Network Security in the Oracle Health Insurance Environment
When deploying Oracle Health Insurance applications onto a network there are many security issues to take into consideration, especially the use of firewall and VPN technologies. A firewall will permit or deny network permissions based on configured rules, to protect the internal network from malicious actions while permitting legitimate communications.
Firewalls perform the following functions in a typical Oracle Health Insurance environment:
-
Guard the company Intranet from unauthorized outside access.
-
Separate Intranet users accessing the Oracle Health Insurance system from internal subnetworks where critical corporate information and services reside.
-
Protect from IP spoofing and routing threats.
-
Prohibit unauthorized users from accessing protected networks and control access to restricted services.
-
Throttle requests / apply rate limiting.
-
Act as Web Application Firewall protecting against malicious requests.
A typical Oracle Health Insurance environment usually has the following security zones:
-
Internet - External web service clients may come from outside of the company network.
-
Intranet - A company network separated by the external firewall that gives remote workers access to the Oracle Health Insurance user interface. This is also where Oracle Health Insurance web servers and / or load balancers may be placed. Alternatively, for additional protection, web and load balancing servers may be placed in a separate demilitarized zone (DMZ) where external and internal clients first interact with the Oracle Health Insurance environment.
-
The Oracle Health Insurance application server and database zone - The Oracle Health Insurance application servers, database servers and possibly authentication servers (for example, if a customer chooses to delegate authentication using LDAP servers) typically reside in this zone.
Ensure that the firewalls used to secure an Oracle Health Insurance environment support the HTTP 1.1 protocol; it enables browser cookies and inline data compression for improved performance.