Skip Headers
Oracle® Collaboration Suite Security Guide
10
g
Release 1 (10.1.1)
Part Number B14489-02
Home
Book List
Index
Master Index
Contact Us
Next
View PDF
Contents
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
Part I Oracle Collaboration Suite Security
1
Overview of Oracle Collaboration Suite Security
Overview of Oracle Collaboration Suite
Oracle Collaboration Suite Infrastructure
Oracle Collaboration Suite Database
Oracle Internet Directory
OracleAS Single Sign-On
Oracle Collaboration Suite Applications
Security Objectives of Oracle Collaboration Suite
Providing Basic Security Services
Supporting Standards
Ensuring Deployment and Configuration Flexibility
Ensuring Scalability and Predictability
Security Architecture of Oracle Collaboration Suite
Secure Sockets Layer and Public Key Infrastructure Authentication
Overview of SSL and TLS
SSL Handshake
Public Key Infrastructure
Security Features of PKI
Benefits of the PKI Approach
Public Key Infrastructure Components
Certificate Authority
Certificates
Certificate Revocation Lists
Wallets
Hardware Security Modules
Public Key Cryptography and the Public Key and Private Key Pair
Secure Credentials: Certificate-Based Authentication in PKI
Authentication Methods Used with PKI
Storing Secure Credentials with PKI
Single Sign-On Using PKI
Recommended Deployment Topologies
Hardware Load Balancers and HTTPS to HTTP Appliances
Compliance Across Oracle Collaboration Suite
Managing Unstructured Content with Oracle Collaboration Suite
Preventive Measures in Oracle Collaboration Suite
2
Oracle Collaboration Suite Applications Security
Controlling Applications Tier Administration and Access
Using Oracle Collaboration Suite to Access Web Content
Client Authentication
Administration Interfaces
JDBC
Oracle Internet Directory
Securing Oracle Calendar
ACE Framework
Secure Connections to Clients and Other Calendar Servers
Available Plug-Ins
Configuration
Extending the ACE Framework
Integrating the Oracle Calendar Web Client with a Third-Party Authentication Framework
Kerberos 5 Authentication with Oracle Calendar
Background
Configuring Oracle Calendar with Kerberos 5
Kerberos 5 with Third-Party Directory Servers
Directory Server Security
Enabling MD5 Authentication
Enabling the Dynamic Verifier in Oracle Internet Directory for Passwords
Enabling the Dynamic Verifier in Oracle Internet Directory for PINs
Ensuring that the Dynamic Verifier Is Enabled Correctly for Passwords
Ensuring that the Dynamic Verifier Is Enabled Correctly for PINs
Steps to be Performed After the Dynamic Verifier Is Enabled
Enabling MD5 on the Oracle Calendar Server
Enabling MD5 on the Oracle Mobile Data Sync Server
Other Security Considerations
Dedicated Server
Password Management
Trust Management
Networking
Auditing
Backup and Recovery
Defense Against Denial of Service Attacks
Application Security
Calendar Administrator
Oracle Real-Time Collaboration Web Conferencing Server
Securing Oracle Content Services
Authentication Using Oracle Internet Directory
Security Considerations for Protocol Servers
FTP/FTPS
HTTP/WebDAV
Network Channel Encryption
Malicious Uploads
Client Session Timeout Period
HTTPS Configuration for Oracle Content Services
SSL Configuration for Oracle Content Services
SSL Connection to Oracle Internet Directory
Oracle Content Services Schema Password
Oracle Records Management
Using a Retention Hardware Solution
Securing Oracle Mail
Securing Oracle Mail Protocol Servers
Configuring Oracle Mail Protocol Servers for SSL
Configuring SSL Between Oracle Collaboration Suite 10
g
WebMail and Oracle Internet Directory
Configuring Oracle Mail Protocol Servers for TLS
Configuring SASL for Oracle Mail
Providing Virus Protection
Prescanning Using the Virus Scrubber
Rejecting Spam
Preventing Mailing List Abuse
Implementing Secure Multipurpose Internet Mail Extension (S/MIME)
Securing Oracle Mobile Collaboration
Introducing Push Mail Security
Push Mail System Architecture
Mobile Push Mail Security
Downloading and Registering Push Mail Client
Normal Use with In-Band Notification
Normal Use with Out-Band Notification
Loss of Device
Preventing Malicious Actions Against the Client and the Server
Deployment Options for Push Mail Server
Conclusions
Securing Oracle Real-Time Collaboration
Oracle Real-Time Collaboration Architecture and Security
Secure Access for Oracle Real-Time Collaboration Clients
Secure Connections for Oracle Real-Time Collaboration
Voice Chat Encryption in Oracle Messenger
Oracle Real-Time Collaboration User Management and Authentication
Authenticating Oracle Real-Time Collaboration Integration Services
Accounts for Automated Tests of Oracle Messenger
Oracle Real-Time Collaboration User Roles and User Privileges
Creating Administrative Users
Controlling User Privileges with Properties
Using Conference Keys to Protect Conference Access
Privileges Within Web and Chat Conferences
Restricting Access to Web Conferences by User Role
Privileges for an Acting Conference Host
Secure Archives for Oracle Real-Time Collaboration
Web Conference Archives
Oracle Messenger Archives
Creating a Privacy or Acceptable Use Policy
Security Report for Oracle Real-Time Collaboration
Securing Oracle Voicemail & Fax
Authenticating Using Oracle Internet Directory
Securing Oracle Voicemail & Fax Connections
Encrypting Connections to the Oracle Collaboration Suite Database
SSL Connections
Changing Passwords
3
Oracle Collaboration Suite Infrastructure Security
Security in Oracle Collaboration Suite Infrastructure
