Oracle® Communications Service Broker Security Guide Release 6.0 Part Number E26766-01 |
|
|
View PDF |
This chapter provides an overview of how to configure and manage security for the Oracle Communications Service Broker (Service Broker) product.
The following principles are fundamental to using any application securely:
Keep software up to date. This includes the latest product release and any patches that apply to it.
Limit privileges as much as possible. Users should be given only the access necessary to perform their work. User privileges should be reviewed periodically to determine relevance to current work requirements.
Monitor system activity. Establish who should access which system components, and how often, and monitor those components.
Install software securely. For example, use firewalls, secure protocols such as SSL and secure passwords.
Learn about and use the Service Broker security features. See these sections for details:
Configuring Security between Service Broker Components in Oracle Communications Service Broker System Administrator's Guide.
Securing Credentials with Credential Store in Oracle Communications Service Broker System Administrator's Guide.
Use secure development practices. For example, take advantage of existing database security functionality instead of creating your own application security. See "Security Considerations for Service Broker Developers" for more information.
Keep up to date on security information. Oracle regularly issues security-related patch updates and security alerts. You must install all security patches as soon as possible. See the “Critical Patch Updates and Security Alerts” Web site:
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Service Broker relies on these lines of defense against malicious attacks:
High-level protection from the individual protocols that it supports. The "Implementing Service Broker Security" chapter goes into details on how to set up protocol-specific security features.
Low-level (packet-based) protection using firewalls that you select, obtain, and configure to use with Service Broker. Every Service Broker implementation is different and you need to assess and obtain firewalls that meet you implementation's needs.
Service Broker's built-in security features, such as configurable password strength, and native keystores and truststores for storing credentials. See "Implementing Service Broker Security" for details on how to implement these features.
The policies and procedures that you put in place for configurable software security. This chapter provides some guidance in for these policies and procedures, but every Service Broker implementation is different and you need to consult your security expert for the best way to completely secure yours.
To implement security, Service Broker uses other Oracle products, such as an Oracle Database. See the following documents for more information:
Oracle Database Security Guide.
Oracle Database Advanced Security Administrator's Guide.
Billing and Revenue Management System Administrator's Guide.
Oracle Coherence Release 3.7 Developer's Guide, section Operational Configuration Elements.
Oracle Coherence Security Guide.
When planning your Service Broker implementation, consider the following:
Which resources need to be protected?
You need to protect customer data, such as credit-card numbers.
You need to protect internal data and traffic, such as billing event traffic.
You need to protect system components from being disabled by external attacks or intentional system overloads
Who are you protecting data from?
For example, you need to protect your subscribers' data from other subscribers, but someone in your organization might needs to access that data to manage it. You can analyze your workflows to determine who needs access to the data; for example, it is possible that a system administrator can manage you system components without needing to access the system data
What will happen if protections on a strategic resources fail?
In some cases, a fault in your security scheme is nothing more than an inconvenience. In other cases, a fault might cause great damage to you or your customers. Understanding the security ramifications of each resource will help you protect it properly.