This chapter provides a high-level overview of security for Oracle Communications Billing and Revenue Management (BRM) Elastic Charging Engine (ECE).
The following principles are fundamental to using any application securely:
Keep software up to date. This includes the latest product release and any patches that apply to it.
Keep up to date on security information. Oracle regularly issues security-related patch updates and security alerts. You must install all security patches as soon as possible. See the "Critical Patch Updates and Security Alerts" Web site:
http://www.oracle.com/technetwork/topics/security/alerts-086861.html
Limit privileges as much as possible. Users should be given only the access necessary to perform their work. User privileges should be reviewed periodically to determine relevance to current work requirements.
Monitor system activity. Establish who should access which system components, and how often, and monitor those components.
Install software securely. For example, use firewalls and secure passwords. See "Performing a Secure ECE Installation" for more information.
Learn about and use the ECE security features. See the discussion of security in ECE System Administrator's Guide for more information.
Use secure development practices. For example, take advantage of existing security functionality instead of creating your own application security. See "Security Considerations for Developers" for more information.
Avoid using the option to have an application remember passwords for admin logins and passwords. For example, do not select the Remember Password check box in a login screen.
Apply the latest patch set for JDK to ensure that your running JDK has the latest security fixes.
Access to ECE files is controlled by creating user accounts and groups and granting specific permissions. The file permissions are granted using UNIX commands in a UNIX shell. Once you have created user accounts and groups and set permissions, users can use ECC to manage ECE files. ECC requires that you set up a password-less SSH. You use the ECE user, a UNIX account, for setting up password-less SSH. See the discussion about managing security in BRM Elastic Charging Engine System Administrator's Guide for information about the ECE user.
When planning your ECE implementation, consider the following:
Which resources need to be protected? For example:
You need to protect customer data, such as customer balance information.
You need to protect system components from being disabled by external attacks or intentional system overloads.
Who are you protecting data from?
For example, you need to protect your subscribers' data from other subscribers, but someone in your organization might need to access that data to manage it. You can analyze your workflows to determine who needs access to the data; for example, it is possible that a system administrator can manage your system components without needing to access the system data.
What will happen if protections on strategic resources fail?
In some cases, a fault in your security scheme is nothing more than an inconvenience. In other cases, a fault might cause great damage to you or your customers. Understanding the security ramifications of each resource will help you protect it properly.
To restrict access to the ECE Coherence cluster, you must set up an authorized hosts list. You can optionally enable SSL for intra-cluster communication, in which case you must also enable Well Known Addresses (WKA). See the information about managing security in BRM Elastic Charging Engine System Administrator's Guide.
Access to the KVStore and its data is performed in two different ways. Access to data is possible through the Java API. Administrative access is performed by using a command line interface or a browser-based graphical user interface. System administrators use these interfaces to perform the few administrative actions that are required by Oracle NoSQL Database. You can also monitor the store using these interfaces.
Oracle NoSQL Database is intended to be installed in a secure location where physical and network access to the store is restricted to trusted users. For this reason, Oracle NoSQL Database's security model is designed to prevent accidental access to the data. It is not designed to prevent malicious access or denial-of-service attacks.
ECE requires that all Java processes that join its cluster have a correct set of configuration settings. When using the ECE secure mode, having the correct Coherence properties is not sufficient to join the cluster. Any direct access to Coherence APIs should not be used by developers engaged in writing any extensions of plug-ins to ECE. They must use the Spring and Template framework provided by ECE. Any direct access to Coherence resources including its caches will throw security exceptions.