2.2.2 Security View

The security view of the architecture and use of security features of the network in a Behavior Detection architecture deployment is illustrated in Figure 2. Behavior Detection uses inbuilt SMS for its authentication and authorization. The SMS has a set of database tables which store information about user authentication.

Installation of 128-bit encryption support from Microsoft can secure the Web browser. Oracle encourages using the Secure Socket Layer (SSL) between the Web browser and Web server for login transaction, While the Web Application server uses a browser cookie to track a user's session, this cookie is temporary and resides only in browser memory. When the user closes the browser, the system deletes the cookie automatically.

The application uses Advanced Encryption Standard (AES) security to encrypt passwords that reside in database tables in the configuration schema on the database server and also encrypts the passwords that reside in configuration files on the server.

Figure 2-2 Oracle Financial Services/ Architecture—Security View

The EAM tool is an optional, third-party, pluggable component of the security view. The tool’s integration boundaries provide an Authorization header, form field with principal, or embedded principal to the Web Application server through a Web server plug-in. The tool also passes the same user IDs that the Currency Transaction Reporting directory server uses.