Oracle® Secure Global Desktop

Security Guide for Release 5.3

Oracle Legal Notices
Oracle Documentation License

January 2017

E65661-01


Table of Contents

Preface
1 Overview of Security for SGD
1.1 SGD Network Architecture
1.2 SGD Server Security
1.3 The SGD Gateway
1.4 SGD Administrators
1.5 Authenticating Users
1.6 Access Control
1.7 Security Auditing and Logging
1.8 General Security Principles
1.9 Security Fixes for Oracle Products
2 Secure Installation and Configuration of SGD
2.1 Overview of Installing SGD
2.2 Post Installation Configuration
3 Network Security for SGD
3.1 Network Connections for SGD
3.2 Firewalls and Ports
3.2.1 Using a Port Scanner
3.3 Secure Connections to SGD Servers
3.4 Secure Connections Between SGD Servers
3.5 Secure Connections to Application Servers
3.6 Tuning Secure Connections
3.6.1 Configuring Ciphers
3.7 The SGD Gateway
3.8 Firewall Traversal
4 Security for Users, Applications, and Clients
4.1 Authenticating Users
4.1.1 Password Security
4.1.2 Two-Factor Authentication
4.2 Objects and Applications
4.2.1 Organizations and Objects
4.2.2 SGD Administrators
4.2.3 Windows Applications
4.2.4 X Applications
4.2.5 Integrating With Oracle VDI
4.2.6 Application Authentication
4.3 Client Device Security
4.3.1 Using the SGD Client
5 Security for SGD Servers and Arrays
5.1 SGD Arrays
5.2 SGD Web Server
5.3 Administration Console
5.4 Monitoring and Logging
5.5 SGD Server Certificate Stores
5.6 SGD Installations
5.7 SGD Commands
6 Troubleshooting an SGD Deployment
6.1 Operating System Environment
6.2 SGD Configuration
6.2.1 Install SGD in Secure Mode
6.2.2 Use a Non-Root Administrator Account
6.2.3 Use Firewall Traversal
6.2.4 Do Not Use Self-Signed Certificates
6.2.5 Use Transport Layer Security
6.2.6 Use Secure Session Cookies
6.2.7 Restrict the Use of Weak SSL Ciphers
6.2.8 Disable Unencrypted AIP Communications
6.2.9 Enable Secure Intra-Array Communication
6.2.10 Securing the SGD Web Server
6.2.11 Disable "Show Details" for Application Launches
6.2.12 Restrict Access to the Administration Console
6.2.13 Restrict Access to Client Device Features
6.2.14 Disable Automatic Installation for Browsers That Use Java Plug-in Software
6.2.15 Create an Audit Trail
6.3 Supporting Services
6.3.1 Firewall Policies
6.3.2 Use Two-Factor Authentication for Internet Deployments
6.3.3 Intrusion Detection and Prevention Systems
6.3.4 Perform Penetration Testing