Security Practices Guide
Contents
1. 5 7 5 5 1 Enforce the Usage Of SSL L nanna near 5 7 5 5 2 Ensure the Servlet Servlet is Disabled nn 5 7 Securing the Switch Integration Gateway ssssssseeeennnnnennnznnznnnznnzza 6 1 DT OVON ee a A E idilio 6 1 6 2 Securing the link to Switch Integration Gateway ooococonnnnncccnnnncoccccccnnoncncncnnnancnnnnnno 6 1 6 2 1 Usage of a Dedicated Channel nnnnennn nn nnnnzzn rra 6 1 6 2 2 Usage of a Dedicated Server nn nn 6 1 6 3 Securing the Link to the Integration Gatewav sen nenen nanna 6 1 6 3 1 Usage of a Secure Channel r Ee O E nn anna 6 1 Desktop Securities 7 1 7 1 Application of Security Patches nn 7 1 7 2 Hardening the BrOWSET netta nanna 7 1 7 2 1 Hardening Internet Explorer sse nnnnennnnnnnznn nn nnnnnnn nn nanna 7 1 7 3 Terminal Lockout Policy tic xini iii e ten tddi 7 2 Oracle FLEXCUBE Universal Banking Controls nn 8 1 8 1 OVENVIEW iii a B an cuit eg B g jda d d 8 1 8 27 Disable LOGGING cicatrices 8 1 9 3 Auditr Trail Reports cid tia 8 1 8 4 Security Violation Report nn n e E AEE EEIT 8 1 8 4 1 Sign on Messages Aer aerer Er F AEAT EARE EE AEEA EEEE AE EET TREER 8 2 8 5 Displav Print User Profile nn arr rna AA 8 2 3 6 Clear User Profile iure ladilla 8 2 8 7 Change User Pass WoTO iociiciicioninnmicccic en nneidn irka dakka nnutata ta dada tea dekan 8 2 8 68 siList of Lo ed in USCIS xiicstecisaccttecuesilascaceus tarifa Fi ik2. Secure scripts containing usernames and passwords e Verify that set user id SUID and set group id SGID are not set on binaries In general Oracle recommends that the SUID and SGID bits to be removed from binaries shipped by Oracle On windows systems NTFS must be used The FAT FAT32 file system provides no security The database and applications require that the underlying operating system provide certain services e Electronic Mail 41 ORACLE 4 3 4 4 FCUBS may require access to a SMTP Mail Transfer Agent SMTP MTA typically send mail This is required for outbound emails typically notifications from FCUBS if this feature is desired by the financial institution If possible restrict access to the operating system users who absolutely need the mail facility from the shell e Remote Access Use secure shell ssh to access middle tier and database hosts This replaces telnet rsh rlogin rcp and ftp The following services may provide operational convenience e NTP Network Time Protocol for synchronizing the clock on the UNIX hosts to provide accurate audit records and simplify trouble shooting e CRON for operating system cleanup and log file rotation Authentication Good security requires secure accounts e Make sure that all OS accounts have a non guessable password To ensure that the passwords are not guessable use crack or john the ripper password cracking tools on a regular basis Often peo
3. always logged to the directory ORACLE_HOME rdbms audit unless AUDIT_FILE_DEST property is overridden This file contains the operating system user and terminal ID If AUDIT_TRAIL is set to OS review audit records stored in the file name in AUDIT_FILE_DEST If AUDIT_TRAIL is set to DB retrieve audit records from the SYS AUD table The contents can be viewed directly or via the following views e DBA AUDIT EXISTS e DBA_AUDIT_OBJECT e DBA AUDIT SESSION e DBA AUDIT STATEMENT e DBA AUDIT TRAIL DBA OBJ AUDIT OPTS e DBA PRIV AUDIT OPTS e DBA STMT AUDIT OPTS The audit trail contains a lot of data begin bv focusing on the following e Username Oracle Username e Terminal Machine from which the user originated e Timestamp Time the action occurred e Object Owner The owner of the object that the user touched e Object Name The name of the object that the user touched e Action Name The action that occurred against the object INSERT UPDATE DELETE SELECT EXECUTE Archive and purge the audit trail on a regular basis at least every 90 days The database connection entries take up significant space Backup the audit file before purging Audit data may contain confidential or privacy related data Restrict audit trail access appropriately 2 ORACLE 3 6 3 7 3 8 3 9 It must be noted that auditing features can impose a significant performance overhead Auditing should thus be limited to the set of items out
4. bugs in such software can be exploited by an attacker resulting in a security incident Operating System Users and Groups It is recommended to minimize the number of user accounts on the host for easier auditing and management Besides it reduces the risk of unauthorized personnel accessing the server It is recommended to create user accounts with names that are not easily guessable There should be at least two system administrator accounts for a server to ensure backup in the eventuality of one account being locked Passwords for all accounts should be strong passwords this should be enforced by the operating system for instance via the pam configuration in UNIX Passwords should not be easy to guess and neither should they be stored in an insecure media or written down for easy remembrance Passwords should be set to expire periodically 60 90 days is the recommended period Passwords for privileged accounts may have a shorter lifecycle Restrict File System Access It is recommended to use a file system that allows maintenance of access rights a ORACLE 2 6 2 7 2 8 2 9 2 10 In Windows NTFS allows for ACLs to be maintained at the most granular level however due care should be exercised when granting file system privileges to the Everyone group Similarly in UNIX like operating systems privileges should not be granted to the Nobody user and group unless absolutely required Netwo
5. files e When the database is huge do incremental exports delta or differential exports and take online table space backups e Use RMAN secure backup to ensure that the backups stolen from the production deployed system cannot be restored in another remote system Additionally you may use data masking a feature offered by Oracle Enterprise Manager to move the data from the production environment to a test environment Both the activities mentioned in this step are crucial steps towards securing confidential customer data e Store the database backups for the required period as per the regulations and bank s history retention policies Store these backups securely with access given only to authorized users User Identification and Authentication For details on implementation of authentication process refer to the document lt SSO configuration doc gt For details on authorization refer to the document on access control Privacy Controls Oracle FLEXCUBE has a Tokenization mechanism in place A token is created for every request that hits the server in order to avoid forgery attacks Also in order to avoid clickjacking and frame spoofing attacks Oracle FLEXCUBE has respective header and code configurations Privacy control and content type has also been placed Transmission Integrity and Confidentiality Transport Layer Security TLS and Secure Sockets Layer SSL are cryptographic protocols that provide communicatio
6. guests should have access to a production system For this reason do not allow guest access Authorization Only run NFS as needed apply latest patches When creating the etc exports file use limited access flags when possible such as readonly or nosuid By using fully qualified hostnames only the named host may access the file system 2 ORACLE 4 5 Device files dev null dev ttv and dev console should be world writable but NEVER executable Most other device files should be unreadable and non writable bv regular users Alwavs get programs from a known source Use a checksum to verifv thev have not been altered Create minimal writable file svstems esp svstem files directories Limit user file writes to their own directories and tmp Add directories for specific groups Limit important file access to authorized personnel Use setuid setgid only where absolutely necessary Maintenance Good security practice does not end after installation Continued maintenance tasks include Install the latest software patches Install latest operating system patches Verify user accounts delete or lock accounts no longer required Run security software and review output Keep up to date on security issues by subscribing to security mailing lists reading security news groups and following the latest security procedures Implement trusted file systems like NIS NIS or others such as HP UX trusted system Test the sys
7. in the following documents for the respective versions of the browsers e Internet Explorer 7 Desktop Security Guide e Internet Explorer 8 Desktop Security Guide Customers are encouraged to employ the recommendations provided by Microsoft in the above mentioned guides Among the guidelines provided in these documents Oracle Financial Services specifically recommends the following settings to all customers of FLEXCUBE UBS e Certificate Security Ensure the usage of SSL 3 0 and TLS 1 0 Disable SSL 2 0 as it is an insecure protocol e Privacy Settings Set Form autocomplete options to Disabled This will prevent inadvertent caching of data keyed by users Application of the following recommendations from Microsoft is not recommended e Privacy Settings Empty Temporary Internet Files Folder When Browser is closed Oracle FLEXCUBE UBS relies heavily on client side caching performed by Internet Explorer using this folder The application will behave slowly after this setting is enabled since the browser will download resources from the server after every browser restart Ta ORACLE 7 3 Hence it is not recommended to enable this setting It should be noted that the details of transactions performed by the FLEXCUBE UBS users are not cached in the Temporary Internet Files folder irrespective of this setting e Other Security Recommendations Do not Save encrypted pages to disk By default Internet Explorer stores both encr