Oracle HTTP Server Security
Directory Security Concepts
Data Integrity
Data Privacy
Authorization
Authentication
Protection of User Passwords for Directory Authentication
Password Policies
Physical Hardware Security
Network Security
Operating System Security
Database Security
Application Server Security
Third-Party Software Security
User Security
Password Security
Oracle Identity Management
Overview of Identity Management
Infrastructure of Oracle Identity Management
Oracle Application Server Single Sign-On
Provisioning Service
Delegated Administration Services
Oracle Internet Directory
Oracle Application Server Certificate Authority
Oracle Identity Management and Third-Party Applications
Benefits of Oracle Identity Management
Centralized User Management
Password Management Policies
SSL Configuration in Oracle Internet Directory
Configuring SSL Parameters
Starting a Directory Server Instance with SSL Enabled
Limitations of the Use of SSL in Oracle Internet Directory
Privilege Delegation
Security Goals for the Privilege Delegation Model
Understanding the Delegation Model
Understanding Roles and Responsibilities
Delegating Privileges
Granting Privileges to Manage User and Group Data
Delegating Privileges for Component Runtime
4
Oracle Collaboration Suite Database Security
Introduction to Database Security Concepts
Oracle Advanced Security Architecture
Solving Security Challenges with Oracle Advanced Security
Data Encryption
Supported Encryption Algorithms
Data Integrity
FIPS
Strong Authentication
SSL Combined with Other Authentication Methods
Oracle Advanced Security and SSL
How SSL Works with Other Authentication Methods
SSL and Firewalls
SSL Usage Issues
Secure Configuration Practices
Database Security Policies
Security Threats and Countermeasures
What Information can Security Policies Cover
Authentication by the Oracle Database
Password Encryption While Connecting
Account Locking
Password Lifetime and Expiration
Password History
Password Complexity Verification
Part II Secure Sockets Layer Configuration
5
Overview of SSL Configuration in Oracle Collaboration Suite
SSL Configuration Overview
Default SSL Configuration
Partial SSL Configuration
High-Level Tasks to Enable SSL in Oracle Collaboration Suite
Validating Your Installation
System Requirements for Using SSL in Oracle Collaboration Suite
Certificates and Oracle Wallets
Obtaining an SSL Certificate
Configuring the Network Listener for SSL
Oracle Wallet
Client Certificates
Integration with Hardware Security Modules
Protocol Converters
Mathematics Accelerators (PKCS #11 Integration)
6
Managing Wallets and Certificates
Using Oracle Wallet Manager
Overview of Oracle Wallet Manager
Wallet Password Management
Strong Wallet Encryption
Microsoft Windows Registry Wallet Storage
Third-Party Wallet Support
LDAP Directory Support
Starting Oracle Wallet Manager
Creating a Complete Wallet: Process Overview
Managing Wallets
Guidelines for Creating Wallet Passwords
Creating a Wallet
Opening an Existing Wallet
Closing a Wallet
Exporting Oracle Wallets to Third-Party Environments
Exporting Oracle Wallets to Tools That Do Not Support PKCS #12
Uploading a Wallet to an LDAP Directory
Downloading a Wallet from an LDAP Directory
Saving Changes
Saving an Open Wallet to a New Location
Saving a Wallet in System Default
Deleting a Wallet
Changing the Password
Using Auto Login
Managing Certificates
Managing User Certificates
Managing Trusted Certificates
Performing Certificate Validation and CRL Management With the orapki Utility
Overview of orapki
orapki Utility Syntax
Displaying orapki Help
Creating Signed Certificates for Testing Purposes
Managing Oracle Wallets with the orapki Utility
Creating and Viewing Oracle Wallets with the orapki Utility
Adding Certificates and Certificate Requests to Oracle Wallets with orapki
Exporting Certificates and Certificate Requests from Oracle Wallets with the orapki Utility
Managing Certificate Revocation Lists (CRLs) with the orapki Utility
Certificate Validation with Certificate Revocation Lists
Certificate Revocation List Management
orapki Utility Commands
orapki cert create
orapki cert display
orapki crl delete
orapki crl display
orapki crl hash
orapki crl list
orapki crl upload
orapki wallet add
orapki wallet create
orapki wallet display
orapki wallet export
Interoperability With X.509 Certificates
Public Key Cryptography Standards (PKCS) Support
Multiple Certificate Support
Importing Wallets Created with a Third-Party Tool
7
Enabling SSL in Oracle Collaboration Suite
Recommended SSL Configurations
SSL Configuration in Oracle Collaboration Suite Infrastructure
SSL Configuration in Oracle Collaboration Suite Applications
Running the SSL Script on the Applications Tier
Enabling SSL in Oracle Mobile Collaboration
Enabling SSL in Oracle Content Services
Setting Parameters in the Application Server Control for Collaboration Suite
Setting Additional SSL Information
Connecting to Oracle Internet Directory Using SSL
Enabling SSL in Oracle Real-Time Collaboration
Enabling SSL in Oracle Voicemail & Fax
Securing Enterprise Manager
Part III Appendixes
A
System Security and Non-Oracle Components
Web Browsers
Firewalls
Load Balancers
Virtual Private Networks
B
Troubleshooting SSL Configuration
Troubleshooting SSL Configuration in OracleAS Portal
Troubleshooting SSL Configuration in Oracle Mail
Troubleshooting SSL Configuration in Oracle Real-Time Collaboration
Troubleshooting SSL Configuration in Oracle Calendar
Glossary
Index
