1 Security Overview

This chapter provides an overview of Oracle Communications Service Catalog and Design security.

Basic Security Considerations

The following principles are fundamental to using any application securely:

  • Keep software up-to-date. Upgrade to the latest Service Catalog and Design product release and apply all appropriate patches.

  • Limit privileges. Give users only as much access as necessary to perform their work. Review user privileges periodically to determine relevance to current work requirements.

  • Monitor system activity. Establish access and frequency rules for system components and monitor those components.

  • Install software securely. Use firewalls, secure protocols such as SSL, and secure passwords.

  • Learn and use the Design Studio security features. Enforce user authorization, establish desktop lock policies, and employ source control.

  • Use secure development practices. Leverage Service Catalog and Design security functionality.

  • Stay informed. Read all security alerts and promptly install all security patches. See "Critical Patch Updates and Security Alerts" here:

    https://www.oracle.com/security-alerts/

Overview of Service Catalog and Design Security

Security for Service Catalog and Design focuses on a few key areas:

  • Limiting use of Design Studio to authorized users

  • Controlling access to cartridge management functions

  • Protecting cartridge designs

  • Preventing run-time cartridge archive tampering

The remaining sections in this document address each of these security considerations.