Oracle® Fusion
Applications Security Hardening Guide 11g Release 6 (11.1.6) Part Number E16690-06 |
Home |
Contents |
Book List |
Contact Us |
Previous |
Next |
Oracle Fusion Applications and Enterprise Deployment Guidance: Explained
Oracle Fusion Applications Security Hardening: Explained
Security Hardening Information: Highlights
Oracle Fusion Applications are secure as built by Oracle for general case installations. Business flows, including those for security administration, are secured using standard principles and best practices.
The Oracle Fusion Applications Enterprise Deployment Guide describes deployments that are secure out of the box and highly available.
Oracle Fusion Applications enterprise deployment guidelines are as widely applicable as possible for configurations based on a recommended architecture that is independent of hardware and operating systems. The deployment architecture leverages grid infrastructure and optimizes cost, performance, scale, and controls over recovery from interruptions or acceptable data loss from natural disaster.
Enterprise deployment guidance provides sufficient and optimum levels of security balanced for the performance requirements of a majority of common enterprises. Oracle Fusion Applications security architecture is built on a highly flexible Fusion Middleware security platform that allows further fine tuning to factor any special needs and requirements beyond those represented by the enterprise deployment guidelines.
Security hardening fits into the Oracle Fusion Applications deployment process as follows.
Fusion Applications installation - laying down the bits
Provisioning the basic topology
Enterprise deployment for security and high availability following the enterprise deployment guidance
Security hardening and fine tuning based on the assessment of the deployment environment relative to EDG recommendations.
Functional setup
As deployments change, enterprises may choose to iterate their hardening and security fine tuning.
For details about application provisioning, see the Oracle Fusion Applications Installation Guide.
For details about enterprise deployment, see the Oracle Fusion Applications Enterprise Deployment Guide.
Hardening Oracle Fusion Applications focuses on points of exposure to security risks on the boundaries and end points of a deployment. Security professionals such as Oracle Fusion Applications implementation consultants, security administrators, IT security managers, and IT auditors are involved in hardening Oracle Fusion Applications. Oracle Fusion Applications presumes that security hardening decisions are based on analysis of risks and threats.
The methodology for analyzing specific deployment requirements and guidelines to fulfill those requirements augments hardening practices that may be documented separately for Oracle Fusion Middleware and Oracle Database components included in an Oracle Fusion Applications deployment.
Note
The methodology and guidelines assume an Oracle Fusion Applications installation with all product families and products licensed.
For information on the Oracle Fusion Applications security approach and implementation, see the Oracle Fusion Applications Security Guide.
Oracle Fusion Applications provides the provisioning tools and an Enterprise Deployment Guide (EDG) necessary for provisioning in an enterprise deployment topology that is end-to-end secured and optimized out of the box for the most common business cases.
Oracle Fusion Applications allows fine tuning to address requirements beyond the enterprise deployment guidance.
Important
For end-to-end security, EDG also assumes that the stipulated environmental requirements are fully implemented.
Requirements for additional security hardening and fine-tuning commonly result from differences in deployment environments compared to the conditions stipulated by the enterprise deployment guidance on the following.
The network environment
The trust model underlying personnel with administrative access
Accommodation of user communities of interest (COI) with different levels of trust
The audit and compliance requirements specific to an industry
A security hardening methodology involves assessing the circumstances where hardening may be required. Assessment consists of tailoring the security configuration of the Oracle Fusion Applications deployment blueprint to match the unique deployment environment and usage characteristics of a particular enterprise.
In an Oracle Fusion Applications deployment based on the enterprise deployment guidelines, by default all outward facing connections are SSL enabled and connections within the Oracle Fusion Applications infrastructure's protection zones are not SSL enabled. Additional SSL configuration and administration may become critical where SSL is not enabled, even where backchannel communications occur behind a demilitarized zone (DMZ). Oracle provides SSL configuration procedures specifically for Oracle Fusion Applications to simplify this process.
A particular business solution may include areas of risk that are orthogonal to the Fusion Applications deployment blueprint, such as the type of user communities, the network environments from which users need access to the services, or integration with third party products.
Department of defense (DOD), government, and health care industry requirements increasingly emphasize not only the business process, but also the security of the deployment itself.
Information about security hardening of components in an Oracle Fusion Applications deployment is available in various documents.
Information on the applications tier in support of hardening Oracle Fusion Applications is available in various documents.
Information that is not specific to Oracle Fusion Applications deployments about hardening components in the middle tier is available in various documents.
Information about Oracle Database hardening that is not specific to Oracle Fusion Applications is available in various documents.