4.1.2 Harden the Browser

This topic provides information on hardening the browser.

Oracle FLEXCUBE Investor Servicing is certified for usage in different browsers. Please refer the respective release documents on the versions of browsers on which Oracle FLEXCUBE Investor Servicing has been certified Each of these browsers provide recommendations from a security perspective and customers are encouraged to employ the recommendations provided by them.

In all browsers, it is recommended to enable the pop-up blocker with a specific rule to disable pop-up-blocking for the Oracle FLEXCUBE Investor Servicing web application.

Please refer < Client_Browser_Settings.doc > for more information.

Customers are encouraged to employ the recommendations provided by Microsoft in the above mentioned guides.

Among the guidelines provided in these documents, Oracle Financial Services specifically recommends the following settings to all customers of Oracle FLEXCUBE Investor Servicing

  • Certificate Security

    Ensure the usage of SSL 3.0 and TLS 1.0. Disable SSL 2.0 as it is an insecure protocol.

  • Privacy Settings

    Set Form auto complete options to Disabled. This will prevent inadvertent caching of data keyed by users.

Application of the following recommendations from Microsoft is not recommended:

  • Privacy Settings

    Empty Temporary Internet Files Folder When Browser is closed – Oracle FLEXCUBE Investor Servicing relies heavily on client-side caching performed by supported using this folder. The application will behave slowly after this setting is enabled, since the browser will download resources from the server after every browser restart. Hence, it is not recommended to enable this setting. It should be noted that the details of transactions performed by the Oracle FLEXCUBE Investor Servicing users are not cached in the Temporary Internet Files folder (irrespective of this setting).

  • Other Security Recommendations

    Do not Save encrypted pages to disk – By default, supported stores both encrypted and unencrypted content in the Temporary Internet Files folder. Enabling this setting is bound to cause performance issues (especially when Oracle FLEXCUBE Investor Servicing is accessed over HTTPS), since the browser will no longer cache resources. As stated before, details of transactions performed by users will not be cached in the Temporary Internet Files folder (irrespective of this setting).

Parent topic: Desktop Security