Oracle® Secure Global Desktop

Security Guide for Release 5.0

Oracle Legal Notices

E37465-01

April 2013

Abstract

This guide explains how to install, configure, and manage Oracle Secure Global Desktop securely.

Document generated on: 2013-04-17 (revision: 1688)


Table of Contents

Preface
1. Audience
2. Document Organization
3. Documentation Accessibility
4. Related Documents
5. Conventions
1. Overview of Security for SGD
1.1. SGD Network Architecture
1.2. SGD Server Security
1.3. The SGD Gateway
1.4. SGD Administrators
1.5. Authenticating Users
1.6. Access Control
1.7. Security Auditing and Logging
1.8. General Security Principles
1.9. Security Fixes for Oracle Products
2. Secure Installation and Configuration of SGD
2.1. Overview of Installing SGD
2.2. Post Installation Configuration
3. Network Security for SGD
3.1. Network Connections for SGD
3.2. Firewalls and Ports
3.2.1. Using a Port Scanner
3.3. Secure Connections to SGD Servers
3.4. Secure Connections Between SGD Servers
3.5. Secure Connections to Application Servers
3.6. Tuning Secure Connections
3.6.1. Configuring Ciphers
3.7. The SGD Gateway
3.8. Firewall Traversal
4. Security for Users, Applications, and Clients
4.1. Authenticating Users
4.1.1. Password Security
4.1.2. Two-Factor Authentication
4.2. Objects and Applications
4.2.1. Organizations and Objects
4.2.2. SGD Administrators
4.2.3. Windows Applications
4.2.4. X Applications
4.2.5. Integrating With Oracle VDI
4.2.6. Application Authentication
4.3. Client Device Security
4.3.1. Using the SGD Client
5. Security for SGD Servers and Arrays
5.1. SGD Arrays
5.2. SGD Web Server
5.3. Administration Console
5.4. Monitoring and Logging
5.5. SGD Server Certificate Stores
5.6. SGD Installations
5.7. SGD Commands
6. Troubleshooting an SGD Deployment
6.1. Operating System Environment
6.2. SGD Configuration
6.2.1. Install SGD in Secure Mode
6.2.2. Use a Non-Root Administrator Account
6.2.3. Use Firewall Traversal
6.2.4. Do Not Use Self-Signed Certificates
6.2.5. Use SSL and TLS
6.2.6. Use Secure Session Cookies
6.2.7. Restrict the Use of Weak SSL Ciphers
6.2.8. Disable Unencrypted AIP Communications
6.2.9. Enable Secure Intra-Array Communication
6.2.10. Securing the SGD Web Server
6.2.11. Disable "Show Details" for Application Launches
6.2.12. Restrict Access to the Administration Console
6.2.13. Restrict Access to Client Device Features
6.2.14. Create an Audit Trail
6.3. Supporting Services
6.3.1. Firewall Policies
6.3.2. Use Two-Factor Authentication for Internet Deployments
6.3.3. Intrusion Detection and Prevention Systems
6.3.4. Perform Penetration Testing