1. Security Guide
  2. UIM Security Overview

1 UIM Security Overview

This chapter provides an overview of Oracle Communications Unified Inventory Management (UIM) security.

Basic Security Considerations

The following principles are fundamental to using any application securely:

  • Keep software up to date. This includes the latest product release and any patches that apply to it.

  • Limit privileges as much as possible. Users should be given only the access necessary to perform their work. User privileges should be reviewed periodically to determine relevance to current work requirements.

  • Monitor system activity. Establish who should access which system components, how often they should be accessed, and who should monitor those components.

  • Install software securely. For example, use firewalls, secure protocols (such as SSL), and secure passwords. See "Performing a Secure UIM Installation" for more information.

  • Learn about and use UIM security features. See "Implementing UIM Security" for more information.

  • Use secure development practices. For example, take advantage of existing database security functionality instead of creating your own application security. See "Security Considerations for Developers" for more information.

  • Keep up to date on security information. Oracle regularly issues security-related patch updates and security alerts. You must install all security patches as soon as possible. See “Critical Patch Updates and Security Alerts" on the Oracle website:

    http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Understanding the UIM Environment

When planning your UIM implementation, consider the following:

  • Which resources must be protected?

    For example:

    • You must protect customer data.

    • You must protect internal data, such as proprietary source code.

    • You must protect system components from being disabled by external attacks or intentional system overloads.

  • Who are you protecting data from?

    For example, if your business has service subscribers, you must protect their data from other subscribers, but someone in your organization might have to access that data to manage it. You can analyze your workflows to determine who needs access to the data; for example, a system administrator could manage your system components without needing to access the system data.

  • What happens if protections on strategic resources fail?

    In some cases, a fault in your security scheme is nothing more than an inconvenience. In other cases, a fault might cause great damage to you or your customers. Understanding the security ramifications of each resource helps you protect it properly.

Overview of UIM Security

Figure 1-1 shows all the various components that can comprise UIM, including the components to which it connects. Each installed or integrated component requires special steps and configurations to ensure system security.

Figure 1-1 UIM Components

Description of Figure 1-1 follows
Description of "Figure 1-1 UIM Components"

Recommended Deployment Scenarios

Figure 1-2 shows a single server deployment scenario: the simplest UIM deployment architecture.

Figure 1-2 Single Sever Deployment

Description of Figure 1-2 follows
Description of "Figure 1-2 Single Sever Deployment"

In this scenario, all the application components and data are kept on a single system, protected from external attacks by a firewall. The firewall can be configured to block known illegal traffic types. There are fewer resources to secure because all the components are on a single system and all the communication is local. Fewer ports have to be opened through the firewall.

Conversely, there are fewer points of attack, and if security is compromised, an attacker would have access to the entire system and data.

A single server deployment is best suited for test and lab environments.

A single server deployment is cost effective for small organizations but does not provide high availability because all components are stored on a single system.

Figure 1-3 shows a clustered server deployment: a scalable UIM deployment offering greater security and high availability.

Figure 1-3 Clustered Server Deployment

Description of Figure 1-3 follows
Description of "Figure 1-3 Clustered Server Deployment"

In this scenario, the application tier is isolated by firewalls from both the Internet and the intranet. The database and servers are protected from potential attacks by two layers of firewall. Both firewalls can be configured to block known illegal traffic types. The two layers of firewall provide intrusion containment. Although there are a greater number of components to secure, and more ports have to be opened to allow secure communication between the tiers, the attack surface is spread out.

Operating System Security

This section lists UIM-specific operating system security configurations. This section applies to all supported operating systems.

Firewall Port Configuration

UIM communicates through the firewall with various components on specific ports. Ensure that the operating system IPtables for the firewalls are configured to manage traffic on the following ports:

  • Port 22 (optional, both directions): Used by the File Transfer and Parsing cartridge for SSH communication. Close this port if you are not using the File Transfer and Parsing cartridge.

  • WebLogic Server SSL listen ports (both directions): Used by Administration and Managed servers for listening for traffic.

  • Oracle Database listener ports: Used to listen for Oracle Database traffic.

Close all unused ports, especially non-SSL ports. Opt for SSL-enabled ports, instead of non-SSL ports, for all communications (for example: HTTPS, IIOPS, t3s).

For more information about securing your operating system, see your operating system documentation.

Oracle Database Security

This section lists the UIM-specific security configurations for the Oracle Database:

For more information about securing Oracle Database, see Oracle Database Security Guide and Oracle Database Advanced Security Administrator's Guide.

Data Encryption

If your database connection is not configured to use data encryption, data is sent across the network in a format that is designed for fast transmission and can be decoded by interceptors given some time and effort.

