1. System Administrator's Guide
  2. Implementing Security
  3. Implementing System Security

18 Implementing System Security

Learn how to implement security in your Oracle Communications Billing and Revenue Management (BRM) system.

Topics in this document:

See also BRM Security Guide.

Using General System-Security Measures

You can use the usual database and operating-system security measures for the BRM system. For example, you can set up read/write/execute permissions and group permissions on files and programs.

As shipped, BRM uses encryption only for passwords. However, you can encrypt any string field. For more information, see "About Encrypting Information" in BRM Developer's Guide.

The following principles are fundamental to using any application securely:

  • Keep software up to date. This includes the latest product release and any patches that apply to it.

  • Monitor system activity. Establish who should access which system components, and how often, and monitor those components.

  • Install software securely. For example, use firewalls, secure protocols such as SSL, and secure passwords.

  • Keep up to date on security information. Oracle regularly issues security-related patch updates and security alerts. You must install all security patches as soon as possible.

    See "Critical Patch Updates, Security Alerts and Bulletins" on the Oracle website.

Understanding the BRM Environment

When planning your BRM implementation, consider the following:

  • Which resources need to be protected?

    • You need to protect customer data, such as credit-card numbers.

    • You need to protect internal data, such as proprietary source code.

    • You need to protect system components from being disabled by external attacks or intentional system overloads.

  • Who are you protecting data from?

    For example, you need to protect your subscribers' data from other subscribers, but someone in your organization might need to access that data to manage it. You can analyze your workflows to determine who needs access to the data; for example, a system administrator might be able to manage your system components without accessing the system data.

  • What will happen if protections on strategic resources fail?

    In some cases, a fault in your security scheme is nothing more than an inconvenience. In other cases, a fault might cause great damage to you or your customers. Understanding the security ramifications of each resource will help you protect it properly.

Oracle Security Documentation

BRM uses other Oracle products, such as Oracle Database and Oracle WebLogic Server.

For more information, see the following documents:

  • Oracle Database Security Guide

  • Oracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server

  • Oracle WebLogic Server documentation

Oracle documentation is available from Oracle Help Center:

http://docs.oracle.com