle Database Security
    • Harden operating environment
    • Disable XDB
    • Review database links
    • Remove operating system trusted remote logon
    • Implement two profiles for password management
    • Change default installation passwords
    • Restrict access to SQL trace files
    • Remove operating system trusted remote roles
    • Limit file system access within PL/SQL
    • Limit dictionary access
    • Revoke unneccessary grants given to APPLSYSPUB
    • Configure the database for auditing
    • Audit database connections
    • Audit database schema changes
    • Audit other activities
    • Audit administrators and their actions
    • Review audit records
    • Maintain audit records
    • Secure audit records
  • Oracle Application Tier Security
    • Harden operating environment
    • Harden Apache configuration
    • Protect administrative web pages
    • Configure logging
  • Oracle E-Business Suite Security
    • Harden operating environment
    • Strike passwords from adpatch logs
    • Set Workflow notification mailer SEND_ACCESS_KEY to N
    • Set Tools environment variables
    • Use SSL (HTTPS) between browser and web server
    • Avoid Weak Ciphers and Protocols for SSL (HTTPS)
    • Use External Webtier if exposing any part of EBS to the internet
    • Use Terminal Services for client-server programs
    • Change passwords for seeded application user accounts
    • Switch to Hashed Passwords
    • Tighten logon and session profile options
    • Consider using Single-Sign-On
    • Create new user accounts safely
    • Create shared responsibilities instead of shared accounts
    • Configure Concurrent Manager for safe authentication
    • Configure Concurrent Manager for Start and Stop without the APPS password
    • Activate Server Security
    • Create DBC files securely
    • Review and limit Responsibilities and Permissions
    • Set other security related profile options
    • Restrict responsibilities by web server trust level
    • Set Sign-On audit level
    • Monitor system activity with OAM
    • Retrieve audit records using Reports
    • Retrieve audit records using SQL
    • Purge audit records
    • Review data tracked (no Reports available)
    • Configuring audit trail
    • Generate and identify audit trail objects
    • Choose tables to audit
    • Retrieve audit records using SQL
    • Purge audit records
    • References on Oracle E-Business Suite auditing
  • Desktop Security
    • Configure browser
    • Update browser
    • Turn off AutoComplete
    • Set policy for unattended PC sessions
  • Operating Environment Security
    • Cleanup file ownership and access
    • Cleanup file permissions
    • Lockdown operating system libraries and programs
    • Filter IP packets
    • Prevent spoofing
    • Eliminate telnet, rsh and ftp daemons
    • Verify network configuration
    • Monitor for attacks
    • Configure accounts securely
    • Limit root access
    • Manage user accounts
    • Secure NFS
    • Secure operating system devices
    • Secure executables
    • Secure file access
  • Extras for Experts
    • Detect and Prevent Duplicate User Sessions
    • Customize Password Validation
    • Encrypt Credit Cards
    • Advanced Security/Networking Option (ASO/ANO)
    • Advanced Security/Transparent Data Encryption (ASO/TDE)
    • Practice Safe Cloning
    • Hardening External Procedure (EXTPROC) Services
    • EXTPROC Listener Configuration
    • EXTPROC Testing Procedure
  • Appendix A: Running Web-Scanning Tools
  • Appendix B: Sensitive Administrative Pages
  • Appendix C: Database Schemas found in Oracle E-Business Suite
  • Appendix D: Processes used by Oracle E-Business Suite
  • Appendix E: Ports used by Oracle E-Business Suite
  • Appendix F: Sample Linux Hardening of the Application Tier
  • Appendix G: References & More Resources
Keywords: E-Business, Secure Configuration, Hardening, Best Practice, Security 
Show Attachments Attachments
 EBS_SEC_1_1_0.pdf (354.79 KB)
Show Related Information Related
Posted by at

1 comment:

  1. rajeevOctober 6, 2019 at 10:21 AM

    This comment has been removed by a blog administrator.

    ReplyDelete

Subscribe to: Post Comments (Atom)