It is also possible (but not recommended) to encrypt the UIM tablespace and schema, at the expense of system performance. Encrypting the schema and tablespace is not necessary, because the database is sufficiently secure without the encryption.

See Oracle Database Advanced Security Administrator's Guide for more information.

Secure Database Connections

Encrypting network data is a critical security measure that ensures that data traveling over the network is difficult to intercept and access. Secure network connections to the Oracle Database using the Oracle Advanced Security feature. You can configure the Oracle Database with either Network Data Encryption and SSL authentication, as both ensure that the data is secure while traveling over the network.

The Oracle Advanced Security feature also provides security against the following types of attacks:

  • Data modification attack, where an unauthorized party intercepts data in transit over the network, alters it, and transmits the altered data to the database.

  • Replay attack, where an unauthorized party repeatedly transmits entire sets of valid data.

SSL Authentication

Use the Oracle Advanced Security feature to enable SSL authentication, using a digital certificate, on data that travels over the network to the database. See Oracle Database Advanced Security Administrator's Guide for more information.

Using SSL authentication allows UIM to communicate with servers over an encrypted connection and to communicate with the database over an encrypted connection.

SSL authentication supports the following authentication modes:

  • Only the server authenticates itself to the client.

  • Both client and server authenticate themselves to each other.

  • Neither the client nor the server authenticate with each other (SSL encryption feature by itself).

WebLogic Server Security

For information about securing WebLogic Server, see Oracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server.

Authorization

Authorization is the process where the interactions between users and WebLogic Server resources are controlled, based on user identity or other information. In WebLogic Server, an Authorization provider is used to limit the interactions between users and WebLogic resources to ensure integrity, confidentiality, and availability.

For more information about changing WebLogic Server passwords, see the WebLogic Server Administration Console Help.

WebLogic Resources

A WebLogic Server resource is a structured object used to represent an underlying WebLogic Server entity, which can be protected from unauthorized access using security roles and security policies.

WebLogic resources are hierarchical. Therefore, the level at which you define these security roles and security policies is up to you. For example, you can define security roles and security policies on entire enterprise applications; an Enterprise Java Bean JAR containing multiple EJBs; a particular Enterprise Java Bean (EJB) within that JAR; or a single method within that EJB.

Security Policies

Security policies replace access control lists and answer the question “Who has access to a WebLogic server resource?" A security policy is created when you define an association between a WebLogic resource and one or more users, groups, or security roles. You can optionally define date and time constraints for a security policy. A WebLogic resource has no protection until you assign it a security policy.

Security policies are stored in an authorization provider's database. By default, the XACML Authorization provider is configured in a domain, and security policies are stored in the embedded LDAP server.

To use a user or group to create a security policy, the user or group must be defined in the security provider database for the authentication provider that is configured in the default security realm. To use a security role to create a security policy, the security role must be defined in the security provider database for the Role Mapping provider that is configured in the default security realm. By default, the authentication and XACML Role Mapping providers are configured in the database in the embedded LDAP server. Also by default, security policies are defined in WebLogic Server resources. These security policies are based on security roles and default global groups. You also have the option of basing a security policy on a user.

Secure Sockets Layer (SSL)

SSL enables secure communication between applications connected through the Web. WebLogic Server fully supports SSL communication. By default, WebLogic Server is configured for one-way SSL authentication. Using the WebLogic Server Administration Console, you can configure WebLogic Server for two-way SSL authentication.

  • To use one-way SSL from a client to a server, enable the SSL port on the server, configure identity for the server and trust for the client.

  • To use two-way SSL between a client and a server, enable two-way SSL on the server, configure trust for the server, and identity for the server.

    In either case, the trusted CA certificates must include the trusted CA certificate that issued the peer's identity certificate. This certificate does not necessarily have to be the root CA certificate.

To acquire a digital certificate for your server, generate a public key, private key, and a Certificate Signature Request (CSR), which contains your public key. Send the CSR request to a certificate authority and follow their procedures for obtaining a signed digital certificate.

After you have your private keys, digital certificates, and any additional trusted CA certificates that you may need, you must store them so that WebLogic Server can use them to verify identity. Store private keys and certificates in keystores.

For more information on security fundamentals, see the Oracle Fusion Middleware documentation:

http://docs.oracle.com

Logging Security

Oracle recommends a Logging level of ERROR for Logging Services. An explicit administrative action is required to change the log level. See UIM Developer's Guide for more information. When the log levels are set to DEBUG or lower, the log levels can contain raw exceptions and stack traces that could be exploited to compromise the security of your UIM system.

Oracle Security Documentation

UIM uses other Oracle products, such as Oracle Database and Oracle WebLogic Server. See the following documents, as they apply to UIM:

  • Oracle Database Security Guide

  • Oracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server

  • Oracle Application Server Security Guide

  • Oracle Application Server Administrator's Guide