| Oracle Product Lifecycle Analytics Security Guide Release 3.5 E70278-01 |
|
 Previous |
 Next |
The following principles are fundamental to using any application securely.
One principle for good security practice is to keep all software versions and patches up-to-date. To ensure that you have the most current and updated OPLA software for the latest version, regularly check the Oracle Critical Patch updates page.
Keep both the OPLA application and the database behind a firewall. In addition, place a firewall between the middle-tier and the database. The firewall provides assurance that access to these systems is restricted to a known network route, which can be monitored and restricted, if necessary. As an alternative, a firewall router substitutes for multiple, independent firewalls.
If you cannot use firewalls, then configure the TNS Listener Valid Node Checking feature (it restricts access based upon IP address). Restricting database access by IP address often causes application client/server programs to fail for DHCP clients.
To solve this problem, use any of the following:
static IP addresses
software VPN
hardware VPN
software VPN and hardware VPN
Windows Terminal Services or its equivalent.
The principle of least privilege states that users should be given the least amount of privilege to perform their jobs.
Over-ambitious granting of responsibilities, roles, grants, and so on, especially early in an organization's life cycle when people are few and work needs to be done quickly, often leaves a system wide open for abuse.
User privileges should be reviewed periodically to determine relevance to current job responsibilities.
System security stands on three legs:
good security protocols
proper system configuration
system monitoring
Auditing and reviewing audit records address this third requirement. Each component within a system has some degree of monitoring capability. Follow audit advice in this document and regularly monitor audit records.
Oracle continually improves its software and documentation. Check yearly for revisions.
The OPLA application's foundation is Oracle Business Intelligence Enterprise Edition (OBIEE). OBIEE is a comprehensive suite of enterprise business intelligence products containing the programs, servers, and tools to support broad self-service access across the organization.
OPLA uses ODI (a comprehensive data integration platform) to build its out-of-the-box Multi-Dimensional Schema (MDS).
For more information, go to the Oracle Technology Network website (http://www.oracle.com/technetwork/middleware/data-integrator/downloads/index.htmlhttp://www.oracle.com/technetwork/middleware/data-integrator/downloads/index.html).
