This section explains the additional security configuration steps to be completed after the Shipboard Property Management System has been installed.
Operating System
Turn On Data Execution Prevention (DEP)
Turn on DEP if required. Refer to the Microsoft product documentation library for instructions.
Turning off Auto Play
Turn off Autoplay if required. Refer to the Microsoft product documentation library at https://technet.microsoft.com/en-us/ for instructions.
Turning Off Remote Assistance
Turn off Remote Assistance if required. Refer to the Microsoft product documentation library at https://technet.microsoft.com/en-us/ for instructions.
Application Software Patches
If a patch is available, download and apply the latest Shipboard Property Management System patches from My Oracle Support. Follow the deployment instructions included with the patch.
If a Secure Sockets Layer (SSL) certificate is required, it must be configured either on the load balancer or in the IIS web server for communication to web services. Secure Sockets Layer (SSL) usage on the Shipboard Property Management System Security Server is mandatory.
The Self-signed certificate should be used only if the customer fails to provide a certificate from a Certificate Authority (CA). Refer to the Oracle Hospitality Cruise Shipboard Property Management System Installation Guide for information about the installation of secure certificates.
Configuration of the Shipboard Property Management System product passwords is performed in the Shipboard Property Management System User Security module. Administrators should adopt a strong password policy after the initial installation of the application and review the policy periodically. Password verification functions are used to ensure that the user password meets the minimum requirements of complexity. Check and ensure the PASSWORD_VERIFY_FUNCTION parameter for the user profile created in the Database is not NULL.
The password must be at least 8 characters long.
The password must contain letters and numbers.
Must not choose a password equal to the last 3 passwords used.
The Shipboard Property Management System is installed with a default administrative user and password. You must change the default administrative user password in the Shipboard Property Management System, following the above guidelines, after logging in for the first time.
The Shipboard Property Management System is installed with a default administrative user and password. You must change the default administrative user password in the Shipboard Property Management System, following the above guidelines, after logging in for the first time.
When setting up users for the Shipboard Property Management System application, ensure that they are assigned the minimum privilege level required to perform their job function. Set INACTIVE_ACCOUNT_TIME in the profiles assigned to users to automatically lock accounts that have not logged in to the database instance in a specified number of days. It is also recommended to audit infrequently used accounts for unauthorized activities.
The database user by default has unlimited concurrent connections but this may result in memory resource exhaustion or Denial-of-Service attacks. It is advised to set the SESSIONS_PER_USER for this. We recommend that you check for disabled constraints, and determine where applicable if they need to be disabled, deleted, or enabled as these are a potential cause for concern.