8. is restricted from accessing a branch then the menu list on the left pane of Oracle FLEXCUBE will not be visible when the user logs in to the restricted branch Thus the user will not be allowed to perform any transaction Managing Access Rights based on User Roles Based on the user ID user role mapping the user access to various modules in Oracle FLEXCUBE can be restricted For example a user with the role Bank Clerk may be provided access to Customer Creation Customer Account Opening Term Deposits Opening and Liquidation screens But the same user s access to User Creation screen can be restricted Managing Access Rights based on Function ID If function ID based restriction is applied for a user the user will not be able to invoke the restricted function ID or screen even from the menu Managing Access Rights based on Product Account Oracle FLEXCUBE allows restriction of user access to certain account classes and products If this restriction is applied the user will not be allowed to create the specific account or transaction under the restricted account class and product a ORACLE 9 4 9 5 9 6 9 7 9 8 Information Flow Enforcement Oracle FLEXCUBE provides for information flow from GUI to the application server in the form of request XML files Oracle FLEXCUBE validates the request XML files If malicious data entry is found in the body of the XML file such files are filtered out from further proc
9. is set at 1 during End of Day operations only the End of Day operators will have access to the application The other users will be denied access ae ORACLE 9 1 9 2 9 3 9 3 1 9 3 2 9 3 3 9 3 4 9 Generic Information Introduction This chapter contains the generic information with regard to the security practices in Oracle FLEXCUBE Universal Banking User Management Oracle FLEXCUBE Universal Banking provides for the creation of new users through User Maintenance screen SMDUSRDP Once the new user details are authorized the system will automatically send a mail that contains the login credentials to the user s email ID This ensures that the user password is known only to the respective user On the first login the user is forced to change the password The automatically generated password is hashed iteratively after being appended with a randomly generated salt value The hashing algorithm used is of SHA 2 family and above User privileges are maintained by user roles The user role details captured in the system are mapped to the respective users in the User Maintenance screen The user is provided access to various modules in Oracle FLEXCUBE based on the user user role mapping Access Enforcement In Oracle FLEXCUBE you can manage the user access rights in the following four ways Managing Access at Branch Level You can restrict the access rights at the branch level If a user
10. lt web resource name gt FLEXCUBE UBS lt web resource name gt lt description gt All endpoints secured lt description gt lt url pattern gt lt url pattern gt lt web resource collection gt lt user data constraint gt lt transport guarantee gt CONFIDENTIAL lt transport guarantee gt lt user data constraint gt lt security constraint gt Ensure the Servlet Servlet is Disabled Oracle FLEXCUBE Universal Banking does not use the ServletServlet to create default mappings for servlets All servlets are directly mapped to the required URLs Ensure that the following code snippet or a similar one that uses the weblogic servlet ServietServlet does not exist in the web xml of the Oracle FLEXCUBE Universal Banking web application lt servlet gt lt servlet name gt ServletServlet lt servlet name gt vit ORACLE lt servlet class gt weblogic servlet ServletServlet lt servlet class gt lt servlet gt wp155784wp155784 lt servlet mapping gt lt servlet name gt ServletServlet lt servlet name gt lt url pattern gt myservlet lt url pattern gt lt servlet mapping gt e ORACLE 6 1 6 2 6 2 1 6 2 2 6 3 6 3 1 6 Securing the Switch Integration Gateway Overview Oracle FLEXCUBE Universal Banking supports communication with external channels one of them being ATM switches The below listed set of measures are recommended for securing the communication between the ATM switch and the Switch In
11. redologs should be set up from the date of going live It is recommended that e Backup of all database related files viz data files control files redologs archived files init ora config ora etc should be taken at the end of the day e The tape can be recycled every week by having day specific tapes e On line backup of archived redo log files onto a media to achieve to the point recovery in case of crash shutdown etc recycled every day e Complete export of database and softbase should be done atleast once in a week and this can be stored off site media can be recycled in odd and even numbers e Complete backup of the Oracle directory excluding the database related files to be taken once in a month This media can be recycled bimonthly e When the database is huge incremental exports and on line tablespace backups are recommended The above strategy may be improvised by the Oracle DBA depending on the local needs The backup operations are to be logged and tapes to be archived in fireproof storages oe ORACLE 3 1 3 2 3 3 3 4 3 Oracle Database Security Overview This section contains security recommendations for the Database Hardening Review database links in both production and development environments Unwanted links need to be dropped Authentication Middle tier applications logon to the database through application schemas rather than end user accounts Some individuals IT Administrato
12. Access to OS Users Access rights to the Oracle Home WebLogic Server product directory and the WebLogic domain directories should be provided only to the WebLogic Owner user Privileged users will anyway have access to the WebLogic Server installation by default Users in the Others category can be restricted from reading the afore mentioned directories Ensure that the following files in the WebLogic installation are available only to the WebLogic owner e The security LDAP database which is usually located in the WL_HOME user_projects domains DOMAIN_NAME servers SERVER_NAME data ldap ldapfiles directory e The keystore used in the keystore configuration of the server s e The Root Certificate Authority keystore Oracle WebLogic Server provides persistent stores for several subsystems some of which are utilized by Oracle FLEXCUBE Universal Banking Ensure that access to the persistent file stores based on files is restricted to the WebLogic owner OS user The default persistent file store is located in the data store default directory under the servername subdirectory under the WebLogic domain s root directory If custom user defined persistence stores have been created the same restrictions should be applied on the files and directories used by such stores Usage of Protected Ports In the case of Oracle WebLogic Server e Operate WebLogic Server using an unprivileged account bind to unprotected ports and use
13. NAT to map protected ports to the unprotected ports e Configure WebLogic Server to start with a privileged account bind to protected ports and then change the user account to an unprivileged user account For this purpose Oracle WebLogic Server on UNIX needs to be configured to have a post bind user ID or group ID For additional details refer to the section Create and configure machines to run on UNIX in the Administration Console Online Help Choice of the SSL Cipher Suite Oracle WebLogic Server allows for SSL clients to initiate a SSL connection with a null cipher suite The null cipher suite does not employ any bulk encryption algorithm thus resulting in transmission of all data in clear text over the wire The default configuration of Oracle WebLogic Server is to disable the null cipher suite Ensure that the usage of the null cipher suite is disabled preventing any client from negotiating an insecure SSL connection Furthermore for installations having regulatory requirements requiring the use of only high cipher suites Oracle WebLogic Server can be configured to support only certain cipher suites The restriction can be done in config xml of the WebLogic domain Provided below is an example config xml restricting the cipher suites to those supporting 128 bit symmetric keys or higher and using RSA for key exchange lt ssl gt a2 ORACLE 5 3 6 5 3 7 lt enabled gt true lt enabled gt lt cipher
