1. Security Guide
  2. Security overview

1 Security overview

In this chapter:

Application security overview

To ensure security in the Oracle Health Sciences Central Designer application, carefully configure all system components, including the following third-party components:

  • Web browsers
  • Firewalls
  • Load balancers
  • Virtual Private Networks (VPNs)

Parent topic: Security overview

General security principles

Keep software up to date

Keep all software versions and patches up to date.

Keep up to date on the latest Critical Patch Updates

Oracle continually improves its software and documentation. Critical Patch Updates are the primary means of releasing security fixes for Oracle products to customers with valid support contracts. They are released on the third Tuesday of January, April, July, and October (they were previously published on the Tuesday closest to the 17th day of January, April, July, and October).

Oracle highly recommends that customers apply these patches as soon as they are released.

Require complex and secure passwords

In the Oracle Health Sciences Central Designer Administrator application, an administrator should require that each user password meets the following requirements, which you set in the Security section, that you access by clicking System Config, and then Settings in the Oracle Health Sciences Central Designer Administrator application:

  • Expires every 90 days. Configure this option in the Passwords expire every field.
  • Has not been used recently. Configure the number of previously-used passwords that cannot be reused in the Enforce password history field.
  • Contains a minimum of 8 characters. Configure this option in the Minimum password length field.
  • Contains at least two of the following. Configure this option by setting the Password complexity setting to High.
    • One letter and one number.
    • One non-alphanumeric character.
    • One upper-case and one lower-case letter, character, and at least either one number or special character.

For more information, see Configure strong user passwords.

Keep passwords private and secure

All users should change their passwords when they log in for the first time.

Tell users never to share passwords, write down passwords, or store passwords in files on their computers. For more information, see Passwords for new users.

Lock computers to protect data

Encourage users to lock computers that are left unattended. For more information, see Login security.

Provide only the necessary rights to perform an operation

Assign users to roles, and assign rights to roles so that users can perform only the tasks necessary for their jobs.

For more information, see:

Parent topic: Security overview