The following security checklist provides guidelines to help you secure Oracle Communications Contacts Server and its components.
Install only the components you require.
Lock and expire default user accounts.
Use a strong LDAP password policy for user authentication.
Enable data dictionary protection on the Oracle Database for Contacts Server.
Restrict, control, and revisit user privileges:
Grant only the necessary privileges to each user.
Revoke unnecessary privileges from the PUBLIC user group.
Restrict permissions on run-time facilities.
Enforce the use of access controls by using the Authorization Policies.
Require clients to authenticate.
Restrict network access by doing the following:
Use firewalls.
Never leave an unnecessary hole in a firewall.
Password-protect the Oracle listener against remote access.
Monitor listener activity.
Monitor who accesses your systems.
Restrict system access by IP addresses.
Encrypt network traffic.
Apply all security patches and workarounds.
Encrypt sensitive information.
Contact Oracle Security Products if you discover a vulnerability in any Oracle product.