14. OP etc Usage of Domain wide Administration Port for Administrative Traffic When Oracle WebLogic Server is configured to enable administrative access via the administration port data is exchanged over SSL preventing any attacker from sniffing sensitive information about the WebLogic Server configuration Furthermore once the Administration port is enabled WebLogic Server will serve administration requests on a dedicated port with dedicated resources A denial service attack mounted on the HTTP HTTPS channels will not prevent administrators from logging into the WebLogic Server administration console to take corrective actions Hence it is recommended to enable the use of the administration port Additionally employ firewall rules or WebLogic Connection Filters to restrict access to the Administration Port to trusted machines from where administrators can log in Do note that the Administration Port requires that SSL be enabled on every Managed Server Additionally the administration port will be common across all servers in the domain Further details on configuring the administration port can be found in the Administration Console Online Help guide in the Oracle WebLogic Server documentation a ORACLE 5 3 8 5 3 9 5 3 10 5 4 5 4 1 Secure the Embedded LDAP Port In a WebLogic Server cluster restrict access to the embedded LDAP server port only to machines in the WebLogic Server cluster through the user o
15. ORACLE Security Practices Guide Oracle FLEXCUBE Universal Banking Release 12 0 2 0 0 Part No E49740 01 September 2013 Security Practices Guide September 2013 Oracle Financial Services Software Limited Oracle Park Off Western Express Highway Goregaon East Mumbai Maharashtra 400 063 India Worldwide Inquiries Phone 91 22 6718 3000 Fax 91 22 6718 3001 www oracle com financialservices Copyright 2007 2013 Oracle and or its affiliates All rights reserved Oracle and Java are registered trademarks of Oracle and or its affiliates Other names may be trademarks of their respective owners U S GOVERNMENT END USERS Oracle programs including any operating system integrated software any programs installed on the hardware and or documentation delivered to U S Government end users are commercial computer software pursuant to the applicable Federal Acquisition Regulation and agency specific supplemental regulations As such use duplication disclosure modification and adaptation of the programs including any operating system integrated software any programs installed on the hardware and or documentation shall be subject to license terms and license restrictions applicable to the programs No other rights are granted to the U S Government This software or hardware is developed for general use in a variety of information management applications It is not developed or intended for use in any inherently dang
16. T personnel Documentation Accessibility For information about Oracle s commitment to accessibility visit the Oracle Accessibility Program website at http www oracle com pls topic lookup ctx acc id docacc Organization of the Document The document addresses the areas of installation configuration deployment and operation of Oracle FLEXCUBE Universal Banking in the below described manner About this Manual gives information on the intended audience It also lists Chapter 1 the various chapters covered in this User Manual Data Center Practices prescribes generally accepted practices for install Chapter 2 ing configuring and operating the software components of Oracle FLEX CUBE Universal Banking in a data center Oracle Database Security describes the measures to be undertaken to Chapter 3 harden and secure the Oracle Database Server in the Oracle FLEXCUBE Universal Banking installation Database Operating Environment Security gives security recommenda Chapter 4 tions for tightening Oracle file system security along with more general advice for overall system hardening Application Server Security describes the measures to be undertaken to Chapter 5 harden and secure the Oracle WebLogic Server in the Oracle FLEX CUBE Universal Banking installation Securing the Switch Integration Gateway describes the measures recom Chapter 6 mended for securing communication between the ATM switch and
17. UBE also has history table to record all internal monetary transactions The message browsers a user friendly GUI in Oracle FLEXCUBE captures monitors both incoming and outgoing transaction messages On the security front Oracle FLEXCUBE works in conjunction with Oracle Access Manager OAM You may also use HP Web Inspect a dynamic application security testing software for assessing security vulnerabilities This tool is an automated and configurable web application security testing tool that mimics real world hacking techniques and attacks CA Site Minder provides the enterprise class secure Single Sign On SSO and Web access management that authenticates users and controls access to Web applications and portals across Internet and Intranet Applications It enables the secure delivery of essential information and applications to users partners suppliers and customers via secure SSO Information System Backup As part of information system backup the following periodic activities are recommended e Take backup of the database related files such as data files control files redo logs archived files init ora config ora etc at the end of day v2 ORACLE 9 9 9 10 9 11 9 12 e Take online backup of archived redo log files periodically e Docomplete export of database and the application once in a week and store it off site e Take complete backup of the Oracle directory periodically excluding the database related
18. a bkiet ak 8 2 8 9 Change TimeLevel siii a 8 3 Generic Information data 9 1 9 10 NtroduciON nara stasis tacts ves ania et na viens TAT LA et dica 9 1 O 2 User Management i Aeshna A ae 9 1 9 3 A ess Enforcement i ea ej tfa bieba Mhagtieet vaadd eect deans tatu teed barnes 9 1 9 3 1 Managing Access at Branch Level ennennnn mnn anna 9 1 9 3 2 Managing Access Rights based on User Roles en 9 1 9 3 3 Managing Access Rights based on Function ID 9 1 9 3 4 Managing Access Rights based on Product Account en 9 1 94 Information Flow Enforcement 9 2 9 5 Separation of Duties 9 2 9 6 Least PrivilOGe seccion alii 9 2 9 7 Continuous Monitoring nanna nn nr a rn cnn 9 2 9 8 Information System BackUp scriniis anien rA rra 9 2 9 9 User Identification and Authentication en nn nn nnn anna 9 3 9 10 Privacy ControlS i ii a ti ltda 9 3 9 11 Transmission Integrity and Confidentiality nn 9 3 9 12 Civpto raphv i ea aaa E E A 9 3 1 1 1 2 1 3 1 4 1 Preface Introduction This document describes the various measures and practices to be adopted with a deployment of Oracle FLEXCUBE Universal Banking to aid in securing the day to day operations of the system The document also describes in detail the security and audit features of Oracle FLEXCUBE Universal Banking Audience The documentis a prescriptive guide for application implementers system administrators and related I
19. ance managed servers will establish SSL connections with the Admin server at boot time Hence it is recommended to ensure that host name verification is enabled in Oracle WebLogic Server which happens to be the secure default Oracle Financial Services highly recommends the usage of certificates that will pass verification Oracle Financial Services also recommends against the usage of demonstration certificates in production It should be noted that usage of demonstration certificates in a testing or development environment containing a multi server WebLogic cluster will result in boot failures for managed servers Impose Size and Time Limits on Messages Consider enforcing constraints on size and on the amount of time taken for a message to arrive at the server This will ensure protection against denial of service attacks against WebLogic Server Additional details are provided in the Oracle WebLogic Server documentation in the guide Securing a Production Environment and also in the Administration Console Online Help Oracle Financial Services recommends that changes once done in this regard be tested thoroughly for impact on business continuity it is quite possible that WebLogic Server receive valid messages that are large enough to be considered as an attack when such is not the case a ORACLE 5 4 5 5 4 6 5 4 7 5 4 8 5 4 9 Restrict the Number of Open Sockets Consider limiting the number of
20. ast two system administrator accounts WebLogic user accounts for administration of the WebLogic server The first administrator account will be created when the WebLogic domain is created Create the second account with the Admin security role ORACLE 5 5 5 5 1 5 5 2 Provide unique names to the administrator accounts that cannot be easily guessed Oracle Financial Services discourages naming the WebLogic administrator account as weblogic with a password of weblogic Again having two system administrators ensures that at least one system administrator has access to the WebLogic server in the event of the other being locked out Securing the Oracle FLEXCUBE Universal Banking Application The following guidelines serve to secure the Oracle FLEXCUBE Universal Banking application deployed on Oracle WebLogic Server Enforce the Usage of SSL The FLEXCUBE UBS Installer allows a deployer to configure FLEXCUBE UBS such that all HTTP connections to the FLEXCUBE UBS application are over SSL TLS In other words all HTTP traffic in the clear will be prohibited only HTTPS traffic will be allowed It is highly recommended to enable this option is a production environment especially when WebLogic Server acts as the SSL terminator Ensure that the following snippet of code is present in the web xml file of the FLEXCUBE UBS web module i e in FCJNeoWeb war lt security constraint gt lt web resource collection gt
