4 Post-Installation Configuration
This section explains the additional security configuration steps to complete after the Shipboard Property Management System is installed.
Operating System
Turn On Data Execution Prevention (DEP)
Turn on DEP if required. Refer to the Microsoft product documentation library for instructions.
Turning off Auto Play
Turn off Autoplay if required. Refer to the Microsoft product documentation library at https://technet.microsoft.com/en-us/ for instructions.
Turning Off Remote Assistance
Turn off Remote Assistance if required. Refer to the Microsoft product documentation library at https://technet.microsoft.com/en-us/ for instructions.
Software Patches
If a patch is available, download and apply the latest SPMS patches from My Oracle Support. Follow the deployment instructions included with the patch.
Software Certificates
If a Secure Sockets Layer (SSL) certificate is required, it must be configured either on the load balancer or in the IIS web server for communication to web services. Secure Sockets Layer (SSL) usage on the SPMS Security Server is mandatory.
The Self-signed certificate should be used only if the customer fails to provide a certificate from a Certificate Authority (CA). See SPMS Installation Guide for information about the installation of secure certificates.
Password Overview
Configuration of the SPMS product passwords is performed at the
SPMS User Security module. Administrators should adopt a strong password
policy after the initial installation of the application and review
the policy periodically. Password verification functions are used
to ensure that the user password meets the minimum requirements of
complexity. Check and ensure the PASSWORD_VERIFY_FUNCTION
parameter for the user profile created in the Database is not NULL.
Maintaining Strong Passwords
-
The password must be at least 8 characters long.
-
The password must contain letters and numbers.
-
You must not select a password equal to the last three passwords used.
Change Default Password
The SPMS is installed with a default administrative user and password. You must change the default administrative user password in SPMS, following the above guidelines, after logging in for the first time.
Password Lifetime
The Shipboard Property Management System is installed with a default administrative user and password. You must change the default administrative user password in the Shipboard Property Management System, following the above guidelines, after logging in for the first time.
Configure User Accounts and Privileges
When setting up users for the SPMS application, ensure that they
are assigned the minimum privilege level required to perform their
job function. Set INACTIVE_ACCOUNT_TIME
in the profiles
assigned to users to automatically lock accounts that have not logged
in to the database instance in a specified number of days. It is also
recommended to audit infrequently used accounts for unauthorized activities.
Concurrent Sessions and Constraints
The database user by default has unlimited concurrent connections
but this may result in memory resource exhaustion or Denial-of-Service
attacks. It is advised to set the SESSIONS_PER_USER
for this. It is recommend that you check for disabled constraints,
and determine where, if applicable, they need to be disabled, deleted,
or enabled as they are a potential cause for concern.