Tarra Richardson

1
ORACLE SECURITY
Tarra Richardson Management Information Systems
(CIS 3380) Fall 2006
2
OVERVIEW

• WHO IS ORACLE?
• Description
• Facts
• Vision

• WHO RELIES ON THEM?
• Partners
• Customers

• ORACLE AND SECURITY
• Database Security
• AppServer Security
• Applications Security

3
ORACLE
Description Oracle's business is informationhow
to manage it, use it, share it, protect it. The
world's largest enterprise software company,
Oracle is the only vendor to offer solutions for
every tier of your business-database, middleware,
business intelligence, business applications, and
collaboration. With Oracle, you get information
that helps you measure results, improve business
processes, and communicate a single truth to your
constituents.
Credits Oracle.com
4
ORACLE FACTS

• Oracle technology can be found in nearly every
  industry around the world and in the offices of
  98 of the Fortune 100 companies.

• Oracle is the first software company to develop
  and deploy 100 percent internet-enabled
  enterprise software across its entire product
  line database, business applications, and
  application development and decision support
  tools.

• Oracle is the world's leading supplier of
  software for information management, and the
  world's second largest independent software
  company.

Credits Oracle.com
5
ORACLE'S VISION

• Simplify
• Speed information delivery with integrated
  systems and a single database.
• Enterprises must increase the speed of
  information delivery
• with integrated systems.

• Standardize
• Reduce cost and maintenance cycles with open,
  easily available components.
• Enterprises must reduce cost and maintenance with
• open, easily available technology.

• Automate
• Improve operational efficiency with technology
  and best practices.
• Enterprises must improve operational efficiency
  with
• technology and best practices.

Credits Oracle's 2006 Commitment Report
6
CUSTOMERS
"Panasonic is proud of being one of the world's
premier electronics manufacturers. We also take
pride in maintaining a robust technical
infrastructure for our operations to make sure
our suppliers can rely on our supply chain.
Oracle helps make this happen for us." Marco
Chung, IT Manager, Panasonic Logistics, Hong Kong
"Implementing Oracle Database 10g allowed Warner
Music Group to load, validate, and consolidate
mass amounts of digitally formatted information
in an expeditious and secure manner." Don
Janik, Senior Technical Manager, Warner Music
"When evaluating solutions, we looked for
something that would require fewer IT resources
and less manpower to handle. Siebel Business
Analytics was the right solution, at the right
price, with the right sophistication, yet easy to
use." James Archuleta, CRM Director, Alaska
Airlines
Credits Oracle.com
7
PARTNERS
Alliance Technologies
3i Infotech Limited
Acquis Incorporated
A2F Services
Credits Oracle.com
8
ORACLE SECURITY
For more than 27 years, Oracle has built a
reputation for delivering many of the industry's
most secure solutions. Enterprises are now
relying on Oracle security products to meet their
information protection and security needsfor
both Oracle and non-Oracle systems. Oracle
ensures security inside the data center and
beyond, spanning the database, middleware, and
business applications.
SECURITY SOLUTIONS

• Database Security

• AppServer Security

• Applications Security

Credits Oracle.com
9
DATABASE SECURITY
For over 25 years Oracle had delivered
state-of-the-art security solutions to government
and commercial customers worldwide.
Oracle Database 10g Release 2

• Introduces powerful new features to address
  security privacy and regulatory compliance
• Introduces advanced encryption technology to
  protect sensitive information and important
  security features to help application developers
  build even more secure applications going forward

• Perhaps the most important new feature is the
  addition of transparent data encryption (TDE) to
  the Oracle Advanced Security option.

• Enterprise users can use password-based
  authentication, removing the requirement for
  client-side wallets and most Secure Socket Layer
  (SSL) processing.

• Oracle introduces extensible, fine-grained
  auditing, that can alert administrators to misuse
  of legitimate data access rights as well as
  serving as an intrusion detection system for the
  database.

Credits Oracle Database 10g R2 Security
10
Oracle Database 10g R2 Security

• TDE (Transparent Data Encryption)
• Sets the standard for database encryption by
  tightly coupling encryption with the database to
  provide a highly transparent encryption solution
  to protect sensitive data written to disk or
  backup media.
• Credit card numbers, social security numbers and
  other sensitive information remains encrypted on
  backup media for regulatory compliance with
  protection against Identity theft.
  
  

• Oracle Label Security
• Helps customers address regulatory compliance
  challenges by combining data classification
  technology with the concept of a user security
  clearance to enable strong access controls in the
  Oracle database.

• Oracle Advanced Security
• Protects privacy and confidentiality of data over
  the network by eliminating data sniffing, data
  loss, replay and person-in-the-middle attacks.
• Provides strong authentication solutions
  leveraging a businesss existing security
  framework.

