1. Local Service Management System Query Server Security Guide
  2. LSMS Query Server Security Overview

2 LSMS Query Server Security Overview

This chapter describes basic security considerations and provides an overview of LSMS Query Server security.

2.1 Basic Security Considerations

The following principles are fundamental to using any application securely:

  • Keep software up to date. This includes the latest product release and any patches that apply to it.
  • Limit privileges as much as possible. Users should be given only the access necessary to perform their work. User privileges should be reviewed periodically to determine relevance to current work requirements.
  • Monitor system activity. Establish who should access which system components, and how often, and monitor those components.
  • Install software securely. For example, use firewalls, secure protocols using TLS (SSL), and secure passwords. See Performing a Secure LSMS Query Server Installation for more information.
  • Learn about and use the LSMS Query Server security features. See Implementing LSMS Query Server Security for more information.
  • Use secure development practices. For example, take advantage of existing database security functionality instead of creating your own application security. See Security Considerations for Developers for more information.
  • Keep up to date on security information. Oracle regularly issues security-related patch updates and security alerts. You must install all security patches as soon as possible. See the "Critical Patch Updates and Security Alerts" Web site: http://www.oracle.com/technetwork/topics/security/alerts-086861.html

When planning your LSMS Query Server implementation, consider the following questions:

  • Which resources need to be protected?
    • You need to protect customer data, such as telephone number (TN) information and associated data.
    • You need to protect internal data, such as proprietary source code.
    • You need to protect system components from being disabled by external attacks or intentional system overloads.
  • Who are you protecting data from?

    For example, you need to protect your subscribers' data from other subscribers, but someone in your organization might need to access that data to manage it. You can analyze your work flows to determine who needs access to the data; for example, it is possible that a system administrator can manage your system components without needing to access the system data.

  • What happens if protections on strategic resources fail?

    In some cases, a fault in your security scheme is nothing more than an inconvenience. In other cases, a fault might cause great damage to you or your customers. Understanding the security ramifications of each resource will help you protect it properly.

2.2 Overview of LSMS Query Server Security

The optional LSMS Query Server enables automatic access to real time Local Number Portability (LNP) data through a standard API. Customers can perform customized, high volume, automated data queries for use by internal office and support systems such as service assurance, testing, service fulfillment, and customer care.

Operating System Security

An LSMS Query Server is hosted by a dedicated Oracle SPARC server running the Oracle Linux 10/11 operating system. Linux handles all operating system security for the LSMS Query Server, and the LSMS Query Server Installation and Upgrade Guide assumes that servers already have SPARC Linux 10/11 installed. Make sure you always have the latest SPARC Linux software/patches installed on your machines.

Database Security

The following security considerations apply to the MySQL database:

  • Secure Database Access Credentials

    Only authorized personnel are allowed to access the database and a user ID and password are required.

    Provide minimum privileges to the user so that unauthorized modifications can be avoided.

    For more information, see Managing User Accounts.

  • Use IPsec Connections for Data Downloads

    Configure an IPsec connection to download data to customer servers or devices.

    IP Security (IPsec) secures Internet Protocol (IP) communications by encrypting and/or authenticating all IP packets. IPsec provides security at the network layer for connections configured for specified addresses.

  • Use SSH/SSL Connections

    SSH/SSL is a robust, commercial-grade, and full-featured toolkit that implements the security and network encryption. SSH/SSL provides secure data transmission through encryption keys.

    Encryption is strongly recommended for any remote connection to an LSMS Query Server. For more information about using keys, refer to the Configuration Guide.

Secure Network Management

LSMS Query Server can interact with LSMS using TLS 1.2 encryption. For more information, see LSMS Query Server on Linux Installation and Upgrade Guide.