1. Security Guide
  2. SilverWhere Security Overview

2 SilverWhere Security Overview

This chapter provides an overview of Oracle Hospitality Cruise SilverWhere security and explains the general principles of application security.

Basic Security Considerations

The following principles are fundamental to using any application securely:

  • Keep software up to date. This includes the latest product release and any patches that apply.

  • Limit privileges as much as possible. Users should be given only the access necessary to perform their work. User privileges should be reviewed periodically to determine relevance to current work requirements.

  • Monitor system activity. Establish who should access which system components, and how often, and monitor those components.

  • Install software securely. Use firewalls, secure protocols using Transport Layer Security (TLS)/Secure Socket Layer (SSL), and secure passwords.

  • Use secure development practices. Take advantage of existing database security functionality or create your own application security.

  • Keep up to date on security information. Oracle regularly issues security-related patch updates and security alerts. You must install all security patches as soon as possible. See the “Critical Patch Updates and Security Alerts” website: http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Overview of SilverWhere Security

SilverWhere Architecture Overview

SilverWhere uses N-Tier Architecture and is a collection of applications and interfaces. They can be deployed either on shore side or ship side. It is scalable and does not have to be deployed on a single machine.

Understanding the SilverWhere Environment

When planning your SilverWhere implementation, consider the following:

  • Which resources need to be protected?

    • You need to protect customer data.

    • You need to protect internal data, such as proprietary source code.

    • You need to protect system components from being disabled by external attacks or intentional system overloads.

  • Who are you protecting data from?

    For example, you need to protect your subscribers’ data from other subscribers, but someone in your organization might need to access that data to manage it. You can analyze your workflows to determine who needs access to the data. For example, it is possible that a system administrator can manage your system components without needing to access the system data.

  • What will happen if protections on strategic resources fail?

    In some cases, a fault in your security scheme is nothing more than an inconvenience. In other cases, a fault might cause great damage to you or your customers. Understanding the security ramifications of each resource will help you protect it properly.

Recommended Deployment Configuration

This section describes recommended deployment configurations for SilverWhere Program.

The SilverWhere can be deployed on a single server or in a cluster of servers. The simplest deployment architecture is the one shown in figure Figure 2-1 .

This single-computer deployment may be cost effective for small organizations; however, it cannot provide high availability because all components are stored on the same computer. In a single server environment such as the typical installation, the server should be protected behind a firewall.

Figure 2-1 Simple Computer Deployment Architecture


This figure shows the Simple Computer Deployment Architecture

The general architectural recommendation is to use the well-known and generally accepted Internet-Firewall-DMZ-Firewall-Intranet architecture as shown in below figure.

Figure 2-2 Traditional DMZ View


This figure shows the Traditional DMZ View

The term demilitarized zone (DMZ) refers to a server that is isolated by firewalls from both the Internet and the Intranet, thus forming a buffer between the two. Firewalls separating the DMZ zones provides two essential functions:

  • Blocking any traffic types that are known to be illegal

  • Providing intrusion containment, should successful intrusions take over processes or processors.

Component Security

Operating System Security

Before installing the SilverWhere application, the operating system must be updated with the latest security updates.

See the following Microsoft TechNet articles for more information about operating system security for:

Oracle Database Security

See Oracle Database Security Guide for more information about Oracle Database security.

Web Security

Use only HTTPS or Transport Layer Security (TLS) security obtained from a certification authority for the SilverWhere application.