This appendix covers the following topics:
This section contains a summary of this document's best practice suggestions and their page locations. Use this summary as a security reference guide or checklist.
Keep software up-to-date
Restrict network access to critical services
Follow the principle of least privilege
Monitor system activity
Keep up-to-date on the latest security information
Updated Technology Stack
Harden operating environment
Add IP restrictions or enable Valid Node Checking
Specify connection timeout
Specify Class of Secure Transport for dynamic registration
Enable encryption of network traffic
Enable TNS listener password (only if required)
Enable admin restrictions
Enable TNS listener logging
Harden operating environment
Disable XDB
Review database links
Remove operating system trusted remote logon
Change default installation passwords
Implement two profiles for password management
Restrict access to SQL trace files
Remove operating system trusted remote roles
Limit file system access within PL/SQL
Limit dictionary access
Revoke unnecessary grants given to APPLSYSPUB
Configure the database for auditing
Audit database connections
Audit database schema changes
Audit other activities
Audit administrators and their actions
Review audit records
Maintain audit records
Secure audit records
Harden operating environment
Configure Allowed Resources
Configure Allowed Redirects
Protect administrative pages
Configure logging
Harden operating environment
Set Workflow notification mailer SEND_ACCESS_KEY to N
Ensure you know who is a Workflow admin
Set tools environment variables
Restrict file types that may be uploaded
Enable Antisamy HTML filter
Use certified HTTP security headers
Use TLS to encrypt Oracle E-Business Suite connections
Avoid weak ciphers and protocols for SSL (HTTPS)
Use external web tier if exposing any part of Oracle E-Business Suite to the internet
Use terminal services for client-server programs
Change passwords for seeded application user accounts
Switch to hashed passwords
Tighten logon and session profile options
Create new user accounts safely
Create shared responsibilities instead of shared accounts
Configure concurrent manager for safe authentication
Configure concurrent manager for start and stop without the APPS password
Activate server security
Create DBC files securely
Consider using single sign-on
Review and limit responsibilities and permissions
Set other security-related profile options
Restrict responsibilities by web server trust level
Set sign-on audit level
Monitor system activity with OAM
Retrieve audit records using Reports
Retrieve audit records using SQL
Purge audit records
Review data tracked (no Reports available)
Configuring Audit Trail
Generate and identify audit trail objects
Choose tables to audit
Retrieve audit records using SQL
Purge audit records
References on Oracle E-Business Suite auditing
Configure browser
Update browser
Turn off AutoComplete
Set policy for unattended PC sessions
Cleanup file ownership and access
Cleanup file permissions
Lockdown operating system libraries and programs
Filter IP packets
Prevent spoofing
Eliminate Telnet, rsh, and FTP daemons
Verify network configurations
Monitor for attacks
Configure accounts securely
Limit root access
Manage user accounts
Secure NFS
Secure operating system devices
Secure executables
Secure file access