| Oracle® On Track Communication Security Guide Release 1 (1.0) Part Number E20958-03 |
|
|
View PDF |
| Oracle® On Track Communication Security Guide Release 1 (1.0) Part Number E20958-03 |
|
|
View PDF |
This chapter covers security recommendations for different components of the software stack that interact with Oracle On Track.
Oracle On Track can be deployed in different operating systems, such as GNU/Linux and Microsoft Windows. Oracle recommends to follow standard security practices for your specific operating system. To see a list of supported operating systems, and get more information and recommendations for your operating system, see the Certifications tab after logging in at http://support.oracle.com
Oracle On Track Communication may use an Oracle Database 11g or an Oracle Real Application Clusters 11g database . This section addresses the most important security considerations for Oracle On Track's database interactions.
Oracle On Track may be deployed in single instance mode using an Oracle Database 11g, or in a high-availability mode using an Oracle Real Application Clusters. For in-depth information on Oracle Database 11g or Oracle Real Application Clusters security, see Oracle Database Security Guide.
Database auditing is the process of monitoring and recording of selected user database actions. Oracle recommends to enable auditing on the database. To enable auditing, see Standard Database Auditing at
http://www.oracle.com/technetwork/database/security/index-085803.html
Once auditing is enabled, Oracle recommends reviewing, maintaining, and securing audit records. For more recommendations and best practices on database auditing, see the Oracle Audit Vault Documentation Library at
http://www.oracle.com/technetwork/database/audit-vault/documentation/index.html
Oracle On Track Business Views are a collection of database views that are provided with On Track to facilitate statistical reporting. Database administrators can query a Business View to obtain statistical reports based on the Oracle On Track application data. To provide secure reporting, Oracle recommends to consider the following actions:
Disable access to Business Views from the main schema.
Create a new Reporting View schema for analytical purposes. This involves creating a new tablespace and a specific user with select access to Business Views.
Disable default access to sensitive Business Views marked with X_S_RV, unless absolutely needed for analytical environments.
Create Materialized Views that are synced once a week during off peak time to avoid performance issues when running data mining queries.
Oracle On Track is deployed in a Fusion Middleware environment. Oracle recommends to follow standard security practices for Fusion Middleware components that interact with Oracle On Track.
Oracle On Track and the Oracle On Track Administration Console are deployed as separate Oracle WebLogic Server applications.
The default path for accessing Oracle On Track is the following:
https://<server_name>.<domain>:<port>/ontrack/
The default path for accessing the Oracle On Track Administration Console is the following:
https://<server_name>.<domain>:<port>/ontrack/Admin/
Note:
For more information on how to access and use the Oracle On Track Administration Console, see the Oracle On Track Administration Console Help.The Oracle On Track deployment within the WebLogic Server instance runs either in development or production mode. Development mode is generally used for application and gadget development, and testing purposes. For increased security, Oracle recommends to enable production mode in WebLogic Server once ready to give access to users. For more information about how to change the runtime to production mode, see the Oracle WebLogic Server Administration Console Online Help.
Once production mode is enabled, follow Oracle standard practices for securing the production environment. For more information, see Oracle Fusion Middleware Securing a Production Enviroment for Oracle WebLogic Server.
To prevent unauthorized access to your WebLogic Server domains, Oracle recommends to use Roles and Policies from the WebLogic Security Service to determine who can access resources in a domain. See Oracle Fusion Middleware Securing Resources Using Roles and Policies for Oracle WebLogic Server.
Note:
For in-depth information on how to secure a WebLogic Server environment, follow the guidelines in Oracle Fusion Middleware Securing Oracle WebLogic Server.A credential store is a repository of security data called credentials. A credential can hold user name and password combinations, tickets, or public key certificates. Credentials are used during authentication, when principals are populated in subjects, and further, during authorization, when determining what actions the subject can perform. Credential Store Framework stores information such as Simple Mail Transfer Protocol (SMTP) password and bind password for LDAP realm.
By default Oracle On Track does not use the Credential Store Framework. For more information on how to access and use the Credential Store Framework, see Oracle Fusion Middleware Security Guide.
|
 Copyright © 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|
