Professional Documents
Culture Documents
Best Practices For Securing Oracle E-Business Suite
Best Practices For Securing Oracle E-Business Suite
Oracle Corporation
Version 3.0.1
Revision History
Version 1.2 2.0 2.1 3.0 Release Date May 2002 May 2003 Jan 2004 Dec 2004 Update for new features. Minor Edits. Major Rewrite, new sections, expanded advice, focus on 11.5.9 and above. Descriptions Version 1.2 of the Best Practices for Security E-Business Suite.
Copyright 2002, 2003, 2004, Oracle. All rights reserved. Primary Authors: Andy Philips, Ashok Subramanian Contributors: David Kerr, George Buzsaki, Erik Graversen, Deepak Louis, Rajiv Muthyala, Remi Aimsuphanimit, Emily Nordhagen. Excerpts of documents [IntA, IntB] reproduced with permission from Integrigy Corporation. This document is provided for informational purposes only and the information herein is subject to change without notice. Please report any errors herein to Oracle Corporation by filing a documentation bug against product code 510, component SEC_COMP. Oracle Corporation does not provide any warranties covering and specifically disclaims any liability in connection with this document. Oracle is a registered trademark. Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: 650.506.7000 Fax 650.506.7200 Worldwide Support: http://www.oracle.com/support
ii
Table of Contents
Overview ..............................................................................................................................................................1
System Wide Advice Hardening Network Authentication Authorization Audit Hardening Authentication Authorization Audit Hardening Authorization Audit Hardening Network Authentication Authorization Audit Advanced Audit Hardening Hardening Network Authentication Authorization Maintenance Detect and Prevent Duplicate User Sessions Customize Password Validation Advanced Security/Networking Option (ASO/ANO) Configure Listener on a Non-Default .dbc Port Multi-Node Topology Hardening External Procedure (EXTPROC) Services 2 3 3 4 5 5 7 7 9 10 13 15 18 19 20 21 24 26 28 31 33 34 35 36 36 39 39 39 40 40 40
Appendix A: Security Setup Forms....................................................................................................................45 Appendix B: Security Setup Forms That Accept SQL Statement ......................................................................47 Appendix C: Processes Used by E-Business Suite.............................................................................................49 Appendix D: Ports Used by E-Business Suite....................................................................................................51 Appendix E: Sample Linux Hardening of the Application Tier.........................................................................53 Appendix F: References & More Resources ......................................................................................................57
iii
Table of Contents
iv
Security Checklist
Security Checklist
This section contains a summary of this documents best practice suggestions and their page locations. Use this summary as a security reference guide or checklist.
Overview