| Agile Product Lifecycle Management Security Guide Release 9.3.6 E71146-01 |
|
 Previous |
 Next |
This section describes some fundamental security principles and considerations.
The following general principles are fundamental to using any application securely.
One principle for good security practice is to keep all software versions and patches up-to-date. To ensure that you have the most current and updated Agile PLM software for the latest version, regularly check the updates page.
Keep both the Agile PLM application and the database behind a firewall. In addition, place a firewall between the middle-tier and the database. The firewall provides assurance that access to these systems is restricted to a known network route, which can be monitored and restricted, if necessary. As an alternative, a firewall router can substitute for multiple, independent firewalls.
If you cannot use firewalls, then configure the TNS Listener Valid Node Checking feature. This feature restricts access based upon an IP address. Restricting database access by IP address, however, often causes application client/server programs to fail for DHCP clients.
To solve this problem, use any of the following:
static IP addresses
software VPN
hardware VPN
software VPN and hardware VPN
Windows Terminal Services or its equivalent
The principle of least privilege states that users should be given the least amount of privilege to perform their jobs. Over-ambitious granting of responsibilities, roles, grants, and so on, especially early on in an organization's life cycle when people are few and work must be done quickly, often leaves a system wide open for abuse. User privileges should be reviewed periodically to determine relevance to current job responsibilities.
System security stands on three legs: good security protocols, proper system configuration and system monitoring. Auditing and reviewing audit records address this third requirement. Each component within a system has some degree of monitoring capability. Follow audit advice in this document and regularly monitor audit records.
