Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Agenda
Desktop Security
Operating Environment Security Q&A
Overview
In todays environment, a properly secured computing infrastructure is critical. When securing the infrastructure, a balance must be struck between risk of exposure, cost of security and value of the information protected. Each organization determines its own correct balance. To that end, this presentation describes security measures that will be put in place for securing Oracle E-Business Suite R12.
Overview - Continued
CONNECT_TIMEOUT_$ORACLE_SID = 10 $lsnrctl LSNRCTL> set current_listener $ORACLE_SID LSNRCTL> change_password LSNRCTL> set password LSNRCTL> save_config $ echo "ADMIN_RESTRICTIONS_DBLSNR = ON" >> listener.ora LSNRCTL> set current_listener $ORACLE_SID LSNRCTL> set password LSNRCTL> reload ADMIN_RESTRICTIONS_$ORACLE_SID=ON LOG_STATUS = ON LOG_DIRECTORY_$ORACLE_SID = $TNS_ADMIN LOG_FILE_$ORACLE_SID = $ORACLE_SID 5
Disable XDB
dispatchers='(PROTOCOL=TCP) (SERVICE=sidXDB)'
Application Profile
Unlimited
Administrator Profile
5
PASSWORD_LIFE_TIME
PASSWORD_REUSE_TIME PASSWORD_REUSE_MAX PASSWORD_LOCK_TIME PASSWORD_GRACE_TIME PASSWORD_VERIFY_FUNCTION
Unlimited
180 Unlimited Unlimited Unlimited Recommended
90
180 Unlimited 7 14 Recommended
Default database administration schemas Schemas belonging to optional database features neither used nor patched by E-Business Suite Schemas belonging to optional database features used but not patched by E-Business Suite Schemas belonging to optional database features used and patched by E-Business Suite Schemas common to all E-Business Suite products Schemas associated with specific E-Business Suite products _TRACE_FILES_PUBLIC=FALSE REMOTE_OS_ROLES=FALSE Avoid: UTL_FILE_DIR = *
Configure Logging
Account ANONYMOUS APPSMGR ASGADM ASGUEST AUTOINSTALL CONCURRENT MANAGER FEEDER SYSTEM GUEST
Product/Purpose FND/AOL Anonymous for non-logged users Routine maintenance via concurrent requests Mobile gateway related products Sales Application guest user AD FND/AOL: Concurrent Manager AD Supports data from feeder system Guest application user
Change Y Y Y Y Y Y Y Y
Disable Y Y N N Y Y Y N
10
Desktop Security
Configure Browser
Update Browser
Turn off Browser Auto Complete Set Policy for Unattended PC Sessions
11
12
QA
13
Copyright Information
Neither TUSC or the authors guarantee this document to be errorfree. Please provide comments/questions to: estradam@tusc.com
TUSC 2006. This document cannot be reproduced without expressed written consent from an officer of TUSC
www.tusc.com
14
References
Best Practices for Securing Oracle E-Business Suite/Oracle Corporation Version 3.0.2 Oracle Metalink Oracle Technology Network (OTN)
15