21. base database which is not required for production usage Securing the WebLogic Server installation Once installed the measures listed below can be employed to secure the WebLogic Server installation Network Perimeter Protection It is highly recommended to employ the use of a firewall as hardware or software to lockdown the network access to the WebLogic cluster For additional information on planning the firewall configuration for a WebLogic Cluster refer to the section Security Options for Cluster Architectures in the Using Clusters guide of the Oracle WebLogic Server documentation Operating System Users and Groups It is highly recommended to run the WebLogic Server as a limited user process The root user account in Unix Linux and the Administrator account in Windows should not be used to run WebLogic Server since they are privileged user accounts Other privileged accounts should also not be used to run the WebLogic server Hence it is preferable to create a limited user account say WebLogic Owner for running the application server Additional user accounts are not recommended in the eventuality that an additional account is required say if the WebLogic owner account is locked out one of the system administrator accounts can be used to remedy the situation Having two system administrator accounts is recommended as it always ensures backup a ORACLE 5 3 3 5 3 4 5 3 5 File System
22. ear text in these older version of the protocol Additional steps required for securing SNMP v3 communication are outlined in the guide Oracle Financial Services recommends that changes once done in this regard be tested thoroughly for impact on business continuity Securing the WebLogic Security Service You need to ensure the following Enable SSL but avoid using Demonstration Certificates Enable the use of SSL so that the servers can be accessed via the SSL listen ports for all supported protocols including HTTPS Oracle WebLogic Server includes demonstration private keys certificates and trusted certificate authorities that are not intended for use in production Usage of these keys in production is a security risk due to the free availability of private keys anyone who has a copy of the WebLogic Server has knowledge of the private keys and can compromise SSL TLS traffic Therefore e Use a local CA to issue certificates or e Use aroot or intermediate CA like VeriSign Thawte etc to issue certificates a ORACLE 5 4 2 5 4 3 5 4 4 Oracle Financial Services does not recommend the use of self signed certificates in production Consider avoiding the use of certificates with a MD5 signature usage of certificates with SHA 1 signatures is recommended Most root and intermediate CAs have begun phasing out the use of MDS for signing certificates Enforce Security Constraints on Digital Certificates Orac
23. ed user account in most cases this is only the root account Consider the use of NAT to map protected ports to unprotected ones Installation of Software in Production Mode It is highly recommended to install production builds of any software on production servers For example Oracle WebLogic Server should be installed in the production mode as opposed to the default of development mode The Oracle Database Server should be installed with options required for production usage for instance do not install the sample schemas Moreover it is highly recommended to refer to the manuals and documentation provided by the software supplier for installing and operating such software securely in a production environment Software Updates and Patches It is recommended to subscribe to security bulletins and advisories published by software vendors to ensure that critical servers are always up to date ee ORACLE 2 11 2 12 2 13 2 14 Oracle Financial Services recommends that patches be tested to ensure that they do not conflict with the normal operation of the system Usage of Security Appliances and Software Consider the usage of security appliances and software to monitor and ensure that the production environment continues to be secure after the process of server preparation Intrusion Detection Systems can be employed to monitor for security sensitive changes in the system and alert personnel Antivirus scanner
24. er nee nenan nn nnan nanna 5 1 5 3 Securing the WebLogic Server installation 5 1 5 3 1 Network Perimeter Protection nn nnnn nn nn nn nnn na 5 1 5 3 2 Operating System Users and Groups nn nnnnnzzn nn cnn nana 5 1 9 3 3 File System Access to OS USers nn nnann nanna 5 2 5 3 4 Usage of Protected PONS L nn 5 2 5 3 5 Choice of the SSL Cipher Suite 5 2 5 3 6 Usage of WebLogic Connection Filters sma 5 3 5 3 7 Usage of Domain wide Administration Port for Administrative Traffic 5 3 5 3 8 Secure the Embedded LDAP Port nn nnzn nn nn 5 4 5 3 9 Disable Remote Access to the JVM Platform MBean Server 5 4 5 3 10 Precautions when USING SNMP 2 nennnnenznnnnn nn nn rna n mnn nn 5 4 5 4 Securing the WebLogic Security Service ss nnennnnnnnnennnnanznnznan 5 4 5 4 1 Enable SSL but avoid using Demonstration Certificates 5 4 5 4 2 Enforce Security Constraints on Digital Certificates 5 5 5 4 3 Ensure that Host Name Verification is Enabled sen 5 5 5 4 4 Impose Size and Time Limits ON Messages ee enennnnnnna 5 5 5 4 5 Restrict the Number of Open Sockets e 5 6 5 4 6 Configure WebLogic Server to Manage Overload e 5 6 5 4 7 User Lockouts and Login Time Limits 0 nn 5 6 5 4 8 Enable Configuration Auditing nanna 5 6 5 4 9 System Administrator ACCOUNtS seen nanna nn 5 6 5 5 Securing the Oracle FLEXCUBE Universal Banking Application
25. erous applications including applications that may create a risk of personal injury If you use this software or hardware in dangerous applications then you shall be responsible to take all appropriate failsafe backup redundancy and other measures to ensure its safe use Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws Except as expressly permitted in your license agreement or allowed by law you may not use copy reproduce translate broadcast modify license transmit distribute exhibit perform publish or display any part in any form or by any means Reverse engineering disassembly or decompilation of this software unless required by law for interoperability is prohibited The information contained herein is subject to change without notice and is not warranted to be error free If you find any errors please report them to us in writing This software or hardware and documentation may provide access to or information on content products and services from third parties Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third party content products and services Oracle Corporation and its affi
26. es windows html Windows Desktop Secure Desktop and https security tennessee edu pdfs sdlbp pdf Laptop Best Practice 14 ORACLE 2 1 2 2 2 3 2 4 2 5 2 Data Center Practices Overview The following guidelines are recommended to secure the host servers Application Server Database Server and others in an installation of Oracle FLEXCUBE Universal Banking Physical System Security It is highly recommended to operate servers in a secured data center to prevent unauthorized users or operating personnel from tampering with the machines Minimize the Server Footprint Each logical software component Application Server Database Server etc in the installation should preferably operate in a dedicated server It is not recommended to operate multiple services like mail FTPS LDAP etc on the same server unless absolutely necessary It is preferable to customize the operating system installation so that only the minimum set of software components is installed Development tools should not be installed on the production servers In cases where a software package should be compiled and built before installation it is advisable to perform the build process on a separate machine following which installation of the binary can be performed on the server Samples and demos should not be deployed on a production server since they are bound to be developed without considering security Any
27. essing The Java classes in the front end calls the back end PLSQL packages for further processing This PLSQL level validations are in place in the database server Exclusive use of bind variables and calls to Oracle s DBMS_ASSERT package sanitize the data All request URLs are sanitized and responses are encoded in order to avoid scripting injections Separation of Duties Oracle FLEXCUBE login is controlled based on the user role assigned to the user profiles Based on the roles assigned a user is allowed access the functionalities in Oracle FLEXCUBE For example if the role assigned to a user profile is SMS that user will be able to access the SMS related GUI only That user cannot create or view a customer customer account or a monetary transaction Least Privilege FLEXCUBE by default assigns no roles to a user This is zero privilege from a functional perspective With no roles assigned a user cannot view the menu list as everything will appear to be blank The system administrator has to explicitly map the roles to a user he creates If it s a copied user then the new user will have the roles assigned to the user from which it has been copied Nevertheless it s recommended to map users to specific roles as per his job grade designation etc Continuous Monitoring History tables in Oracle FLEXCUBE record archive the user login details every time a user logs in and logs out or when the session expires Oracle FLEXC
