Oaug sys admin sig meeting appsworld conference
This presentation is the property of its rightful owner.
Sponsored Links
1 / 35

OAUG Sys Admin SIG Meeting AppsWorld Conference PowerPoint PPT Presentation


  • 129 Views
  • Uploaded on
  • Presentation posted in: General

OAUG Sys Admin SIG Meeting AppsWorld Conference. January 26, 2004 San Diego, CA. Welcome. Welcome to OAUG Day at AppsWorld 2004!. Agenda. Introduction What is OAUG? What is the SysAdmin SIG? Summary of Non-Conference Activities Discussion of Committees Web Site Review Open Discussion

Download Presentation

OAUG Sys Admin SIG Meeting AppsWorld Conference

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Oaug sys admin sig meeting appsworld conference

OAUG Sys Admin SIG MeetingAppsWorld Conference

January 26, 2004

San Diego, CA


Welcome

Welcome

  • Welcome to OAUG Day at AppsWorld 2004!


Agenda

Agenda

  • Introduction

  • What is OAUG?

  • What is the SysAdmin SIG?

  • Summary of Non-Conference Activities

  • Discussion of Committees

  • Web Site Review

  • Open Discussion

  • Topic Presentation: 11i Security

  • Wrap Up


Introduction

Introduction

  • Randy Giefer - SIG Chairperson

  • Apps DBA Consultant

  • Trainer

  • Educator

  • Solution Beacon, LLC

  • [email protected]


What is oaug

What is OAUG?

  • Oracle Applications Users Group (OAUG)


Oaug membership benefits

OAUG Membership Benefits

  • Networking Opportunities

  • Education

  • Free Training

  • Information Resources

  • Geographical and Special Interest Groups

  • Publications

  • Advocacy

  • Leadership Opportunities


Oaug membership benefits1

OAUG Membership Benefits

  • Booth #338

  • "Oracle + OAUG = Success" Raffle

  • Special Membership Offer

  • $100 off the already discounted member registration rate of US $825 for Connection Point 2004, held at Swan & Dolphin Hotel in Orlando, Florida, September 12 - 15, 2004


What is the oaug sysadmin sig

What is the OAUG SysAdmin SIG?

  • Special Interest Group

  • Share knowledge and experience about a variety of topics relating to Oracle Applications System Administration

  • Related SIGs

    • DBA SIG

    • Upgrade SIG


Mission statement

Mission Statement

  • The SysAdmin Special Interest Group (SIG), sponsored by the Oracle Applications User Group (OAUG), provides a forum for OAUG members and participants to share updates, tips and successful practices relating to System Administration in an Oracle Applications environment. The SysAdmin SIG strives to enable System Administrators to become more effective and efficient in their jobs by providing them with access to people and information that can their System Administration knowledge and experience.


Mission statement cont

Mission Statement (cont.)

The SysAdmin SIG achieves this by:

  • Maintaining a web-based knowledgebase of information on the OAUG website

  • Offering a member listserver where participants can exchange information

  • Holding national member meetings held at OAUG and Oracle AppsWorld conferences


Oaug sysadmin sig

OAUG SysAdmin SIG

Oracle Applications System Administration :

  • Concurrent Managers

  • Printer Drivers & Keyboard Mappings

  • Architecture

  • Workflow Administration

  • Oracle Tools and Utilities

  • Third-Party Tools


Oaug sysadmin sig1

OAUG SysAdmin SIG

System Administration :

  • UNIX

  • Linux (Former Linux SIG)

  • Windows (Former NT SIG)


Oaug sysadmin sig2

OAUG SysAdmin SIG

General :

  • SIG List Server

  • Useful Links

  • System Administrator Roles and Responsibilities

  • Oracle Enhancement Requests


Summary of non conference activities

Summary of Non-Conference Activities

  • New SysAdmin SIG Web site (www.oaug.org)

  • Distribution List and List Server

  • Creation of Committees


Committees

Committees

  • Concurrent Managers (Netta Kausalik)

  • Scripts (Gary Landis)

  • Printer drivers & keyboard mappings (Tammy Vandermey)

  • System Administrator Roles and Responsibilities (Jennifer Carney)

  • Oracle Tools and Utilities (Sandra Vucinic)

  • Third-Party Tools (Melanie Abbas)

  • Useful Links (Mary Lou Weiss)

  • Oracle Enhancement Requests (Randy Giefer)

  • Architecture (John Stouffer)

  • Workflow (Noah Chanmala)


Web site review

Web Site Review

  • www.oaug.org


Open discussion

Open Discussion

  • New Topic Areas

  • Questions / Suggestions


Topic presentation 11 i security

Topic Presentation – 11i Security

  • Excerpts from whitepaper

  • 11i Applications Security – “Keeping The Bad People Away”


11 i applications security keeping the bad people away

11i Applications Security – “Keeping The Bad People Away”

  • Case Studies

    • Electronic Check File on Public FTP Server

    • Ex-Employee Steals CRM and Financials Data

    • Employee Sells HR Database

    • Employee Manipulates Payroll Data


11 i applications security keeping the bad people away1

11i Applications Security – “Keeping The Bad People Away”

  • What do all of these Case Studies have in common?

