slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Simplify and Strengthen Security with Oracle Application Server PowerPoint Presentation
Download Presentation
Simplify and Strengthen Security with Oracle Application Server

Loading in 2 Seconds...

play fullscreen
1 / 32

Simplify and Strengthen Security with Oracle Application Server - PowerPoint PPT Presentation


  • 106 Views
  • Uploaded on

Session id: 40112. Simplify and Strengthen Security with Oracle Application Server. Allan L Haensgen Senior Principal Instructor Oracle Corporation. Security Risks in an Internet Environment. Data tampering and fraud Eavesdropping and data theft Falsifying user identities

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Simplify and Strengthen Security with Oracle Application Server' - mya


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
simplify and strengthen security with oracle application server

Session id: 40112

Simplify and Strengthen Security with Oracle Application Server

Allan L HaensgenSenior Principal Instructor

Oracle Corporation

security risks in an internet environment
Security Risks in an Internet Environment
  • Data tampering and fraud
  • Eavesdropping and data theft
  • Falsifying user identities
  • Password-related threats
  • Unauthorized access to data
  • Lack of accountability
  • Hacking
addressing the security challenges
Addressing the Security Challenges
  • Deep data protection
    • Multi-Layer protection through encryption, extensive auditing, and access control
  • Internet-scale security
    • SSL
    • Proxy authentication
    • Java
  • Secure hosting and data exchange
    • Public key infrastructure
    • Enterprise wide user security
application server security
Application Server Security
  • The Oracle Application Server can be used as a client to the database and therefore you can employ the following security features:
    • Enterprise user security
    • Authentication and digital certificates
    • Proxy authentication
    • Connecting from the middle tier to the database
java authentication and authorization service
Java Authentication and Authorization Service
  • Java Authentication and Authorization Service (JAAS) provides key security services to the Java programmer in the following areas:
    • Authentication to identify users
    • Authorization to limit what users can do
    • Delegation to enable code to be run securely
securing the oracle http server itself
Securing the Oracle HTTP Server Itself

The Oracle HTTP Server supports the following security schemes:

  • IP-based or domain name–based restriction
  • Basic authentication through the username and password combination
  • Certificate distinguished name (DN)-based authorization
  • Secure Sockets Layer (SSL) protocol
oracle http server security modules
Oracle HTTP Server Security Modules
  • mod_access is used for restriction.
  • mod_authand mod_auth_anon are used for authentication.
  • mod_ossl is used with SSL.

OHS

1

2

3

4

5

Translation

AccessControl

MIMEType

Response

Logging

host based access control
Host-Based Access Control
  • mod_access: IP- or domain-based access control
  • You can use the allow and deny directives within the <Directory> ... </Directory> <Location> ... </Location>context of your httpd.conf or .htaccess file:

allow from host host ...

deny from host host ...

host based access control11
Host-Based Access Control
  • The order directive specifies the order in which the allow and deny commands are applied:
  • The ordering argument can be one of the following:

order ordering

1. deny,allow

2. allow,deny

host based access control12
Host-Based Access Control
  • The allow from or deny from directive:

<Directory /docroot>

order deny,allowdeny from allallow from 144.25.192.170

</Directory>

user authentication
User Authentication
  • Basic authentication is performed by the following modules:
    • mod_auth
    • mod_auth_anon
  • A resource can be a protected user or group-based, or both.
  • To access the resource, you also need to have the permission as defined by the Require directive.
combining user and host based authentication
Combining User- andHost-Based Authentication

<Location />

AuthName "Who are you"

AuthType Basic

AuthUserFile /ias/Apache/Apache/auth/password

Require valid-user

order deny,allow

deny from all

allow from hq1.us.oracle.com

Satisfy all

</Location>

establishing secure web sessions
Establishing Secure Web Sessions
  • The SSL protocol is a standard for secure data transmission over the Internet.
  • SSL involves three mechanisms:
    • Encryption
    • Authentication
    • Data integrity
  • SSL is implemented through mod_ossl.
how ssl works
How SSL Works

https

1

Public certificate

2

Session key

3

Browser

Request client certificate (opt)

4

Oracle9iAS

oracle wallet manager
Oracle Wallet Manager
  • Oracle Wallet Manager is a stand-alone Java application for:
    • Generating a public/private key pair and creating a certificate request for submission to a CA.
    • Installing a certificate for the entity.
    • Configuring trusted certificates for the entity.
    • Uploading or downloading a wallet to or from an LDAP directory such as Oracle Internet Directory.
    • Importing wallets and exporting wallets.
oracle http server with ssl enabled
Oracle HTTP Server with SSL Enabled
  • Oracle HTTP Server is already SSL enabled after the installation:
    • SSL is enabled in opmn.xml
    • There is no specific command to start the Oracle HTTP Server with SSL enabled:

<ohs>

<start-mode mode="ssl"/>

</ohs>

$> cd $ORACLE_HOME/dcm/bin

$> dcmctl start -ct ohs

what is single sign on
What is Single Sign-On?
  • Oracle Application Server Single Sign-On (SSO) is a service that enables:
    • Authentication to multiple applications in an enterprise by entering a username and password only once
    • Centralized administration of username and password combinations for all users in an enterprise
single sign on
Single Sign-On
  • SSO technology utilizes :
    • mod_osso: An HTTP module that provides single sign-on authentication to Oracle9iASapplications
    • Oracle Internet Directory: A Lightweight Directory Access Protocol (LDAP) server using an Oracle9i database as its information store.
    • Oracle Wallet Manger. A container utility that stores and manages X.509 certificates and trusted certificates
single sign on23
Single Sign-On
  • Oracle9iAS SSO technology provides:
    • Public key infrastructure (PKI) support when using Oracle Internet Directory
    • Multitier integration
authenticating partner applications
Authenticating Partner Applications

Partner ApplicationOracle HTTP Server

1

7

7

3

2

6

4

SSO Server

5

Oracle Internet Directory

administering users with the delegated administration service das
Administering Users With the Delegated Administration Service (DAS)

http://<hostname>:<port>/oiddas

lightweight directory access protocol ldap
Lightweight DirectoryAccess Protocol (LDAP)
  • LDAP offers the following features:
    • Simplified ISO X.500 Directory Access Protocol
    • Lightweight, browser-friendly client implementation
    • Protocol standard defined and maintained by the Internet Engineering Task Force (IETF)
    • Need for interoperability is driving rapid adoption in the IT community
oracle internet directory oid
Oracle Internet Directory (OID)
  • OID is:
    • Compliant with LDAP, version 3
    • Implemented as an Oracle9i application
  • OID includes:
    • Oracle Directory Server
    • Oracle Directory Replication Server
    • Oracle Directory Manager
    • Command-line tools
    • Delegated Administration Service (DAS)
oid architectural overview
OID Architectural Overview

OID

clients

LDAP

OID

LDAP over SSL

Oracle Net

connections

Directory

administration

Oracle

database

benefits of oid
Benefits of OID
  • OID provides:
    • Delegated Administration Service (DAS)
    • Failover in cluster configurations
    • Support for Oracle Real Application Clusters
    • Oracle Directory Integration platform, to synchronize with other enterprise repositories including third-party LDAP directories
    • Password policy management
identity management
Identity Management
  • Centralizes and automates many application user management functions
  • Faster deployments
  • Brings OID, SSO, DAS, and other security components into one management system
slide31

Q

&

Q U E S T I O N S

A N S W E R S

A