2 Security and Privacy
Security is the top priority for the Oracle® Intelligent Communications Orchestration Network cloud service from design to implementation following Oracle's Oracle Software Security Assurance (OSSA) requirements. Oracle provides this guide to ensure you that the Oracle® Intelligent Communications Orchestration Network cloud service is configured securely and its features are delivered securely.
About Oracle® Intelligent Communications Orchestration Network cloud service
The Oracle® Intelligent Communications Orchestration Network cloud service enables Enterprises and Managed Service Providers to connect Unified Communications (UC) and Contact Centers (CC) because the service supports connecting to both on-premises and SaaS-based UC and CC solutions. The Oracle® Intelligent Communications Orchestration Network cloud service focuses on bringing voice communications services together in one place to relieve you from managing Carrier Service compatibility issues.
Security Recommendations
Oracle builds security into the Oracle® Intelligent Communications Orchestration Network cloud service with the following recommendations for you to note.
- The Oracle® Intelligent Communications Orchestration Network cloud service User Interface allows only TLS1.2 connections. Ensure that only secured ciphers are allowed from your browsers: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.
- The Oracle® Intelligent Communications Orchestration Network cloud service server certificate is signed by Oracle's Digit CERT Certificate Authorities. Ensure that your browsers trust Oracle Certificate Authorities: Digicert SHA2 Secure Server CA2 (Signing CA) and Digicert Global ROOT CA (root CA).
- For Session Border Controller interfaces that interconnect with Oracle® Intelligent Communications Orchestration Network cloud service service points by way of TLS, ensure to add Oracle Root CA to its trusted certificate list. The root CA "Digicert Global Root G2" can be downloaded from https://knowledge.digicert.com/general-information/digicert-trusted-root-authority-certificates.
- Account management: Oracle recommends that you add accounts on a minimum privileges needed basis, where more permissions can be added as needed. When an account is no longer needed, suspend and remove it as soon as possible.
Security Operations
All Oracle® Intelligent Communications Orchestration Network cloud service communications are secured (TLS1.2+ with secured ciphers). Data at rest (customer configuration and operation data) is protected with secured ciphers and key lengths.
Oracle also monitors the Oracle® Intelligent Communications Orchestration Network cloud service with a secure SIEM program for real time threat detection. All Oracle® Intelligent Communications Orchestration Network cloud service deployments and environments are scanned and monitored for any threat intrusion and supply chain risks.
RTP and SIP Security
The Oracle® Intelligent Communications Orchestration Network cloud service does not protect SIP signaling traffic and RTP media traffic with encryption. Oracle recommends that you use SRTP and TLS to protect media and signaling data in transit.
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-CHACHA20-POLY1305
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-ECDSA-AES128-GCM-SHA256
- DHE-RSA-AES256-GCM-SHA384
- DHE-RSA-AES128-GCM-SHA256
SIP-TLS server certificates are signed by "GeoTrust TLS RSA CA G1" ( Issuer:CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US)
- AES_CM_128_HMAC_SHA1_80
- AES_CM_128_HMAC_SHA1_32
- AES_256_CM_HMAC_SHA1_80
- AES_256_CM_HMAC_SHA1_32
RTP Addresses
The Oracle® Intelligent Communications Orchestration Network cloud service uses the following IPv4 Real-time Transport Protocol (RTP) addresses to anchor media in each supported region.
Note:
Oracle sends RTP traffic over media ports 30000-50000.Table 2-1 RTP Addresses
| Address | United States US1 (Ashburn) | United Kingdom UK1 (London) | Europe EU1 (Frankfurt) |
|---|---|---|---|
| RTP Addresses |
|
|
|
SIP Addresses
The Oracle® Intelligent Communications Orchestration Network cloud service sends Session Initiation Protocol (SIP) traffic from the following IP addresses according to the region of origin.
Table 2-2 SIP Addresses
| Address | United States US1 (Ashburn) | United Kingdom UK1 (London) | Europe EU1 (Frankfurt) |
|---|---|---|---|
| Carrier SIP Trunk SIP Addresses |
|
|
|
| Generic SIP Trunk SIP Addresses |
|
|
|
Privacy Policy
The Oracle® Intelligent Communications Orchestration Network cloud service collects and uses your information to administer, support, improve, and obtain feedback on our services, to detect and prevent faults, breaches of our network security, the law, or our contractual terms. Oracle will not sell or rent your personal data to others outside Oracle® Intelligent Communications Orchestration Network cloud service, except where the law permits or unless you specifically agree.
- Companies related to Oracle
- Lawyers, auditors, or advisers to Oracle
- Agents acting on behalf of Oracle
- Oracle business partners
- Agents, affiliates, contractors, and third-party service providers who provide administrative, telecommunications, computer, payment, and other services to Oracle in relation to Oracle's business operations
- Any persons and corporate entities to whom Oracle is obliged to disclose under the requirements of law relating to Oracle or any of its affiliates or partners
- Governmental and judicial bodies and regulators