Table of Contents

• Title and Copyright Information
• My Oracle Support
• Acronyms
• What’s New in DSR Security Guide
• 1 Introduction
  • Audience
  • References
• 2 Diameter Singling Router Security Overview
  • Basic Security Considerations
  • Accessing Diameter Signaling Router System
• 3 Implement Oracle Communications Diameter Signaling Router Security
  • Diameter Signaling Router Web GUI Standard Features
    • User Administration
      • Establishing Groups and Group Permissions
      • Creating Users and Assigning to Groups
    • User Authentication
      • Passwords
      • Changing DSR Administrative Account Passwords
      • Password Complexity
      • Password Expiration
      • Restricting Concurrent Logins
      • External Authentication
      • LDAP Authentication for Users
      • SSO Authentication for Users
      • Password Strengthening Procedures
        • Setting Password Strength with Minimum Digit Characters
        • Setting Password Strength with Minimum Uppercase Characters
        • Setting Password Strength with Minimum Special Characters
        • Setting Password Strength with Minimum Lowercase Characters
        • Setting Deny for Failed Password Attempts
        • Setting Minimum Password Length
      • Login and Welcome Banner Customization
      • SSH Security Hardening Procedures
        • Setting SSH Client Alive Count
        • Disabling SSH Access through Empty Passwords
        • Enabling SSH Warning Banner
        • Denying SSH Environment Options
        • Generating RSA SSH Key for Admin User
        • Setting SSH Log Level
        • Enabling SSH IgnoreRhosts
        • Disabling SSH X11 Forwarding
        • Disabling SSH HostbasedAuthentication
        • Setting SSH LoginGraceTime
        • Disabling SSH Insecure Key Exchange Algorithms and Setting Up Key Length
      • Services Hardening Procedures
        • Uninstalling tftp-server Package
        • Disabling xinetd Service
        • Uninstalling xinetd Service
        • Disabling ntpdate Service
  • SNMP Configuration
    • Enabling SNMP Versions
    • Configuring Community Names
  • SNMPv3 on PMAC
    • Enabling SNMPv3 Support on PMAC
    • Configuring SNMPv3 Security Model and Trap Servers
  • Authorized IPs
  • Certificate Management
    • Creating a New Certificate for WebLogic and Tomcat Servers
      • Creating Keystore and Certificate Signing Request
      • Importing Certificate
      • Configuring Keystore on WebLogic
      • Creating Keystore in the Tomcat Server
      • Modifying the Tomcat File Configuration
  • SFTP Administration
• 4 Host Intrusion Detection System (HIDS)
  • Host Intrusion Detection System Overview
  • Checking the Host Intrusion Detection System Status
  • Initializing the Host Intrusion Detection System
  • Enabling or Disabling Host Intrusion Detection System
  • Suspending or Resuming Host Intrusion Detection System
  • Running On-Demand HIDS Security Check
  • Updating Host Intrusion Detection System Baseline
  • Deleting Host Intrusion Detection System
  • Host Intrusion Detection System Alarms
• 5 Diameter Signaling Router OS Standard Features
  • Configuring NTP Servers
    • Configuring NTP for the Host OS of the Application Guest VM
  • Setting the Time on the TVOE Host
  • Configuring Password Settings for OS Users
  • Configuring Passwords without Embedding Usernames
  • Configuring Other Session and Account Settings for OS Users
    • Configuring Session Inactivity for OS Users
    • Configuring Number of Failed Login Attempts
    • Configuring Lockout Time for Inactive Accounts
  • Updating the TPD-Provd Cipher List
  • Operational Dependencies on Platform Account Passwords
  • Updating the SELinux Mode on the Server
• 6 Other Optional Configurations
  • Authentication for Single User Mode
  • Changing OS User Account Default Passwords
  • Changing Login Display Message
  • Forcing iLO to Use Strong Encryption
  • Setting Up rsyslog for External Logging
  • Adding sudo Users
  • Reporting and Disabling Expired OS User Accounts
• 7 Ethernet Switch Considerations
  • Configuring SNMP in Switches
  • Configuring Community Strings
  • Configuring SNMP Traps
• 8 Security Logs and Alarms
• 9 Optional IPsec Configuration
  • IPsec Overview
    • Encapsulating Security Payload
    • Internet Key Exchange
  • IPsec Process
  • Setting Up IPsec
  • IPsec IKE and ESP Elements
  • Adding an IPsec Connection
  • Editing an IPsec Connection
  • Enabling and Disabling an IPsec Connection
  • Deleting an IPsec Connection
• 10 Firewall Configuration Changes
  • IP tables
  • TCP Wrappers
• 11 Internal Web Services
  • Changing Internal Web Service Passwords
  • Changing TPD Web Service Password
  • Changing Internal Web Service Certificates and Key Material
• 12 Updating the MySQL Password
• 13 Appendix
  • Secure Deployment Checklist