Release 11iWorkshops 30 Minute Release 11iSecurity… Keeping the Bad Guys AwaySession Leader Randy Giefer, Solution Beacon Release 11iWorkshops San Ramon, CA• Worthington, MA• Los Angeles, CA• St. Louis, MO • Orlando, FL www.solutionbeacon.comTRAIL to TEXASs m
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
8/3/2019 8_3_giefer
http://slidepdf.com/reader/full/83giefer 1/26
Release 11i Workshops
30 Minute Release 11i Security…Keeping the Bad Guys Away
Session LeaderRandy Giefer, Solution Beacon
Release 11i WorkshopsSan Ramon, CA • Worthington, MA •
birth dates of company executives onbirth dates of company executives on
websitewebsite Ex-Employee Steals CRM and FinancialsEx-Employee Steals CRM and Financials
Data and Provides to CompetitorData and Provides to Competitor Employee Sells Credit History DatabaseEmployee Sells Credit History Database Employee Manipulates Payroll DataEmployee Manipulates Payroll Data Employee Sells Email Addresses toEmployee Sells Email Addresses to
30 Minute Release 11i Security “Keeping The Bad People Away”
Q. What do all of these Case Studies have inQ. What do all of these Case Studies have in
common?common?
Disgruntled EmployeeDisgruntled Employee Ex-Employee Steals CRM and Financials DataEx-Employee Steals CRM and Financials Data Employee Sells Credit History DatabaseEmployee Sells Credit History Database
Employee Manipulates Payroll DataEmployee Manipulates Payroll Data
Employee Sells Email Addresses to SpammerEmployee Sells Email Addresses to Spammer
A. A firewall didn’t help!!! A. A firewall didn’t help!!!
Through 2005, 20 Percent of Through 2005, 20 Percent of Enterprises Will Experience a SeriousEnterprises Will Experience a SeriousInternet Security Incident – GartnerInternet Security Incident – Gartner
By 2005, 60 percent of security breachBy 2005, 60 percent of security breachincident costs incurred by businessesincident costs incurred by businesseswill be financially or politically motivatedwill be financially or politically motivated
– Gartner – Gartner Are you prepared? Are you prepared? Can you prevent becoming a statistic?Can you prevent becoming a statistic?
“ “Process” means it occurs more than once!Process” means it occurs more than once! Processes and ProceduresProcesses and Procedures Internal and External Checks andInternal and External Checks and
UMX leverages workflow to implement businessUMX leverages workflow to implement businesslogic around the registration process.logic around the registration process.
Raising business eventsRaising business events Provide temporary storage of registration dataProvide temporary storage of registration data
Identity verificationIdentity verification Username policiesUsername policies Include the integration point with Oracle ApprovalInclude the integration point with Oracle Approval
ManagementManagement Create user accountsCreate user accounts
Release usernamesRelease usernames Assign Access Roles Assign Access Roles Maintain registration status in the UMX schemaMaintain registration status in the UMX schema Launch notification workflowsLaunch notification workflows
The Signon Password Hard to Guess profile optionThe Signon Password Hard to Guess profile optionsets internal rules for verifying passwords to ensuresets internal rules for verifying passwords to ensurethat they will be "hard to guess."that they will be "hard to guess."
Oracle defines a password as hard-to-guess if itOracle defines a password as hard-to-guess if it
follows these rules:follows these rules: The password contains at least one letter and atThe password contains at least one letter and at
least one number.least one number. The password does not contain repeatingThe password does not contain repeating
characters.characters. The password does not contain the username.The password does not contain the username.
Default Value = NoDefault Value = No Recommendation = YesRecommendation = Yes
Default Value = 0 attemptsDefault Value = 0 attemptsRecommendation = 3Recommendation = 3By default, there is no lockout after failed loginBy default, there is no lockout after failed login
attempts. This is just asking to be hacked!attempts. This is just asking to be hacked! Additional Notes: Additional Notes: Implement an alert (periodic), custom workflowImplement an alert (periodic), custom workflow
or report to notify security administrators of aor report to notify security administrators of a
lockoutlockoutFND_UNSUCCESSFUL_LOGINSFND_UNSUCCESSFUL_LOGINS11.5.10 will raise a security exception workflow11.5.10 will raise a security exception workflow
This profile option determines the length of This profile option determines the length of time (in minutes) of inactivity in a user's formtime (in minutes) of inactivity in a user's formsession before the session issession before the session is disabled disabled . Note. Note
that disabled does not mean terminated orthat disabled does not mean terminated orkilled. The user is provided the opportunitykilled. The user is provided the opportunityto re-authenticate and re-enable their timed-to re-authenticate and re-enable their timed-out session. If the re-authentication isout session. If the re-authentication is
successful, the disabled session is re-enabledsuccessful, the disabled session is re-enabledand no work is lost. Otherwise, the session isand no work is lost. Otherwise, the session isterminated without saving pending work.terminated without saving pending work.