Professional Documents
Culture Documents
List the major security software and hardware needed to implement Sterling Selling and
Fulfillment Foundation.
Security planning - current security infrastructure analysis
In order to ensure that your Sterling Selling and Fulfillment Foundation is a secure Web
application, there are many factors involved.
Security planning - authentication and authorization
Authentication and authorization are vital to security. Due to the constantly changing
authentication methodologies, including biometrics, public key infrastructure (PKI), and
ever-increasing encryption algorithms, Sterling Selling and Fulfillment
Foundation provides documentation on implementing a lightweight directory access
protocol (LDAP) or any Java™ Authentication and Authorization Service (JAAS)
compliant security module for authentication.
Security planning - data encryption
Due to the differences in the nature of businesses, you may implement different security
measures when implementing a web application. How you plan to deploy the application
and what security measures are taken are unique to each business.
The data encryption mechanisms recommended for Sterling Selling and Fulfillment
Foundation are:
There are several applications that do this with no specific need for Sterling Selling and
Fulfillment Foundation to duplicate their efforts. Additionally, products like Symantec's Intruder
Alert monitor log files for authentication failures and alert an administrator if a threshold is
exceeded.
Web security planning - post-installation recommendations
After the installation of Sterling Selling and Fulfillment Foundation, you muse complete
the post-installation recommendations for ensured security.
Web security planning - session security
Session security is handled by the application server, and is stored in a non-persistent
cookie on the client. You should ensure that all transactions with the application server
are protected with SSL to prevent session hijacking attacks.
Web security planning - operating system permissions
Files that contain confidential information must be secured through operating system
permissions.
Web security planning - documentation
All the documentation files for Sterling Selling and Fulfillment Foundation and third-
party software must be removed from any production servers.
Web security planning - routing
Routing should not be enabled on a production web server.
Web security planning - web server executables
Web servers should not be run as root. This ensures that if someone compromises any
software associated with the deployment through a bug, they don't have root privileges to
damage the server.
If you want to ensure that credit card numbers are encrypted at the database level, you configure
that functionality when setting Hub attributes in the Applications Manager. When setting Hub
attributes, make sure that the credit card number encrypting option is checked.
This topic provides security recommendations and guidelines for setting up Data In Motion
Encryption (DIME) and Data At Rest Encryption (DARE). It is intended to help you create a
secure implementation of the application.
Data in motion encryption
Security considerations for data in motion encryption is as follows:
The FTP node allows for sending and receiving files. Files residing in a local directory are sent
to a remote directory on an FTP server. Files residing in a remote directory are received from an
FTP server and stored in a local directory. FTP node also provides support for SFTP (SSH File
Transport Protocol).
Note: Ensure that all source and destination directories and files have read/write permissions for
the remote user specified and for the user running the Integration Server.
Note: The FTP server is not multi-threaded.
FTP sender
The properties of this node are described.
FTP receiver
The properties of this node are described.
JDBC encryption
JDBC encryption
Last Updated: 2021-04-16
You can set up JDBC encryption between following applications so that your data can be sent
securely over the network.
To set up JDBC encryption between WAS, agent or integration server and DB2, do the
following configurations:
DB2 encryption
DB2® encryption encrypts your DB2® database. It does not require hardware, software,
application, or schema changes. It provides transparent and secure key management.
In an encryption scheme, the data requiring protection is transformed into an unreadable form by
applying a cryptographic algorithm and an encryption key. A cryptographic algorithm is a
mathematical function that is used in encryption and decryption processes. An encryption key is a
sequence that controls the operation of a cryptographic algorithm and enables the reliable
encryption and decryption of data.
Property encryption
Property encryption ensures that sensitive data is not viewed by unauthorized people. The
application provides APIs that enable you to encrypt data such as user names, passwords,
and credit card numbers.
Property encryption
Last Updated: 2021-04-16
Property encryption ensures that sensitive data is not viewed by unauthorized people. The
application provides APIs that enable you to encrypt data such as user names, passwords, and
credit card numbers.
The property encryption and decryption is applied only after it has been specified in the
Applications Manager. For example, only user exits that have been passed credit card
information can access decrypted credit card numbers.
To set up JDBC encryption between WAS, agent or integration server and DB2, do the
following configurations: