1 Security Guidelines

This guide provides details on security guidelines and recommendations.

• Configure strong passwords
  Although the importance of passwords is well known, the following basic rule of security management is worth repeating: Ensure all your passwords are strong
• Restrict access to sensitive files and directories
  Oracle recommends limiting the access to the files and directory containing sensitive information. In Linux environment, default files and directories to 740 or 640 permissions as applicable.
• Secure Policy Monitor
  You must secure Policy Monitor to protect data.
• Use two-way SSL
  Oracle recommends using two-way SSL while using WebLogic Application Server. HRL and XCA Gateway applications are standard Java EE applications and can utilize an industry standard security infrastructure and framework. There is no configuration required on the applications.
• Close unused open ports
  Keep only the minimum number of ports open. Close ports that are not in use.
• Keep Telnet service disabled for remote sessions
  By default, Telnet listens on port 23. Telnet, which sends clear-text passwords and user names through a log in, is a security risk to your servers.
• Keep other unused services disabled
  To ensure security, disable unused services.
• Integrate application-generated logs
  Use a centralized log monitoring tool that collects application-generated logs from Oracle Health Sciences Information Manager.