Skip Headers
Oracle® Communications WebRTC Session Controller Security Guide
Release 7.0

E40975-01
Go to Documentation Home
Home
Go to Table of Contents
Contents
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

1 WebRTC Session Controller Security Overview

This chapter describes the Oracle Communications WebRTC Session Controller security features.

Basic Security Considerations

The following principles are fundamental to using any application securely:

  • Keep software up to date. This includes the latest product release and any patches that apply to it.

  • Limit privileges as much as possible. Users should be given only the access necessary to perform their work. User privileges should be reviewed periodically to determine relevance to current work requirements.

  • Monitor system activity. Establish who should access which system components, and how often, and monitor those components.

  • Install software securely. For example, use firewalls, secure protocols using TLS (SSL) and secure passwords.

  • Learn about and use the WebRTC Session Controller security. See "Implementing WebRTC Session Controller Security" for more information.

  • Keep up to date on security information. Oracle regularly issues security-related patch updates and security alerts. You must install all security patches as soon as possible. See the ”Critical Patch Updates and Security Alerts” website:

    http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Overview of WebRTC Session Controller Security

WebRTC Session Controller relies on and benefits from the security features of the underlying WebLogic Server platform, including security realms, security monitoring features, and more.

This guide describes the security features of the WebRTC Session Controller. For WebLogic Server information, including information about implementing application security, see the Oracle WebLogic Server 11g documentation.

Understanding the WebRTC Session Controller Environment

When planning your WebRTC Session Controller implementation, consider the following:

  • Which resources need to be protected?

    • You need to protect customer data, such as IP addresses.

    • You need to protect internal data, such as proprietary source code.

    • You need to protect system components from being disabled by external attacks or intentional system overloads.

  • Who are you protecting data from?

    For example, you need to protect your subscribers' data from other subscribers, but someone in your organization might need to access that data to manage it. You can analyze your workflows to determine who needs access to the data; for example, it is possible that a system administrator can manage your system components without needing to access the system data.

  • What will happen if protections on a strategic resources fail?

    In some cases, a fault in your security scheme is nothing more than an inconvenience. In other cases, a fault might cause great damage to you or your customers. Understanding the security ramifications of each resource will help you protect it properly.