Securing AquaLogic User Interaction

This chapter summarizes security concerns for AquaLogic User Interaction deployments. While this chapter provides a summary of security needs, it is not intended to replace the services of a qualified security professional.

For further details on securing your deployment, see the Network Security chapter of the AqualLogic User Interaction Networking and Authentication Guide.

Determining Your Security Needs

This section describes best practices for determining the security needs of your AquaLogic User Interaction deployment. It is divided into the following sections:

Understand Your Environment

Which resources am I protecting?

Many resources in the production environment can be protected, including information in databases accessed by AquaLogic Interaction and the availability, performance, applications, and the integrity of the website. Consider the resources you want to protect when deciding the level of security you must provide.

From whom am I protecting the resources?

For most websites, resources must be protected from everyone on the Internet. But should the website be protected from the employees on the intranet in your enterprise? Should your employees have access to all resources within the AquaLogic User Interaction environment? Should the system administrators have access to all AquaLogic User Interaction resources? Should the system administrators be able to access all data? You might consider giving access to highly confidential data or strategic resources to only a few well trusted system administrators. Perhaps it would be best to allow no system administrators access to the data or resources.

What will happen if the protections on strategic resources fail?

In some cases, a fault in your security scheme is easily detected and considered nothing more than an inconvenience. In other cases, a fault might cause great damage to companies or individual clients that use the website. Understanding the security ramifications of each resource will help you protect it properly.

Hire Security Consultants or Use Diagnostic Software

Whether you deploy AquaLogic User Interaction on the Internet or on an intranet, it is a good idea to hire an independent security expert to go over your security plan and procedures, audit your installed systems, and recommend improvements. BEA partners offer services and products that can help you to secure a AquaLogic User Interaction production environment. For details, see the BEA Partner's Page at http://www.bea.com/partners.

Read Security Publications

For the latest information about securing web servers, BEA recommends the "Security Practices & Evaluations" information available from the CERT™ Coordination Center operated by Carnegie Mellon University.

For ALUI security advisories, refer to the BEA Support Center for ALUI products at http://support.plumtree.com/. Here, you can download security-related patches and subscribe to Support Alerts via email.

Report possible security issues in BEA’s ALUI products in the following ways by contacting AquaLogic User Interaction technical support. For technical support contact information, see BEA Documentation and Resources.

Ensuring the Security of Your Production Environment

This section provides high-level descriptions of the security measures that can be employed to secure your AquaLogic User Interaction environment. It is divided into the following sections:

Securing the AquaLogic User Interaction Hosts

An AquaLogic User Interaction production environment is only as secure as the security of the the machines on which it is running. It is important that you secure the physical machine, the operating system, and all other software that is installed on the host machine. The following are suggestions for securing your AquaLogic Interaction host in a production environment. Also check with the manufacturer of the machine and operating system for recommended security measures.

Table 3-1 Securing AquaLogic User Interaction Hosts
Security Action	Description
Physically secure the hardware.	Keep your hardware in a secured area to prevent unauthorized operating system users from tampering with the deployment machine ore its network connections.
Secure networking services that the operating system provides	Have an expert review network services such as e-mail programs or directory services to ensure that a malicious attacker cannot access the operating system or system-level commands. The way you do this depends on the operating system you use. Sharing a file system with other machines in the enterprise network imposes risks of a remote attack on the file system. Be certain that the remote machines and the network are secure before sharing the file systmes from the machine that hosts AquaLogic User Interaction componets
Use a file system that can prevent unauthorized access.	Make sure the file system on each AquaLogic User Interaction component host can prevent unauthorized access to protected resources. For example, on a Windows computer, use only NTFS.
Set file access permissions for data stored on disk.	Set operating system file access permissions to restrict access to data stored on disk. This data includes, but is not limited to, the folowing: Third-party authentication directories. Portal configuration files. For example, operating systems such as Unix and Linux provide utilities such as umask and chmod to set the file access permissions. At a minimum, consider using “umask 066”, which denies read and write permissions to Group and Others..
Set file access permissions for data stored in the portal database.	Set operating system file access permissions to restrict access to data stored in the portal database.
Safeguard passwords.	The passwords for user accounts on production machines should be difficult to guess and should be guarded carefully. Set a policy to expire passwords periodically. Never code passwords in client applications.
Do not develop on a production machine.	Develop first on a development machine and then move code to the production machine when it is completed and tested. This process prevents bugs in the development environment from affecting the security of the production environment.
Do not install development and sample software on a production machine.	Do not install development tools on production machines. Keeping development tools off the production machine reduces the leverage intruders have should they get partial access to an AquaLogic User Interaction production machine. Do not install the AquaLogic User Interaction sample applications on production machines.
Enable security auditing.	Configure security auditing to enable monitoring of sensitive portal functions using the Audit Manager function.
Consider using additional software to secure your operating system.	Most operating system can run additional software to secure a production environment. For example, and Intrusion Detection System (IDS) can detect attempts to modify the production environment. Refer to the vendor of your operating system for information about available software.
Apply operation-system service packs and security patches.	Refer to the vendor of your operating system for a list of recommended service packs and security-related patches.
Apply the latest ALUI maintenance packs and impelment the latest security advisories.	If you are responsible for security related issues on your site, register on the ALUI Support Center page, http://support.plumtree.com, and subscribe to Support Alerts via email. In addition, you are advised to apply each maintenance pack as it is released. Maintenance packs are a roll-up of all bug fixes for each version of the product. You can download maintenance packs from http://commerce.bea.com/products/aqualogic/alui/alui.jsp

Securing Your Database

Most web applications use a database to store their data. Common databases used with AquaLogic User Interaction are Oracle 10G and Microsoft SQL Server. The databases frequently hold sensitive data. When creating your web application you must consider what data is going to be in the database and how secure you need to make that data. You also need to understand the security mechanisms provided by the manufacturer of the database and decide whether they are sufficient for your needs. If the mechanisms are not sufficient, you can use other security techniques to improve the security of the database, such as encrypting sensitive data before writing it to the database. For example, leave all customer data in the database in plain text except for the encrypted credit card information.

Deployment Planning