28. f connection filters Disable Remote Access to the JVM Platform MBean Server The MBean server provided by the JDK from JDK 5 onwards provides details in MBeans containing information about the JVM that is useful for monitoring the JVM process Besides the JVM s platform MBean server Oracle provides three other MBean servers the Domain Runtime MBean server Runtime MBean server and the Edit MBean server It is possible to configure the Runtime MBean server that is available on each managed server as the platform MBean server allowing JMX clients to access not only the JVM MBeans but also the WebLogic Server MBeans If the Runtime MBean server of WebLogic has been configured as the platform MBean server enabling remote access creates an access path that is no longer secured by the WebLogic Server Security Framework but instead by the security features of the Java platform alone In such a case where remote access to the platform MBean server and the runtime MBean server is required it is recommended that JMX clients access the MBeans via the Runtime MBean server Oracle Financial Services recommends that changes once done in this regard be tested thoroughly for impact on business continuity Precautions when using SNMP It is recommended to refer the WebLogic SNMP Management Guide to configure SNMP agents in Oracle WebLogic Server Due care must be observed over the usage of SNMP v1 and v2 since passwords are sent over cl
29. file function can be run by another user to reset the status of the user who got locked in This program should be used carefully and conditionally Change User Password Users can use this function to change their passwords A user password should contain a minimum of six characters and a maximum of twelve characters both parameterizable It should be different from the current and two previous passwords The program will prompt the user to confirm the new password when the user will have to sign on again with the new password List of Logged in Users The user can run this program to see which users are in use within Oracle FLEXCUBE at the time the program is being run The information includes the following e The ID of the terminal e The ID of the user e The login time 62 ORACLE 8 9 Change Time Level Time levels have to be set for both the system and the users Ten time levels are available 0 to 9 Restricted Access can be used to set the Users time level The Change Time Level function can be used to do the same for the branch A user will be allowed to sign on to the system only if his her time level is equal to or higher than the system time level This concept is useful because timings for system access for a user can be manipulated by increasing the system time level For e g the End of Day operators could be allotted a time level of 1 and the users could be allotted a time level of 0 If the application time level
30. isable Logging It is recommended that the debug logging facility of the application be turned off once the system is in production This is achieved by updating the property file of the application via the Oracle FLEXCUBE UBS Installer The above described practice does not disable logging performed by the application in the database tier This can be disabled by running the lockdown scripts provided The lockdown scripts will disable logging across all modules and across all users in the system 8 3 Audit Trail Report A detailed Audit Trail is maintained by the system on all the activities performed by the user from the moment of login This audit trail lists all the functions invoked by the user along with the date and time The program reports the activities beginning with the last one It can be displayed or printed The records can be optionally purged once a printout is taken This program should be allotted only to the Security Officer 8 4 Security Violation Report This program can be used to display or print the Violation Report The report gives details of exceptional activities performed by a user during the day The difference between the Violation Report and the Audit Trail is that the former gives details of all the activities performed by the users during the day and the latter gives details of exceptional activities for e g forced password change unsuccessful logins User already logged in etc The details give
31. le WebLogic Server performs certificate validation whenever it establishes an outbound SSL connection or when a two way SSL connection is established As part of certificate validation WebLogic Server checks if the certificate contains the Basic Constraints extension Ensuring the presence of the Basic Constraints extension will prevent attackers from generating new certificates to aid in website spoofing Ensure the check for Basic Constraints extension is enabled by verifying whether the following line is absent in the WebLogic Server startup command Dweblogic security SSL enforceConstraints off Also verify if any messages have been logged at WebLogic server boot providing information about the presence of certificates that could be rejected by clients Ensure that Host Name Verification is Enabled Oracle WebLogic Server implements host name verification when it acts as a SSL client this prevents main in the middle attacks from being performed against SSL itself It should be noted that the Oracle FLEXCUBE Universal Banking application deployed on WebLogic Server will establish outbound SSL connections in certain scenarios for instance when requests are made to the Oracle Bl Publisher server In such an event Oracle WebLogic Server will behave as a SSL client Oracle WebLogic Server will behave as a SSL client in several scenarios besides the outbound SSL requests made by applications deployed on Oracle WebLogic Server For inst
32. liates will not be responsible for any loss costs or damages incurred due to your access to or use of third party content products or services Contents di AA A 1 1 1 10 INtoOdUCON tilda iii diMba 1 1 1 27 AUGIOM CO sess sissies she a e Sa ane be ae eet Beas dues od atest 1 1 1 3 Documentation Accessibilitv nn nnn nn nnn rna 1 1 1 4 Organization of the Document nanna cnn nr cnn nanna tn 1 1 1 5 Related Information Sources 2 ann 1 2 1 5 1 Data Center Practices 2205 2 mine Sia ii A 1 2 1 5 2 Oracle Database Securitv nn nnnnan nanna nanna 1 2 1 5 3 Database Operating Environment Security ooooninicinnnnniccccnnnncecccnnnnaaccnnnn 1 3 1 5 4 Application Server Security oooooooccocccccciccccnconcnononccnncnnncnnnnnnnnnnnnnnnncnnnnnnnnnn 1 3 1 5 5 Desktop Securitv ccoccciiniiinncinicicicaci AEE E EE EA EAE ERE ASE E 1 4 Data Center Practice maintain asd cosuaseccxgdassexsenseenssieeetcascesasassenects 2 1 ZA gt JOVEVIEW NS 2 1 2 2 Physical System Security 2 ccccc ces cdececeeesedeneceedensenetesdendeneeseceeseneeeesenenenecedenenees 2 1 2 3 Minimize the Server Footprint nr 2 1 24 Operating System Users and GrOUpS nn nnnnn ann ann nanna anna nanna 2 1 2 5 Restrict File System ACCess emi r eE e EEEIEE netti na TEA AE AEE tema n antenna 2 1 2 6 Network Perimeter Protection ta 2 2 2 7 Network Service Protection nn 2 2 28 Usage of Protected Ports 020
33. lined above Auditing application schema objects should be strictly avoided Secure Database Backups RMAN secure backup should be used to ensure that the backups stolen from your system cannot be restored in another remote system Additionally data masking a feature offered by Oracle Enterprise Manager can be used to move data from your production environment to a test environment Both these are very crucial steps towards securing confidential customer data The database backups should be stored for the required period as per the regulations and bank s history retention policies These backups should be securely stored and access should be controlled to authorized users only Separation of Roles It is vital to ensure that roles and responsibilities of database administrators and application users administrators are clearly segregated Database administrators should not be allowed to view or access customer data Oracle Database vault helps to achieve this separation of duty by creating different realms factors and rule sets It can enforce policies that prevent a DBA from accessing an application realm The product has a set of configuration policies that can be directly implemented with database vault Implementation specific requirements can be imposed over and above these Securing Audit Information Oracle Audit vault is an audit solution that consolidates detects monitors alerts and reports n audit data for securit
