 |
The Largest Online Resource for Oracle Articles, Oracle Tips, Oracle Scripts & Oracle Tools!!
|
|
Author: Sam The default installation of Oracle Applications comes with a number of default passwords. These passwords may be at the application level as well as at the database level. It is the responsibility of Oracle database administrator to secure the installation of Oracle applications. In this article I will give some effective tips that will help you secure your Oracle Applications installation. Seeded Application Accounts: The base installation of Oracle Applications comes with a number of seeded application accounts. You must change the passwords for all Oracle Applications seeded accounts even though these accounts may be already be disabled. Most of these seeded accounts will be disabled except SYSADMIN and GUEST accounts. Database User Accounts: Database User Accounts include APPS,APPLSYS and other database user ids . The passwords for these database user accounts must be changed. You can use FNDCPASS to do this change. You can also use the ALLORACLE option for all the schemas in one go on RUP3 . Generic Application User Accounts: It is recommended not to use generic Oracle Applications user accounts for the purpose of scheduling concurrent programs or running batch jobs. Guest Application User Account: The default password for guest account is ORACLE or GUEST. Make sure that its password is changed from the default. Password Policies: Password polices must be enforced while creating a new Oracle applications user. You can use expiry time or UMX module to enforce password policies. User Management (UMX) module by default ensures a strong password policy to be adopted when new users are created by it. UMX can be implemented on 11.5.10 or higher. Read Only Schema: Mostly Oracle Applications inherits read only access to objects due to creation of read only schema. It is recommended not to create read only schemas for your oracle applications as it only results in the newly created user having access to the APPLSYS.FND_USER and APPLSYS.FND_ORACLE_USERID . Validate Node Checking: It is important to implement validate node checking on production systems. By default it is enabled in all default installations of Oracle applications starting from 11.5.10 onwards. You can implement validate node checking through sqlnet.ora . Login Validation in Oracle Applications: The APPLSYSPUB account enables the login validation in Oracle Applications. It has a default password which cannot be changed. No unnecessary objects should be associated or accessible with this schema. Logging: Enabling logging for Oracle Applications Database listener can aid you in tracing back all connections to your database and detecting unwarranted connections. Password Protecting Database Listener: By default the database Listener does not have password associated with then. Make sure that your database listener is password enabled . autoconfig: autoconfig includes the latest security fixes and hence your application must be autoconfig enabled. By default autoconfig is implemented in all latest releases of Oracle Applications. Auditing: Auditing involves a number of overheads and effect the performance of your application. Oracle Applications Audit Trails must be enabled to include at least the critical Oracle Applications Tables . You must enable auditing at the database level to include user sessions database links as well as audit sessions. Make sure the sign-on audit is enabled in your Oracle Applications. Indexing: The information available and block access to unwanted areas can be restricted by disabling indexing for your Oracle Applications web server . Hiding Web Application Tier: You can implement reverse proxies and firewalls if you are implementing advanced configurations in your Oracle Applications. This will prevent the exposure of your web application tier to the outside world. Secure Operating System: Make sure the Operating System on which your Oracle Application runs is secure. You should have strong password for the root applmgr and oracle users . There should not be unnecessary permissions on your filesyetms. You can also enable auditing for your OS users root applmgr and oracle. Database Links: Always remove any unused database links that may exist in your Oracle Applications Database. Cloned Instances: Always change the passwords for all application and database user accounts after the cloning process. This will prevent decryption of passwords from a relatively unsecured development environment. Latest Certified Database: Upgrading to the latest certified database release diminished most of security risks. For example 11.5.10.2 can be upgraded to Oracle 10g R2. Critical Patch Updates: The latest Critical Patch Updates must be applied to your database. A CPU release addresses priority security threats identified by Oracle. Latest Security Alerts: Make sure you apply the latest Security Alerts to your Oracle Applications. Read Again!!
More Oracle Articles, Database Articles and DBA Tips 
|
|||
The name Oracle is a trademark of Oracle Corporation. Any other names used on this website may be trademarks of their respective owners