Security Guide
Release 9.0
E63671-01
September 2015
This guide provides an overview about security for Oracle Communications Connector for Microsoft Outlook.
For an overview of Connector for Microsoft Outlook, see the overview discussion in Connector for Microsoft Outlook Installation and Administration Guide. For information on general security principles, such as security methods, common security threats, and analyzing your security needs, see the discussion about designing for security on the Oracle wiki:
https://wikis.oracle.com/display/CommSuite/Designing+for+Security
Connector for Microsoft Outlook offers the following security mechanisms:
SSL/TLS support for all the protocols: IMAP, SMTP, HTTP (WABP, REST, and WCAP), IWCP, and LDAP
Option to prevent the saving of login passwords
S/MIME support (message signing and encryption)
Certificate-based authentication
See the discussion about certificate-based authentication in Connector for Microsoft Outlook Installation and Administration Guide for more information.
This section describes recommended secure installation guidelines and deployment topologies for the systems.
To better understand your security needs, ask yourself the following questions:
Which resources am I protecting?
In a Connector for Microsoft Outlook environment, consider which resources you want to protect and what level of security you must provide:
Protocols: HTTP, SMTP, WCAP, IMAP, WABP, REST, IWCP, and LDAP
Dependent products and services: Directory Server, Messaging Server, address book provisioning server (Convergence or Contacts Server), Calendar Server, and Convergence (for user settings and preferences)
Be sure to check the security policies governing these dependent products
Calendar Server front- and back-end hosts
Messaging Server front- and back-end hosts
Dependent resources, such as Directory Server
From whom am I protecting the resources?
In general, resources must be protected from everyone on the Internet. But should the Connector for Microsoft Outlook deployment be protected from employees on the intranet in your enterprise? Should the system administrators have access to all resources? Should the system administrators be able to access all data? You might consider giving access to highly confidential data or strategic resources to only a few well trusted system administrators. On the other hand, perhaps it would be best to allow no system administrators access to the data or resources.
What happens if the protections on strategic resources fail?
In some cases, a fault in your security scheme is easily detected and considered but an inconvenience. In other cases, a fault might cause great damage to companies or to users who use Connector for Microsoft Outlook. Understanding the security ramifications of each resource helps you protect it properly.
Connector for Microsoft Outlook depends on a Calendar Server, Messaging Server, and either a Contacts Server or Convergence deployment. These deployments must be deployed, configured, and set up for security. See the security documentation for Messaging Server, Calendar Server, Contacts Server, and Convergence for more information.
Connector for Microsoft Outlook is not a server by itself, but a client that communicates with Oracle and Unified Communications Suite servers. If the servers are configured for security, you can enable secure communications between Connector for Microsoft Outlook and the Unified Communications Suite servers.
Connector for Microsoft Outlook does not require any infrastructure components, as it is a client. The servers with which it communicates, however, must be installed, configured, and set up for security. See the installation and security documentation for the following products for information about installing and securing them:
Oracle Directory Server Enterprise Edition
Messaging Server
Calendar Server
Contacts Server
Convergence
Configuring security for Connector for Microsoft Outlook consists of the following high-level steps:
Ensuring your Unified Communications Suite servers are configured for security.
See the installation and security documentation for Messaging Server, Calendar Server, Contacts Server, and Convergence for more information.
Preparing a comprehensive Deployment Plan.
Downloading and installing the Deployment Configuration Program (DCP).
Using the DCP to create end-user packages that install Connector for Microsoft Outlook with secure connections and features.
By default, the DCP suggests secure port values and enables the SSL option.
Deploying end-user packages.
See Connector for Microsoft Outlook Installation and Administration Guide for more information about deployment planning, downloading, installing, and using the DCP, and distributing and installing end-user packages.
For information about Oracle's commitment to accessibility, visit the Oracle Accessibility Program website at http://www.oracle.com/pls/topic/lookup?ctx=acc&id=docacc.
Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=info or visit http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs if you are hearing impaired.
Oracle Communications Connector for Microsoft Outlook Security Guide, Release 9.0
E63671-01
Copyright © 2014, 2015, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.