34. n include e Time e The name of the operator e The name of the function e The ID of the terminal e A message giving the reason for the login The system gives the Security reports a numerical sequence The Security Report includes the following messages a ORACLE 8 4 1 8 5 8 6 8 7 8 8 Sign on Messages Message Explanation User Already Logged The user has already logged into the system and is attempting a In login through a different terminal User ID Password is An incorrect user ID or password was entered wrong User Status is Locked The user profile has been disabled due to an excessive number Please contact your of attempts to login using an incorrect user ID or password The System Administrator number of attempts could have matched either the successive or cumulative number of login failures configured for the sys tem Display Print User Profile This function provides an on line display print of user profiles and their access rights The information includes e The type customer staff e The status of the profile enabled or disabled or on hold e The time of the last login e The date of the last password status change e The number of invalid login attempts e The language code home branch of the user Clear User Profile A user ID can get locked into the system due to various reasons like an improper logout or a system failure The Clear User Pro
35. n security over the Internet These transport protocols use asymmetric cryptography for authentication of key exchange symmetric encryption for confidentiality and message authentication codes for message integrity Oracle FLEXCUBE users are recommended to use SSL Http Only flag is included in a Set Cookie HTTP response header With that from a browser a particular cookie should only be accessed by the server Any attempt to access the cookie from a client script is strictly forbidden Cryptography Oracle FLEXCUBE uses cryptography to protect the sensitive data It uses only Oracle standard algorithms SHA 2 family and above TripleDES and AES a ORACLE
36. nanna nn nanna A rada 2 2 29 Installation of Software in Production Mode nn 2 2 2 10 Software Updates and Patches na 2 2 2 11 Usage of Security Appliances and Software 0 sse ennnnnnnnnenanzzznnnenanzzzznnzi 2 3 2 12 Configure Security Auditing 2 nn nn nn nano nana EN 2 3 2 13 Separation of Concerns cece eeceeceaecaeeceeeeeeeeseeeecenaeeaeeeeeeeeeteeeteeed 2 3 2 14 Backup Controls codicia cet dives atin a 2 3 Oracle Database Security cccccccceeeeeseeeeeeeseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeees 3 1 O sees tices a treat ia cette ata aie e cee oe td eens a a 3 1 ga Hardening cited A A d Mb bli dd gidba EE ili did getvsauneecena ds 3 1 9 3 Authentication iii italia fe 3 1 3 4 Authorization AAA ee le ee id 3 1 335 e AU AA AA AAA E seed ees 3 2 3 6 Secure Database Backups nn rr nn 3 4 3 1 Separation of ROES si an a Ea 3 4 3 8 Securing Audit Information 0 ss EAE RE TOARE nanna nanna nanna 3 4 3 9 Advanced Sgouros naaa e a E E kata abiba liderada 3 4 Database Operating Environment Security ss ssmmmmmmmnnnzzzznnzzznnna 4 1 AA COVA ici a eb B td 4 1 AD AN 4 1 4 3 AUthenticalON actas ciate skid eb tenga haps na at Dei aj seb a aa tack cta 4 2 44 A A 4 2 AD Maintenance cito tt a 4 3 Application Server Security ooooonnnccccccccccccnnnnononananannnnnncnnnnnnnnnnnnnnnnnaananans 5 1 5 1 OVNI Wi a oe fae a edo i 5 1 5 2 Installation of Oracle WebLogic Serv
37. ning e The directory SORACLE HOME bin contains Oracle executables Check that the operating system owner of these executables matches the operating system user under which the files have been installed A typical mistake is to install the executables in user oracle s directory but owned by root e Prevent remote login to the Oracle and root accounts Instead require that legitimate users connect to their own accounts and su to the Oracle account Better yet use sudo to restrict access to executables Refer to the product installation documentation for the complete instructions on setting file permissions On UNIX Systems e Set the permissions on 0RACLE_HOME bin to 0751 or less Set all other directories in SORACLE HOME to 0750 or less Note this limits access to the Oracle user and its groups probably DBA e Set file permissions for listener ora and sqinet ora to 0600 e Set file permissions for tnsnames ora to 0644 e Ensure that the owner group and modes of the Oracle files created upon installation are set to allow minimum privilege The following commands make this change chgrp R lt dba gt SORACLE_HOME chown R lt oracle gt SORACLE_HOME Note the group and owner are for illustration only the correct group and owner should be sub stituted e Review owners and groups when cloning a database e Protect the SORACLE_HOME rdbms admin directory including catalog sql catproc sql and backup scripts e
38. ogin through sqlplus as SYSTEM and issue the following command SQL gt audit user To complete the recommended auditing enable three other audit events create database link alter system and system audit The remaining audit options generate significant entries of little value Auditing these other actions provides little meaningful information To audit the other events login through sqlplus as SYSTEM and issue the following commands SQL gt AUDIT DATABASE LINK Audit create or drop database links SQL gt AUDIT PUBLIC DATABASE LINK Audit create or drop public database links SQL gt AUDIT SYSTEM AUDIT Audit statements themselves SQL gt AUDIT ALTER ANY ROLE by ACCESS Audit alter any role statements 34 ORACLE SQL gt AUDIT ALTER DATABASE by ACCESS Audit alter database statements SQL gt AUDIT ALTER SYSTEM by ACCESS Audit alter system statements SQL gt AUDIT CREATE ROLE by ACCESS Audit create role statements SQL gt AUDIT DROP ANY ROLE by ACCESS Audit drop any role statements SQL gt AUDIT PROFILE by ACCESS Audit changes to profiles SQL gt AUDIT PUBLIC SYNONYM by ACCESS Audit public synonyms statements SQL gt AUDIT SYSDBA by ACCESS Audit SYSDBA privileges SQL gt AUDIT SYSOPER by ACCESS Audit SYSOPER privileges SQL gt AUDIT SYSTEM GRANT by ACCESS Audit System grant privileges Connections to the database as well as SYSDBA and SYSOPER actions instance startup shutdown are
39. ple use passwords associated with them license plate numbers children s names or a hobby A password tester may check for these In addition change passwords from time to time e Automatically disable accounts after several failed login attempts e _ netrc files weaken security e The fewer people with root access the easier it is to track changes e The root password must be a strong non guessable password In addition change the root password every three 3 months and whenever an administrator leaves company Always logout of root shells never leave root shells unattended e Limit root to console login only specified in etc security e Root and only root should have UID 0 e Check root files for security holes The root files SHOULD have 700 or 600 permissions e umask for root is 022 rwxr xr x A umask of 077 rwx is best but often not practical e To avoid trojan horse programs always use full pathnames including aliases Root should NEVER have in path e NEVER allow non root write access to any directories in root s path e f possible do not create root s temporary files in publicly writable directories Do not share user accounts Remove or disable user accounts upon termination Disable login for well known accounts that do not need direct login access bin daemon sys uucp lp adm Require strong passwords and in some cases a restricted shell It is hard to imagine what kind of
40. plication of Security Patches Oracle Financial Services highly recommends the following e Browsers should be upgraded whenever newer versions are released for they often include new security features Additionally in built security features of browsers should not be turned off e Security patches issued by the Operating System vendor should be applied regularly e Updates to anti virus software and anti spyware programs should be applied regularly e Security Updates to other environmental software like Microsoft Core XML Services MSXML should be applied regularly Additionally it is recommended that major upgrades such as browser upgrades and Operating System service packs be tested for impact on business continuity Hardening the Browser Oracle FLEXCUBE Universal Banking is certified for usage in various browsers For details on the browsers and browser versions for which Oracle FLEXCUBE Universal Banking is certified refer to the Release Note of the respective Oracle FLEXCUBE version Each of these browsers provide recommendations from a security perspective and customers are encouraged to employ the recommendations provided by them In all browsers it is recommended to enable the popup blocker with a specific rule to disable popup blocking for the FLEXCUBE UBS web application Hardening Internet Explorer For Internet Explorer specifically Microsoft has provided guidance for enhancing Internet Explorer security
41. rk Perimeter Protection Firewall rules should be established to ensure that only a required set of services is accessible to machines outside the data center Network access can be further restricted to ensure that only certain subnets with trusted machines and not all machines can access machines in the data center Oracle Financial Services does not recommend exposing the application server hosting Oracle FLEXCUBE Universal Banking to the Internet Network Service Protection Network services installed on the server should be enabled only to serve the primary business function s that the server must provide Disable all services that are not needed to serve a justified business need Review the network services like mail and directory services running on the servers to ensure that they are adequately protected from abuse by an attacker Also review and limit the network file shares on the servers to reduce the risk of an attack on the file system It is recommended to share files and directories on servers only to trusted machines in the network Usage of Protected Ports It is not recommended to execute long processes like application servers and database servers under the root account since a compromise of such processes will result in an attacker gaining elevated privileges Therefore limit the use of protected ports port numbers less than 1024 on UNIX like operating systems since they require the use of a privileg
