Basic Security Considerations
-
Keep software up to date. This includes the latest product release and any patches that apply to it.
-
Limit privileges as much as possible. Users should be given only the access necessary to perform their work. User privileges should be reviewed periodically to determine relevance to current work requirements.
-
Keep the operating system up to date. Avoid using operating systems that has reached end of life, including the systems that communicate with TPS for token exchange.
-
Monitor system activity. Establish who should access which system components, and how often, and monitor those components.
-
Install software securely. For example, use firewalls, secure protocols using TLS (SSL), and secure passwords. Performing a Secure Token Proxy Service Installation has more information on installing the software securely.
-
Learn about and use the Token Proxy Service security features. Implementing Token Proxy Service Security has more information on the Token Proxy Service security features.
-
Use secure development practices. For example, take advantage of existing database security functionality instead of creating your own application security.
-
Keep up to date on security information. Oracle regularly issues security-related patch updates and security alerts. You must install all security patches as soon as possible. Oracle’s Critical Patch Updates and Security Alerts website has more information on security-related patch updates and security alerts: http://www.oracle.com/technetwork/topics/security/alerts-086861.html