A Secure Deployment Checklist
Learn how to use checklists to install Oracle Communications Billing and Revenue Management (BRM) and Oracle Communications Pricing Design Center (PDC) securely.
Topics in this appendix:
BRM Checklist
The following security checklist lists guidelines to help you secure BRM and its components.
-
Install only what is required.
-
Lock and expire default user accounts.
-
Enforce password management.
-
Practice the principle of least privilege.
-
Grant only the necessary privileges.
-
Revoke unnecessary privileges from the PUBLIC user group.
-
Restrict permissions on run-time facilities.
-
-
Enforce access controls effectively and authenticate clients stringently.
-
Restrict network access.
-
Use a firewall.
-
Never poke a hole through a firewall.
-
Monitor who accesses your systems.
-
Check network IP addresses.
-
-
Apply all security patches and workarounds.
-
Contact Oracle Security Products if you come across a vulnerability in Oracle Database.
PDC Checklist
Follow this checklist to deploy PDC securely.
-
Preinstallation steps:
-
Enable SSL for the target Oracle WebLogic Server domain.
-
Configure the server KeyStore certificate and get the client KeyStore trusted certificate.
-
Configure Oracle Database advanced security encryption and integrity algorithms for a secure connection from the installer.
-
Ensure that the latest supported version of Oracle JDK is installed and configured with your PDC or WebLogic installation.
-
-
Installation steps:
-
Select SSL mode and provide the client KeyStore certificate (.jks file) for connecting to a WebLogic server over SSL.
-
-
Postinstallation steps:
-
If you do not need the installation log files, make sure to delete them.
-
The WebLogic Server administrator will need to create PDC users based on the roles and privileges.
-
Do not use your browser's remember password feature for the WebLogic Server Administration Console URL.
-
Enable secure cookies.
-
Verify that file permissions for the installed files are 600 for all nonexecutable files and 700 for all executable files.
-
-
Un-installation steps:
-
Delete the log files in OracleInventory/logs/ manually if you do not need them or protect them appropriately if they are required for further reference. These log files have file permission 640 (owner can read/write, group members can read, others cannot do anything) by default.
-