42. rs may require direct access to the application database via their own schema This setting prevents the database from using an insecure logon protocol Make sure init ora contains REMOTE_OS_AUTHENT FALSE Following an installation the application database instance contains default open schemas with default passwords These accounts and corresponding passwords are well known and they should be changed especially for a database to be used in a production environment Use the SQL Plus PASSWORD command to change a password SQL gt PASSWORD lt SCHEMA gt Metalink Patch note 4926128 contains a SQL script that will list all open accounts with default password in your database In addition the password to the default accounts like SYS SYSTEM etc should be complex and securely stored by the bank Authorization The init ora parameter TRACE FILES PUBLIC grants file system read access to anyone who has activated SQL tracing Set this to its default value of False _TRACE_FILES_PUBLIC FALSE Set the init ora parameter REMOTE_OS_ROLES to False to prevent insecure remote roles REMOTE_OS_ROLES FALSE Set O7_DICTIONARY_ACCESSIBILITY to False to prevent users with Select ANY privilege from reading data dictionary tables False is the default for the 10g database O7_DICTIONARY_ACCESSIBILITY FALSE ORACLE 3 5 Audit This section describes the auditing capabilities available in Oracle database These recommendations
43. s a section on configuring user lockouts and login time limits to prevent attacks on user accounts In general Oracle FLEXCUBE Universal Banking does not utilize the WebLogic Security Service for managing FLEXCUBE Universal Banking user accounts Therefore changes recommended by the WebLogic Server guide should be applied only after assessing the impact on production The changes applied would be suitable for accounts managed by Oracle WebLogic Server Note that the WebLogic Server Online Console guide will reference Compatibility Security which is deprecated in Oracle WebLogic Server 10 3 Generally Oracle FLEXCUBE Universal Banking employs its own protection mechanisms with respect to user lockouts Enable Configuration Auditing Configuration auditing can be enabled to ensure that changes to any WebLogic resource configuration in the WebLogic domain are audited Enabling this option also allows for auditing of management operations performed by a user on any WebLogic resource For additional details refer to the Administration Console Online Help and the Configuring WebLogic Security Providers section in the Securing WebLogic Server guide of the Oracle WebLogic Server documentation Note that enabling configuration auditing will affect the performance of the system even though auditing may be enabled for auditing a few events including configuration changes System Administrator Accounts Create at le
44. s can be used to prevent the server s from being compromised Note that although UNIX like operating systems may have better defenses against viruses and other malware consider running antivirus scanners on servers regardless of the OS Configure Security Auditing Most server operating systems Linux OS with kernel version 2 6 onwards IBM AIX Microsoft Windows Server 2003 etc allow for auditing file and directory access Oracle Financial Services recommends enabling this feature in order to track file system access violations It is not recommended to enable audit for normal file access operations audits should preferably contain records of violations to reduce the amount of noise in the logs Administrators should ensure sufficient disk space for the audit log Additionally administrators should factor the increase on server load due to auditing being enabled Separation of Concerns It is not recommended to perform development of any kind on a production machine The standard practice is to establish a separate development environment for developers isolated from the testing staging and production environments Additional environments can be created for other purposes for instance a post production support environment Backup Controls Back ups should be taken regularly This will minimize downtime if there is an emergency Access to the application areas should not be at the operating system level On line archival of
45. should not have a measurable performance impact In init ora set AUDIT TRAIL to DB OS or TRUE Consult with the Applications Database Administrator before setting this value to TRUE When set to OS the database stores its audit records on the file system AUDIT_TRAIL OS Set parameter AUDIT_FILE_DEST to the directory where the audit records should be stored When not set AUDIT FILE DEST defaults to ORACLE_HOME rdbms audit In this example the database places audit records in directory E logs db audit AUDIT_FILE_DEST ENogs db audit Restart the database for these parameters to take effect Note The database generates some audit records by default whether or not AUDIT_TRAIL is enabled For example Oracle automatically creates an operating system file as an audit record when a user logs in as SYSDBA or as INTERNAL Monitoring and auditing database sessions provides valuable information on database activity and is the only way to identify certain types of attacks for example password guessing attacks on an application schema By auditing database sessions suspicious connections to highly privileged schemas may be identified To audit sessions login through sqlplus as SYSTEM and issue the following command SQL gt audit session Audit any changes to the standard FCUBS database schema or creation of new schemas As rare events these changes may indicate inappropriate or malicious activity To audit schema changes l
46. sockets opened by WebLogic Server to prevent some forms on denial of service attacks Further details are available in the Oracle WebLogic Server documentation in the guide Securing a Production Environment and also in the Administration Console Online Help Oracle Financial Services recommends that changes once done in this regard be tested thoroughly for impact on business continuity the number of sockets opened is dependent entirely on system load which is bound to vary across time and also across installations Configure WebLogic Server to Manage Overload Oracle WebLogic Server can be configured to detect avoid and recover from overload conditions Configuring WebLogic Server to manage overload conditions allows for WebLogic Server administrators to connect to it and take remedial actions Further details on this topic are available in the Oracle WebLogic Server documentation in the guide Securing a Production Environment and also in the Administration Console Online Help Oracle Financial Services recommends that changes once done in this regard be tested thoroughly for impact on business continuity the definition of an overload condition depends on the system capabilities therefore overload conditions are bound to be defined differently for machines of differing capabilities User Lockouts and Login Time Limits The Oracle WebLogic Server guide on Securing a Production Environment ha
47. suite gt TLS RSA WITH AES 256 CBC_SHA lt ciphersuite gt kciphersuitexTLS RSA WITH AES 128 CBC_SHA lt ciphersuite gt lt ssl gt Using Cipher Suites e Configuration of WebLogic Server to support the above defined cipher suites might also require an additional command line argument to be passed to WebLogic Server so that a FIPS 140 2 compliant crypto module is utilized This is done by adding Dweblogic security SSL nojce true as a JVM argument e The restriction on cipher suites needs to be performed for every managed server e The order of cipher suites is important Oracle WebLogic Server chooses the first available cipher suite in the list that is also supported by the client e Cipher suites with RC4 are enabled despite it being second best to AES This is primarily for older clients that do not support AES for instance Microsoft Internet Explorer 6 7 and 8 on Windows XP e Cipher suites using Triple DES 3DES are not listed since the maximum effective security provided by the algorithm is 112 bits Usage of WebLogic Connection Filters Although firewalls restrict the ability of machines to communicate with the WebLogic Server machines in the data center can still access network services provided by the WebLogic Server Configure the Oracle WebLogic Server installation to use connection filters to ensure that only certain machines in the data center can access the WebLogic Server services like HTTP LDAP RMI II
