Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more ➡
Download
Standard view
Full view
of .
Add note
Save to My Library
Sync to mobile
Look up keyword or section
Like this
7Activity
×

Table Of Contents

0 of .
Results for:
No results containing your search query
P. 1
EBS_SEC_3_0_5

EBS_SEC_3_0_5

Ratings: (0)|Views: 3,806|Likes:
Published by nhernandezba

More info:

Published by: nhernandezba on Aug 21, 2009
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See More
See less

10/19/2011

pdf

text

original

 
 BestPracticesforSecuringOracleE-BusinessSuite
Oracle Corporation
Version 3.0.5
 
ii
Best Practices for Securing Oracle E-Business Suite
 Latest version of this document available under Metalink Note 189367.1.
Revision History
Version Release Date Descriptions
1.2 May 2002 Version 1.2 of the Best Practices for Security E-Business Suite.2.0 May 2003 Update for new features.2.1 Jan 2004 Minor Edits.3.0 Dec 2004 Major Rewrite, new sections, expanded advice, focus on 11.5.9 and above.3.0.2 Jan 2006 Improved Default Password section, added new Appendix (C), minor edits.3.0.3 Apr 2006 Updated default password sections to mention and be in sync with the DefaultPassword Scanner (patch 4943798) and its documentation3.0.4 Oct 2006 Added reference to ML 391248.1 for ANO/ASO Network EncryptionAdded reference to ML 287176.1 for best practice advice on exposing exter-nal products to the internetAdded instructions for FND_User AME_INVALID_APPROVER andXML_USERUpdated instructions for securing schema APPLSYSPUBAdding Forms FNDFFMDC and FNDFFMVS to list of forms to be givenlimited access in production systemsPatch 4926128 replaces 4943798 for Default Password Scanner3.0.5 Jul 2007 Reference Single-Sign-On, ModPlsql whitelist maintenance, Safe CloningCopyright © 2002, 2003, 2004, 2005, 2006, 2007 Oracle. All rights reserved.Primary Authors: Erik Graversen, James NurthenContributors: David Kerr, George Buzsaki, Deepak Louis, Andy Philips, Ashok Subramanian, Rajiv Muthyala,Remi Aimsuphanimit, Emily Nordhagen.Excerpts of documents [IntA, IntB] reproduced with permission from Integrigy Corporation.This document is provided for informational purposes only and the information herein is subject to changewithout notice. Please report any errors herein to Oracle Corporation by filing a documentation bug againstproduct code 510, component SEC_COMP. Oracle Corporation does not provide any warranties covering andspecifically disclaims any liability in connection with this document.Oracle is a registered trademark.Oracle Corporation World Headquarters500 Oracle ParkwayRedwood Shores, CA 94065U.S.A.Worldwide Inquiries:650.506.7000Fax 650.506.7200Worldwide Support:http://www.oracle.com/support
 
Table of Contents
iii
Overview...............................................................................................................................................................1
System Wide Advice 2
Oracle TNS Listener Security...............................................................................................................................3
Hardening 3Network 3Authentication 4Authorization 5Audit 6
Oracle Database Security......................................................................................................................................7
Hardening 7Authentication 7Authorization 9Audit 10
Oracle Application Tier Security........................................................................................................................13
Hardening 13Authorization 15Audit 19
E-Business Suite Security...................................................................................................................................21
Hardening 21Network 22Authentication 23Authorization 26Audit 28Advanced Audit 30
Desktop Security.................................................................................................................................................33
Hardening 33
Operating Environment Security........................................................................................................................35
Hardening 35Network 32Authentication 37Authorization 38Maintenance 38
Extras for Experts...............................................................................................................................................41
Detect and Prevent Duplicate User Sessions 41Customize Password Validation 41Encrypt Credit Cards 41Advanced Security/Networking Option (ASO/ANO) 41Configure Listener on a Non-Default TCP Port 42Multi-Node Topology 43Hardening External Procedure (EXTPROC) Services 42
Appendix A: Security Setup Forms....................................................................................................................47Appendix B: Security Setup Forms That Accept SQL Statement......................................................................49Appendix C: Database Schemas Shipped with E-Business Suite ......................................................................51Appendix D: Processes Used by E-Business Suite.............................................................................................57Appendix E: Ports Used by E-Business Suite ....................................................................................................59Appendix F: Sample Linux Hardening of the Application Tier.........................................................................61Appendix G: References & More Resources......................................................................................................65

Activity (7)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
payakkamron liked this
payakkamron liked this
richardchan001 liked this
m4mayank liked this
Renita Rhodes liked this

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->