1. Security Guide
  2. Secure Deployment Checklist

A Secure Deployment Checklist

Learn how to use checklists to install Oracle Communications Billing and Revenue Management (BRM) and Oracle Communications Pricing Design Center (PDC) securely.

Topics in this appendix:

BRM Checklist

The following security checklist lists guidelines to help you secure BRM and its components.

  1. Install only what is required.

  2. Lock and expire default user accounts.

  3. Enforce password management.

  4. Practice the principle of least privilege.

    • Grant only the necessary privileges.

    • Revoke unnecessary privileges from the PUBLIC user group.

    • Restrict permissions on run-time facilities.

  5. Enforce access controls effectively and authenticate clients stringently.

  6. Restrict network access.

    • Use a firewall.

    • Never poke a hole through a firewall.

    • Monitor who accesses your systems.

    • Check network IP addresses.

  7. Apply all security patches and workarounds.

  8. Contact Oracle Security Products if you come across a vulnerability in Oracle Database.

PDC Checklist

Follow this checklist to deploy PDC securely.

  1. Preinstallation steps:

    1. Enable SSL for the target Oracle WebLogic Server domain.

    2. Configure the server KeyStore certificate and get the client KeyStore trusted certificate.

    3. Configure Oracle Database advanced security encryption and integrity algorithms for a secure connection from the installer.

    4. Ensure that the latest supported version of Oracle JDK is installed and configured with your PDC or WebLogic installation.

  2. Installation steps:

    • Select SSL mode and provide the client KeyStore certificate (.jks file) for connecting to a WebLogic server over SSL.

  3. Postinstallation steps:

    1. If you do not need the installation log files, make sure to delete them.

    2. The WebLogic Server administrator will need to create PDC users based on the roles and privileges.

    3. Do not use your browser's remember password feature for the WebLogic Server Administration Console URL.

    4. Enable secure cookies.

    5. Verify that file permissions for the installed files are 600 for all nonexecutable files and 700 for all executable files.

  4. Un-installation steps:

    • Delete the log files in OracleInventory/logs/ manually if you do not need them or protect them appropriately if they are required for further reference. These log files have file permission 640 (owner can read/write, group members can read, others cannot do anything) by default.