48. tegration Gateway of Oracle FLEXCUBE Universal Banking Securing the link to Switch Integration Gateway The ATM Switch communicates with the Switch Integration Gateway of FLEXCUBE Universal Banking using the ISO 8583 protocol over a TCP IP channel The following measures are recommended to secure this link Usage of a Dedicated Channel It is recommended to have a dedicated private link between the ATM switch and the Switch Integration Gateway of FLEXCUBE Universal Banking Usage of a Dedicated Server It is recommended to have the Switch Integration Gateway deployed on a separate machine Additionally access to this machine is to be controlled in accordance with the data center practices Securing the Link to the Integration Gateway The Switch Integration Gateway communicates with the Integration Gateway of FLEXCUBE Universal Banking Transport level security can be employed to secure this link as described Usage of a Secure Channel The Switch Integration Gateway can be configured to communicate with the Integration Gateway over the T3S protocol instead of the T3 protocol It is recommended to employ T3S due to the usage of TLS SSL to encrypt the communication passing through the channel Additional information on the same can be obtained from the configuration document titled Switch Interface Installation with SSL Configuration Document a ORACLE 7 1 7 2 7 2 1 7 Desktop Security Ap
49. tem with tools like NESSUS network security and CRACK password checker Install Tripwire to detect changes to files Monitor log files including btmp wtmp syslog sulog etc Consider setting up automatic email or paging to warn system administrators of any suspicious behaviour Also check the snort logs The environment in which Oracle Applications run contributes to or detracts from overall system security This section contains security recommendations for tightening Oracle file system security along with more general advice for overall system hardening ta ORACLE 5 1 5 2 5 3 5 3 1 5 3 2 5 Application Server Security Overview This section describes how to secure the Oracle WebLogic Server production environment that hosts the Oracle FLEXCUBE Universal Banking environment Installation of Oracle WebLogic Server By default Oracle WebLogic Server is installed with a JDK and several development utilities These are not required in a production environment The installation footprint of Oracle WebLogic Server can be reduced via the following measures e During installation of Oracle WebLogic Server customize the components to be installed The following components are not required by Oracle FLEXCUBE Universal Banking in a production environment e Oracle WebLogic Workshop e Web 2 0 HTTP Pub Sub Server e Third Party JDBC Drivers for MySQL and Sybase e WebLogic Server examples e Delete the Point
50. the Switch Integration Gateway of Oracle FLEXCUBE Universal Banking Desktop Security provides information about practices to be employed for Chapter z client workstations Oracle FLEXCUBE Universal Banking Controls provides information Chapter 8 a about controls within the product Chapter 9 Generic Information provides information of the security practices in Ora cle FLEXCUBE Universal Banking 1 1 ORACLE 1 5 1 5 1 1 5 2 Related Information Sources The related information sources are provided under the following sections Data Center Practices For additional information on data centre security practices refer to the following links Reference Link Oracle Application Server Security Guide Recommended Deployment Topologies http docs oracle com cd B14099 19 core 1012 b13999 rec top htm Effective Data Center Physical Security Best Practices for SAS 70 Compliance http www sas70 us com industries data center coloca tions php The Four Layers of Data Center Physical Security for a Comprehensive and Integrated Approach http www anixter com content dam Anixter White 20Papers 12F0010X00 Four Layers Data Center Security WP EN US pdf Oracle Database Security For additional information on Oracle database security refer to the following links Reference Link Oracle Database Security http www oracle com
51. us products database security over view index html Oracle Secure Backup http www oracle com technetwork products secure backup overview index html Oracle Database Security Checklist http www oracle com technetwork database security twp security checklist database 1 132870 pdf Best Practices for Oracle Databases http www red database security com wp sentrigo_webinar pdf Oracle Database Security Checklist http www databasesecurity com oracle twp_security_checklist_db_database pdf Oracle Database Best Practices http www checklist20 com pdfs Databases Ora cle 20Database pdf Database Security Best Practices http www applicure com blog database security best practice i ORACLE Database Operating Environment Security For additional information on security recommendations practices followed for database environment refer to the following links Reference Link Oracle Database Security Guide Keeping Your Oracle Database Secure http docs oracle com cd B28359 01 network 111 b28531 guidelines htm Importance Levels Requirement of Security in Database Environment http ecomputernotes com database system adv database security in database environment Database Hardening Guidelines https security berkeley edu node 138 destination node 138 Application Server Securit
52. y For additional details on some of the common security considerations to be followed refer to the following links Reference Link Oracle Application Server Best Practices Guide http docs oracle com cd B14099_19 core 1012 b28654 pdf Oracle Identity Manager Best Practices Guide http docs oracle com cd E14899 01 doc 9102 e14761 tun ingforappserver htm WebLogic Server Security Best Practices http docs oracle com cd E13222_01 wls docs81b lockdown practices html Oracle Fusion Middleware Information Roadmap for Oracle WebLogic Server Security http docs oracle com cd E23943_01 web 1111 e14529 secu ritv htm Oracle Optimized Solution for Oracle WebLogic Server http www oracle com us solutions oos weblogic server over view index html Oracle Application Server Security Architecture http isu ifmo ru docs IAS904 core 904 b10377 arch htm 1005544 WebSphere Application Server Best Practices for an Application Development Infrastructure http www ibm com developerworks websphere library techar ticles 0209 oberlin oberlin html ta ORACLE 1 5 5 Desktop Security For additional information on common security considerations to be followed refer to the following links Reference Link Desktop Security http cnc ucr edu security desktop html Best Practices http makeitsafe missouri edu best practic
53. y auditing an compliance Oracle Audit vault provides mechanisms to collect audit data from various oracle database It helps to consolidate audit data from multiple systems into a single centralized repository Thus DBA s of individual systems will not be able to tamper with audit information of their respective databases Advanced Security Oracle Advanced Security provides industry standards based data privacy integrity authentication single sign on and access authorization in a variety of ways Sensitive information that is stored in your database or that travels over enterprise networks and the Internet can be protected by encryption algorithms An encryption algorithm transforms information into a form that cannot be deciphered without a decryption key Oracle Advanced Security supports multiple industry standard encryption algorithms such as RC4 DES3 and Triple DES To ensure the integrity of data packets during transmission Oracle Advanced Security can generate a cryptographically secure message digest using SHA hashing algorithms and include it with each message sent across a network ORACLE 4 1 4 2 4 Database Operating Environment Security Overview The environment in which Oracle Applications run contributes to or detracts from overall system security This section contains security recommendations for tightening Oracle file system security along with more general advice for overall system hardening Harde
54. ypted and unencrypted content in the Temporary Internet Files folder Enabling this setting is bound to cause performance issues especially when FLEXCUBE UBS is accessed over HTTPS since the browser will no longer cache resources As stated before details of transactions performed by users will not be cached in the Temporary Internet Files folder irrespective of this setting Terminal Lockout Policy Oracle Financial Services recommends that a terminal lockout policy be put in place to automatically lockout unattended PC sessions after a certain duration This is primarily because Oracle FLEXCUBE UBS will not lock out the browser session although it does expire the browser session after certain period of inactivity Users may however be able to access unattended sessions while the FLEXCUBE UBS user is still logged in Hence organizations are expected to set a corporate policy for handling unattended PC sessions it is recommended to enable the feature to lock workstations or to enable password protected screen savers ine ORACLE 8 Oracle FLEXCUBE Universal Banking Controls 8 1 Overview This chapter describes the various programs available within Oracle FLEXCUBE to help in the maintenance of security Access to the system is possible only if the user logs in with a valid ID and the correct password The activities of the users can be reviewed by the Security Officer in the Event Log and the Violation Log reports 8 2 D
Download Pdf Manuals
Related Search