Skip Headers
Oracle® Fusion Middleware Security Overview
11g Release 1 (11.1.1)

Part Number E12889-04
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

4 Infrastructure Hardening

This chapter contains the following topics:

4.1 What is Infrastructure Hardening?

Infrastructure hardening is the act of applying security to each component of the infrastructure, including:

Note:

Oracle WebLogic Server uses a more specific type of hardening known as lockdown, which refers to securing the subsystems and applications that run on a server instance. In contrast, infrastructure hardening is more general and involves doing a security survey to determine the threat model that may impact your site, and identifying all aspects of your environment (such as components in the Web tier) that could be insecure.

More specifically, Oracle Fusion Middleware administrators focus on these aspects of infrastructure security:

4.2 Keystores

Objects necessary for SSL communication, including private keys, digital certificates, and trusted CA certificates are stored in keystores.

Oracle Fusion Middleware provides two types of keystores for keys and certificates:

For details, see " Managing Keystores, Wallets, and Certificates" in the Oracle Fusion Middleware Administrator's Guide.

4.3 Enabling SSL

SSL management capabilities in 11g Release 1 (11.1.1) are as follows:

The SSL configuration feature:

SSL Configuration Tools in Oracle Fusion Middleware

Depending on the task, a range of configuration tools are available:

Refer to the following for details:

SSL Configuration Tools in Oracle WebLogic Server

Oracle Weblogic Server uses these tools to manage keystores and enable SSL on connections coming into the server:

Refer to the following documents for details:

4.4 Port and Environment Management

Documented procedures for ports management address the following topics:

Oracle also recommends the following best practices for handling default, demonstrations and samples that are shipped with the product:

For more information, see Managing Ports in the Oracle Fusion Middleware Administrator's Guide.

4.5 Password Management

In Oracle Fusion Middleware 11gR1, Oracle recommends storing passwords in the Credential Store rather than in connection.xml or data-sources.xml files.

The Credential Store Framework in Oracle Platform Security Services provides a mechanism for securely storing and managing credentials for any Java-based (Java SE and Java EE) applications. It is designed to hold account information, user names and passwords for connecting to any systems that applications must access.

4.6 Lockdown

The WebLogic Security Service provides a powerful and flexible set of software tools for securing the subsystems and applications that run on a server instance. For details, see "Securing Applications" in the document titled Oracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server.