4 Post-Installation Configuration
This section explains the additional security configuration steps to be completed after the Shipboard Property Management System has been installed.
Operating System
Turn On Data Execution Prevention (DEP)
Turn on DEP if required. See the Microsoft product documentation library for instructions.
Turning off Auto Play
Turn off Autoplay if required. See the Microsoft product documentation library at https://technet.microsoft.com/en-us/ for instructions.
Turning Off Remote Assistance
Turn off Remote Assistance if required. See the Microsoft product documentation library at https://technet.microsoft.com/en-us/ for instructions.
Application Software Patches
If a patch is available, download and apply the latest Shipboard Property Management System patches from My Oracle Support. Follow the deployment instructions included in the patch.
Software Certificates
If a Secure Sockets Layer (SSL) certificate is required, it must be configured either on the load balancer or in the IIS web server for communication to web services. Secure Sockets Layer (SSL) usage on the Shipboard Property Management System Security Server is mandatory.
The Self-signed certificate should be used only if the customer fails to provide a certificate from a Certificate Authority (CA). See the Oracle Hospitality Cruise Shipboard Property Management System Installation Guide for information about the installation of secure certificates.
Password Overview
Configuration of the Shipboard Property Management System product
passwords is performed in the Shipboard Property Management System
User Security module. Administrators should adopt a strong password
policy after the initial installation of the application and review
the policy periodically. Password verification functions are used
to ensure that the user password meets the minimum requirements of
complexity. Check and ensure the PASSWORD_VERIFY_FUNCTION
parameter for the user profile created in the Database is not NULL.
Maintaining Strong Passwords
-
The password must be at least 8 characters long.
-
The password must contain letters and numbers.
-
Must not choose a password equal to the last 3 passwords used.
Change Default Password
The Shipboard Property Management System is installed with a default administrative user and password. You must change the default administrative user password in the Shipboard Property Management System, following the above guidelines, after logging in for the first time.
Password Lifetime
The Shipboard Property Management System is installed with a default administrative user and password. You must change the default administrative user password in the Shipboard Property Management System, following the above guidelines, after logging in for the first time.
Configure User Accounts and Privileges
When setting up users for the Shipboard Property Management System
application, ensure that they are assigned the minimum privilege level
required to perform their job function. Set INACTIVE_ACCOUNT_TIME
in the profiles assigned to users to automatically lock accounts
that have not logged in to the database instance in a specified number
of days. It is also recommended to audit infrequently used accounts
for unauthorized activities.
Concurrent Sessions and Constraints
The database user by default has unlimited concurrent connections
but this may result in memory resource exhaustion or Denial-of-Service
attacks. It is advised to set the SESSIONS_PER_USER
for this. We recommend that you check for disabled constraints,
and determine where applicable if they need to be disabled, deleted,
or enabled as these are a potential cause for concern.