Table of Contents
- Title and Copyright Information
- Send Us Your Comments
- 1 About this Manual
- 2 General Principles
-
3
Pre-Installation
-
3.1
Data Center Practices
- 3.1.1 Overview
- 3.1.2 Physical System Security
- 3.1.3 Minimize the Server Footprint
- 3.1.4 Operating System Users and Groups
- 3.1.5 Restrict File System Access
- 3.1.6 Network Perimeter Protection
- 3.1.7 Network Service Protection
- 3.1.8 Usage of Protected Ports
- 3.1.9 Installation of Software in Production Mode
- 3.1.10 Software Updates and Patches
- 3.1.11 Usage of Security Appliances and Software
- 3.1.12 Configure Security Auditing
- 3.1.13 Separation of Concerns
- 3.1.14 Backup Controls
-
3.1
Data Center Practices
-
4
Installation
- 4.1 Oracle Database Security
- 4.2 Database Operating Environment Security
-
4.3
Application Server Security
- 4.3.1 Overview
- 4.3.2 Installation of Oracle WebLogic Server
-
4.3.3
Secure the WebLogic Server
installation
- 4.3.3.1 Network perimeter protection
- 4.3.3.2 Operating System Users and Groups
- 4.3.3.3 File System Access to OS Users
- 4.3.3.4 Usage of Protected Ports
- 4.3.3.5 Choice of the SSL cipher suite
- 4.3.3.6 Usage of WebLogic Connection Filters
- 4.3.3.7 Usage of Domain-wide Administration Port for Administrative Traffic
- 4.3.3.8 Secure the Embedded LDAP port
- 4.3.3.9 Precautions when using SNMP
-
4.3.4
Secure the WebLogic Security Service
- 4.3.4.1 Enable SSL, but avoid using Demonstration Certificates
- 4.3.4.2 Enforce Security Constraints on Digital Certificates
- 4.3.4.3 Ensure that Host Name Verification is Enabled
- 4.3.4.4 Impose Size and Time Limits on Messages
- 4.3.4.5 Restrict the Number of Open Sockets
- 4.3.4.6 Configure WebLogic Server to Manage Overload
- 4.3.4.7 User Lockouts and Login Time Limits
- 4.3.4.8 Enable Configuration Auditing
- 4.3.4.9 System Administrator Accounts
- 4.3.4.10 Set up Secure Flag for Cookies
- 4.3.5 Secure the Application
- 4.4 Secure the Application Web-Interface
- 5 Post-Installation
- 6 Generic Information
- 7 Security Features