Determining Your Security Needs

Before you deploy WebLogic Operations Control (WLOC) into a production environment, determine your security needs and make sure that you take the appropriate security measures, as described in the following sections:

Understand Your Environment

Which resources am I protecting?

Many resources in the production environment can be protected. Consider the resources you want to protect when deciding the level of security you must provide.

From whom am I protecting the resources?

For most WLOC Controllers and Agents, resources must be protected from everyone on the Internet. But should the Controller or Agent be protected from the employees on the intranet in your enterprise? Should your employees have access to all resources within the WLOC environment? Should the system administrators have access to all WLOC resources? Should the system administrators be able to access all data? You might consider giving access to highly confidential data or strategic resources to only a few well trusted system administrators. Perhaps it would be best to allow no system administrators access to the data or resources.

What will happen if the protections on strategic resources fail?

In some cases, a fault in your security scheme is easily detected and considered nothing more than an inconvenience. In other cases, a fault might cause great damage to applications controlled by WLOC. Understanding the security ramifications of each resource will help you protect it properly.

Hire Security Consultants or Use Diagnostic Software

However you deploy WLOC it is a good idea to hire an independent security expert to go over your security plan and procedures, audit your installed systems, and recommend improvements. Oracle On Demand offers services and products that can help you to secure a WebLogic Server production environment. See the Oracle On Demand page at


http://www.oracle.com/ondemand/index.html

Read Security Publications

For the latest information about securing Web servers, Oracle recommends the reviewing the security practice information available from the CERT™ Coordination Center operated by Carnegie Mellon University.
For security advisories, refer to the Oracle WebLogic Advisories and Notifications page at the following location: https://support.bea.com/application_content/product_portlets/securityadvisories/index.html.
Here, you can download security-related patches and register to receive notifications of newly available security advisories.

Report possible security issues in Oracle products to secalert_us@oracle.com.

Install WLOC in a Secure Manner

Currently, the WLOC installation includes the entire JDK and some additional WLOC utilities (for example, beasvc). These programs could be a security vulnerability. The following are recommendations for making a WLOC installation more secure:

When using Oracle^® JRockit, minimize the WLOC installation by deleting the software components of the Java SDK that are not in the JRockit JRE.

Note:

There is always a potential of making mistakes when deleting executables, files, and directories from the WLOC installation. Therefore, Oracle recommends testing your changes in a secure, development environment before implementing them in a production environment.

Securing a Production Environment

Determining Your Security Needs

Understand Your Environment

Hire Security Consultants or Use Diagnostic Software

Read Security Publications

Install WLOC in a Secure Manner