1 Services Gatekeeper Security Overview

Basic Security Considerations

The following principles are fundamental to using any application securely:

• Keep software up to date. This includes the latest product release and any patches that apply to it as well as updates for WebLogic Server, Oracle Coherence and Java.

• Limit privileges as much as possible. Users should be given only the access necessary to perform their work. User privileges should be reviewed periodically to determine relevance to current work requirements.

• Monitor system activity. Establish who should access which system components, how often, and then monitor those components.

• Install software securely. For example, use firewalls, secure protocols such as SSL, and secure passwords. See "Performing a Secure Services Gatekeeper Installation" for more information.

• Encrypt sensitive data and communications. For example, use database and network communication encryption tools to ensure Services Gatekeeper data is safe from theft or unauthorized access. See ”Securing Services Gatekeeper” in Services Gatekeeper System Administrator's Guide for more information.

• Learn about and use the Services Gatekeeper run time security features. See "Administering Services Gatekeeper Securely" for more information.

• Use secure development practices. For example, take advantage of existing database security functionality rather than creating your own application security. See "Securing Network Traffic" for more information.

• Keep up to date on security information. Oracle regularly issues security-related patch updates and security alerts. Install all security patches as soon as possible. See the Critical Patch Updates and Security Alerts website:

  http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Overview of Services Gatekeeper Security

Services Gatekeeper extends Oracle WebLogic Server, allowing you to offer protected APIs, and IP-based applications (services). Services Gatekeeper and WebLogic Server include extensive security features for protecting your Services Gatekeeper implementation, including:

• Authentication

• Authorization

• Single sign-on features

• Configurable traffic filters

WebLogic server provides both out of the box security solutions and compatibility with security standards. When used properly, these capabilities ensure that you can protect your Services Gatekeeper implementation. For more information on the WebLogic security options, see ”Understanding WebLogic Server Security” in Fusion Middleware Understanding WebLogic Server.

Services Gatekeeper requires a database. You use database security features, such as encryption and access control, to ensure that the data and communications used by Services Gatekeeper are protected. Production environments using Oracle Enterprise Database can use Oracle Database Advanced Security to protect data.

Services can support multiple security standards, including:

• Services using SOAP and RESTful-based traffic can use the Service Gatekeeper firewall settings to protect against denial of service (DOS) attacks.

• Services using SOAP-based interfaces can leverage the flexible security framework of WebLogic Server to provide robust system protection. Applications can be authenticated using plaintext or encrypted (digest) passwords, X.509 certificates, or SAML 1.0/1.1 tokens.

• Service requests can use XML encryption based on the W3C standards, for either the whole request message or specific parts of it. To ensure message integrity, requests can be digitally signed by using the W3C XML digital signature standards.

• Services using RESTful interfaces can leverage HTTP basic authentication: user name/password and SSL protection. The use of SAML assertions as authorization grants with OAuth is also supported.

Services Gatekeeper Concepts contains more information about supported security-related standards.

Understanding the Services Gatekeeper Environment

When planning your Services Gatekeeper implementation, consider the following:

• Which resources must be protected?

  You must protect resources such as:

  • Subscriber data, for example, credit-card numbers.

  • Partner data, for example, applications, metrics, and contact information

  • Internal data, for example, the MBeans that control Services Gatekeeper.

  • System components from being disabled by external attacks or intentional system overloads.

  • Network nodes that prevent Services Gatekeeper from being disabled by external attacks or intentional system overloads.

  • Communications between network nodes including Services Gatekeeper tiers, databases, and network elements.

• Who are you protecting data from?

  For example, you must protect partner data from unauthorized partners, but someone in your organization might need to access that data to manage it. You can analyze your workflows to determine who needs access to the data; for example, a system administrator might manage your system components without needing to access the system data.

• What will happen if protections on strategic resources fail?

  In some cases, a fault in your security scheme is nothing more than an inconvenience. In other cases, a fault might cause great damage to you, your partners, or your customers. Understanding the security ramifications of each resource will help you protect it properly.

Recommended Deployment Configurations

This section describes recommended deployment configurations for Services Gatekeeper.

Services Gatekeeper security requirements depend on the deployment type and intended use. Production implementations typically consist of tiered deployments with more features, such as geographic redundancy, that require high security levels to protect subscriber and application data. Test and development implementations usually consist of single-tier deployments with less stringent security requirements.

When deploying Services Gatekeeper, consider the security requirements related to the following deployment types:

• Tiered deployments provide multiple security protections, including the possibility of firewalls between tiers, load balancers, separation of the access and network tiers into unique networks, and distribution of system components across machines and geographic locations. For tiered deployments, you should also implement the security capabilities offered by WebLogic Server and your database software.

  See ”About Tiered Deployments” in Services Gatekeeper Multi-tier Installation Guide for information about medium and large deployments and deployments with service-oriented architecture functionality.

• Non-tier deployments provide developers and testers with functional Services Gatekeeper environments in standalone or basic high-availability configurations. Non-tier deployments have limited security. Ensure that these deployments are protected as your business requires. WebLogic Server security features can be implemented if necessary, but the use of database security features is highly recommended.

  See ”About Non-tiered Deployments” in Services Gatekeeper Multi-tier Installation Guide for information about deployments targeted for smaller groups of developers to develop and test their extension software.

• Geographically Redundant deployments protect you from catastrophic failures such as natural disasters. When deploying Services Gatekeeper across multiple geographic locations, you must ensure that communication between sites is secure in addition to securing each location's application components and data.

  See ”About Geographically Redundant Deployments” in Services Gatekeeper Multi-tier Installation Guide for information about separating Services Gatekeeper geographically to protect your installation against data loss and service failure in the event of a natural disaster or other catastrophic event.

Securing Services Gatekeeper Components

Your Services Gatekeeper environment can include the following components. Configure the security of each component in your environment according to the following recommendations.