This appendix serves as a checklist to help you secure Oracle Communications Evolved Communications Application Server (OCECAS) and its components.
To secure OCECAS:
Ensure that SSL is configured for the management domain server, and that the default, non-secure port is disabled.
Ensure that SSL is configured for the UDR application server, and that the default, non-secure port is disabled.
Configure the WebLogic security realm and providers as required.
During installation, choose a secure password for the weblogic user.
During installation, ensure that the Oracle database in the Management domain has a secure password for the SDC and SDC_ADMIN users.
During operating system installation, choose a secure password for the UNIX superuser.
Configure Secure Client Connections for Oracle Database, and JDBC Connection Pools accordingly.
Ensure that the WebLogic AdminServer is shut down on production environments.
Ensure that only the installation user account has access to the csp.xml configuration file.
Ensure that Diameter interfaces are securely configured.
Ensure that NoSQL Interfaces (where applicable) are securely configured.
Ensure that SNMP Credentials are properly and securely configured.