Credits Oracle Database 10g R2 Security
11
APPSERVER SECURITY
Includes thinking through and standardizing on
authentication, authorization, integrity,
confidentiality, and access control mechanisms
across the enterprise

• Oracle Application Server 10g (OracleAS 10g)
• Provides the essential security capabilities and
  services enterprises require to secure their
  application deployments.
• Provides an enterprise the ability to develop,
  deploy and manage middleware services in an
  efficient and cost effective manner.
• Provides security features in a number of
  components including
• Application Platform Suite (APS)
• SSL Connectivity
• Oracle HTTP Server
• Oracle Web Cache
• Oracle Identity Management

Credits Oracle Application Server Security -
Datasheet (PDF), , Oracle Application Server
Security - Technical Whitepaper (PDF),
12
Oracle Application Server 10g
Provides standards based solutions with Security
and Interoperability as the key differentiators.

• Application Platform Suite Security
• Offers the standard Java Security Model services
  for authentication, authorization and
  accountability.
• APS uses standard Java Authentication and
  Authorization Service (JAAS) to provide pluggable
  authentication and permissions based
  authorization for all Oracle Application Server
  components.

Credits Oracle Application Server Security -
Technical Whitepaper (PDF),
13
Oracle Application Server 10g

• SSL Connectivity
• Ability of Oracle Application Server 10g
  components to communicate with one another over
  secure sockets layer. Users accessing
  applications can communicate over https protocols

• Oracle Http Server Security
• Provides strong security solutions by enforcing
  transport level security, certificate based
  authentication.
• Supports hardware acceleration and integration
  with modsecurity plug in to eliminate unwanted
  requests.
• The Web Server component of Oracle HTTP Server
  (OHS) provides the standard web server security
  features including Encryption, Authentication and
  Authorization.

• Oracle Web Cache
• OracleAS Web Cache can be configured to cache
  pages for https protocol requests.
• Oracle AS WebCache integration with Oracle
  Identity Management provides it the ability to
  support client and server authentication with
  digital certificates.

Credits Oracle Application Server Security -
Technical Whitepaper (PDF),
14
Oracle Application Server 10g

• Oracle Identity Management
• Provides common security and management
  infrastructure for Web and enterprise
  applications that can be applied across all
  application tiers
• Oracle Identity Management provides the solution
  to enable secure management of business
  transactions in a networked enterprise.
• Provides provisioning and centralized user and
  access management solution that operates in a
  heterogeneous environment.

Credits Oracle Application Server Security -
Technical Whitepaper (PDF),
15
APPLICATIONS SECURITY

• Security in the E-Business Suite Release 11i
• Provides specific security features that assist
  customers, developers, and partners in
  establishing secure enterprise application
  deployments. These features protect information
  managed by the Suite and control how users may
  access that information Mechanisms include
• Authenticate users identities
• Control the functions and data users can access
• Keep record, and support auditing, of
  security-related user activity
• Provide secure and convenient administration of
  user accounts, user privileges, and data/function
  access policies
• Is designed and developed with secure coding
  guidelines taken into account. These guidelines
  improve the security of the Suite by enforcing
  security best practices (such as password
  complexity requirements, or encryption of stored
  passwords), and by allowing developers to avoid
  common software errors that may be exploited by
  malicious users to undermine the security of the
  system.

Credits Oracle.com
16
Security in the E-Business Suite Release 11i
Introduces the Oracle User Management
application, a secure and scalable system that
enables organizations to define administrative
functions and manage users based on specific
requirements such as job role or geographic
location. Oracle User Management With Oracle
User Management, instead of exclusively relying
on a centralized administrator to manage all its
users, an organization can create local
administrators and grant them sufficient
privileges to manage a specific subset of the
organizations users. This provides the
organization with amore granular level of
security, and the ability to make the most
effective use of its administrative capabilities.
Credits White Paper Oracle User Management
(UMX)
17
ORACLE USER MANAGEMENT
Function Security restricts user access to the
individual menus and menu options within the
system. Could control whether you have the
ability to create a new order, or even access he
page.
Key Features of Oracle User Management
Data Security provides additional access control
on the data a user can see and what actions a
user can perform on that data. Could control
access to the set of orders that an order
administrator can update within the Order
Management application.
Role Based Access Control provides additional
methods to organize data security policies and
existing function security (via roles).
Delegated Administration you can designate local
administrators who manage a subset of people and
roles. You could internally establish
administrators at division or even department
levels, and then delegate administration of
external users to people within those (external)
organizations.
Registration Processes enables organizations to
provide end-users with a method for requesting
various levels of access to the system, based on
their eligibility. Allows you to specify
approval routing rules, notifications, identify
verification and eligibility criteria, where
desired.
Self Service Approvals enables users to
request initial access or additional access to
the system. Individuals can request new accounts
or additional access, pending eligibility, using
the predefined Registration Processes
Credits White Paper Oracle User Management
(UMX)
18
SUMMARY

• Worlds leading supplier of software for
  Information Management.
• Only vendor to offer solutions for every tier of
  your business.
• Loyal Customers and Partners
• Provides Security Solutions for
• Databases
• AppServers
• Applications

19
REFERENCES
http//www.oracle.com/index.html http//www.panaso
nic.com http//www.alaskaair.com http//www.wmg.co
m http//www.alliancetechnologies.net http//www.3
i-infotech.com http//www.a2f-services.fr/index.ph
p