    • Electronic Check File on Public FTP Server

    • Ex-Employee Steals CRM and Financials Data

    • Employee Sells HR Database

    • Employee Manipulates Payroll Data

  • Answer: A firewall didn’t help!


What is security

What Is Security?

In an Oracle Applications environment, it’s protection of information from:

  • Accidental Data Loss

  • Employees

  • Ex-Employees

  • Hackers

  • Competition


What is security1

What Is Security?

  • Security is a PROCESS that occurs (or doesn’t) at multiple levels:

    • Organizational

    • Processes and Procedures

    • Internal and External Checks and Balances


What is security2

What Is Security?

  • User Technology Security

    • Network

    • Server

    • Database

    • Application


Application security

Application Security

  • Part Technology, Mostly User Access

  • User Security

    • Authentication

    • Authorization

    • Audit Trail


Easy r11 i applications security

Easy R11i Applications Security

  • Easily Implement Two Types/Categories of Security:

    • User Account Best Practice Policies

    • Profile Options

  • Quick and Easy to Implement

  • Low Investment / High Return Value

  • “Big Bang for the Buck”


Best practice no shared accounts

Best Practice: No Shared Accounts

  • Difficult or Impossible to Properly Audit

  • How Hard Is It To Guess A Username?

  • 11i Feature to Disallow Multiple Logins Under Same Username

  • Uses WF Event/Subscription to Update ICX_SESSIONS Table

  • 11.5.8 MP

  • Patches 2319967, 2128669, WF 2.6


Best practice no generic passwords

Best Practice: No Generic Passwords

  • Stay Away From ‘welcome’!!!

  • 11.5.10 Oracle User Management (UMX)

  • User Registration Flow

    • Select Random Password

    • Random Password Generator


11 5 10 oracle user management umx

11.5.10 Oracle User Management (UMX)

  • UMX leverages workflow to implement business logic around the registration process.

  • Raising business events

  • Provide temporary storage of registration data

  • Identity verification

  • Username policies

  • Include the integration point with Oracle Approval Management

  • Create user accounts

  • Release usernames

  • Assign Access Roles

  • Maintain registration status in the UMX schema

  • Launch notification workflows


Profile signon password length

Profile: Signon Password Length

  • Signon Password Length sets the minimum length of an Oracle Applications password value.

  • Default Value = 5 characters

  • Recommendation: At least 7 characters


Profile signon password hard to guess

Profile: Signon Password Hard to Guess

  • The Signon Password Hard to Guess profile option sets internal rules for verifying passwords to ensure that they will be "hard to guess."

  • Oracle defines a password as hard-to-guess if it follows these rules:

    • The password contains at least one letter and at least one number.

    • The password does not contain repeating characters.

    • The password does not contain the username.

  • Default Value = No

  • Recommendation = Yes


Profile signon password no reuse

Profile: Signon Password No Reuse

  • This profile option is set to the number of days that must pass before a user is allowed to reuse a password.

  • Default Value = 0 days

  • Recommendation = 180 days or greater


Profile signon password failure limit

Profile: Signon Password Failure Limit

  • Default Value = 0 attempts

  • Recommendation = 3

  • By default, there is no lockout after failed login attempts. This is just asking to be hacked!

  • Additional Notes:

    • Implement an alert (periodic), custom workflow or report to notify security administrators of a lockout.

    • FND_UNSUCCESSFUL_LOGINS

    • 11.5.10 will raise a security exception workflow


Profile icx session timeout

Profile: ICX:Session Timeout

  • This profile option determines the length of time (in minutes) of inactivity in a user's form session before the session is disabled. Note that disabled does not mean terminated or killed. The user is provided the opportunity to re-authenticate and re-enable their timed-out session. If the re-authentication is successful, the disabled session is re-enabled and no work is lost. Otherwise, the session is terminated without saving pending work.


Profile icx session timeout cont

Profile: ICX:Session Timeout (cont.)

  • Default value = none

  • Recommendation = 30 (minutes)

  • Also set session.timeout in zone.properties

  • Available via Patch 2012308. (Included in 11.5.7, FND.E)


Wrap up

Wrap Up

  • Thanks to Oracle AppsWorld for sponsoring this and other OAUG SIGs!

  • Thank you for attending!

    [email protected]


  • Login