Solution Beacon Security Portal
The Solution Beacon Security Portal provides a
wide range of information relating to Oracle E-Business
Suite security. From Best Practices to quick
references, this portal can provide you with the information
you need to better secure your systems to protect them from
the Bad Guys.
This useful information
has been grouped into the following categories for ease of
access. Click on a category to jump to that section.
Security News!
| Apr 17, 2007 |
Oracle Critical Patch Update -
April 2007 Advisory -
ATTENTION!!! |
| Apr 17, 2007 |
Oracle Critical Patch Update -
April 2007 Announcement |
| Apr 6, 2007
|
Shipping Case Containing
Backup Tapes With Sensitive Data Is Lost |
| Apr 6, 2007
|
Stolen Laptops Contain Data On
40,000 Chicago Public Schools Employees |
| Apr 5, 2007
|
Former Morgan Stanley Employee
Charged With Stealing Company Data |
| Apr 5, 2007
|
Contractor With Top Secret
Clearance Sentenced For Sabotaging Navy Subs |
| Apr 4, 2007
|
SEC Commissioners Recommend An
Improved SOX |
| Mar
29, 2007 |
TJX Data Theft Called Largest
Ever: 45.7M Credit Card Numbers
Stolen! |
| Mar
28, 2007 |
TJX SEC Form 10-K Filing
Details Extent of Data Theft! |
| Mar
21, 2007 |
Man Pleads Guilty to Breaking
Into eBay Accounts |
| Mar
19, 2007 |
Rise in Data Theft, Data
Leakage, Targeted Attacks Leading to Hackers’
Financial Gain |
|
Mar 19, 2007 |
Symantec Security Report -
Stealing an identity costs just $14 |
|
Jan 30, 2007 |
ZDNet Blog: Oracle DB rootkit
for sale in exploit pack |
|
Jan 23, 2007 |
Harder-to-Detect Oracle
Rootkit on the Way |
|
Jan 17, 2007 |
Oracle Releases JAN CPU 2007 |
|
|
^ Top
Solution Beacon Security Best Practices
The following Solution Beacon Security Best
Practices relating to the Oracle E-Business
Suite Security are listed here to provided you with a useful
quick reference. Click on any of the links below to
learn more about the Best Practice.
Best Practice
#1: Follow
Oracle's Best Practices
Best Practice
#2: Do Not Allow Shared Accounts
Best Practice
#3: Do Not Use Generic Passwords
Best Practice
#4: Use New Features Provided By The UMX Module
Best Practice
#5: Treat All Non-Production Instances With The
Security As Production
Best Practice
#6: Set Application User Signon Profile Values
Best Practice
#7: Set E-Business Suite Timeout Parameters and
Profiles
Best Practice
#8: Properly Set Other Security-Related Profiles
Best Practice
#9: Restrict Network Access - Set Password on
Database Listener
Best Practice
#10: Follow the Principle of Least Privilege
Best Practice
#11: Regularly Change System Passwords
Best Practice
#12: Minimize Passwords Contained In OS Files
Best Practice
#13: Secure Default Database Accounts
Best Practice
#14: Be Proactive!
Best Practice #15: Apply all prior,
and plan in advance to apply any new Oracle Security Patches
Best Practice
#16: Limit Access To Forms Allowing SQL Entry
Best Practice
#17: Validate Your Security By Performing Security Assessments
Best Practice
#18: Periodically Expire Applications Users’ Passwords
Best Practice
#19: Restrict Network Access - Limit Direct Access To The
Database
Best Practice
#20: Don't stop now!
^ Top
Solution Beacon Security Whitepapers and Publications
Presentation:
Better R11i Security In 3 Days - Keeping the Bad Guys
Away (Randy Giefer)
OAUG
Insight Magazine:
30 Minute Release 11i
Security - Keeping the Bad Guys Away (Randy
Giefer)
Whitepaper:
Application Security - What Are My Options? (Susan Behn)
^ Top
Oracle MetaLink
Security-Related
Documents
The following Oracle MetaLink document relating to the Oracle E-Business
Suite Security are listed here to provided you with a useful
quick reference. Click on any of the links below to
read the document from MetaLink.
General
E-Business Suite Recommended Set Up
for Client/Server Products (277535.1)
Release 11i
Specific
Best Practices For Securing Oracle
E-Business Suite Release 11i
(189367.1)
DMZ Configuration with Oracle
E-Business Suite 11i (287176.1)
Release 12 Specific
Best Practices For Securing Oracle
E-Business Suite Release 12 (403537.1)
Oracle E-Business Suite R12
Configuration in a DMZ (380490.1)
UMX-Related
Documents
ICM Segregation Of Duties integration
with UMX (402996.1)
User Management Security Wizard
Feature (401463.1)
Configuring the User Name Policy in
UMX (400514.1)
How To Turn Off The Password Approval
Feature and Send An Email Automatically (377407.1)
^ Top
Oracle MetaLink
Critical Patch Updates
Critical Patch Update - January 2007
(403335.1)
Critical Patch Update - October 2006
(391558.1)
Critical Patch Update - July 2006
(372927.1)
Critical Patch Update - April 2006
(360044.1)
Critical Patch Update - January 2006
(343382.1)
Critical Patch Update - October 2005
(333953.1)
Critical Patch Update - July 2005
(311034.1)
Critical Patch Update - April 2005
(301040.1)
Critical Patch Update - January 2005
(293953.1)
^ Top
Security
Scripts and Utilities
Search and Destroy Data Scramble
Utility
^ Top
|
|
Upcoming Critical Patch Update (CPU) Release
Dates: |
|
17 July 2007
16 October 2007
15 January 2008
15 April 2008 |
|
Did You Know? |
|
U.S.-based credit cards (with a verification number)
are available via the underground for between $1
- $6! |
|
Did You Know? |
|
Complete identities, including a U.S. bank account,
credit card, date of birth and government issued
identification number, are available via the
underground for between $14 - $18. |
|
