Jerry Held - PowerPoint PPT Presentation

About This Presentation
Title:

Jerry Held

Description:

Multi-Layer protection through encryption, extensive ... The Oracle Application Server can be used as a client to the database and ... Oracle Wallet Manger. ... – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 33
Provided by: Analy7
Category:
Tags: allan | held | jerry | manger

less

Transcript and Presenter's Notes

Title: Jerry Held


1
(No Transcript)
2
Simplify and Strengthen Security with Oracle
Application Server
Session id 40112
  • Allan L HaensgenSenior Principal Instructor
  • Oracle Corporation

3
Security Risks in an Internet Environment
  • Data tampering and fraud
  • Eavesdropping and data theft
  • Falsifying user identities
  • Password-related threats
  • Unauthorized access to data
  • Lack of accountability
  • Hacking

4
Addressing the Security Challenges
  • Deep data protection
  • Multi-Layer protection through encryption,
    extensive auditing, and access control
  • Internet-scale security
  • SSL
  • Proxy authentication
  • Java
  • Secure hosting and data exchange
  • Public key infrastructure
  • Enterprise wide user security

5
Oracle Application Server Security Architecture
6
Application Server Security
  • The Oracle Application Server can be used as a
    client to the database and therefore you can
    employ the following security features
  • Enterprise user security
  • Authentication and digital certificates
  • Proxy authentication
  • Connecting from the middle tier to the database

7
Java Authentication and Authorization Service
  • Java Authentication and Authorization Service
    (JAAS) provides key security services to the Java
    programmer in the following areas
  • Authentication to identify users
  • Authorization to limit what users can do
  • Delegation to enable code to be run securely

8
Securing the Oracle HTTP Server Itself
  • The Oracle HTTP Server supports the following
    security schemes
  • IP-based or domain namebased restriction
  • Basic authentication through the username and
    password combination
  • Certificate distinguished name (DN)-based
    authorization
  • Secure Sockets Layer (SSL) protocol

9
Oracle HTTP Server Security Modules
  • mod_access is used for restriction.
  • mod_auth and mod_auth_anon are used for
    authentication.
  • mod_ossl is used with SSL.

OHS
1
2
3
4
5
Response
AccessControl
Translation
Logging
MIMEType
10
Host-Based Access Control
  • mod_access IP- or domain-based access control
  • You can use the allow and deny directives within
    the ltDirectorygt ... lt/Directorygt ltLocationgt ...
    lt/Locationgt context of your httpd.conf or
    .htaccess file

allow from host host ...
deny from host host ...
11
Host-Based Access Control
  • The order directive specifies the order in which
    the allow and deny commands are applied
  • The ordering argument can be one of the
    following

order ordering
1. deny,allow 2. allow,deny
12
Host-Based Access Control
  • The allow from or deny from directive

ltDirectory /docrootgt order deny,allow deny
from all allow from 144.25.192.170 lt/Directorygt

13
User Authentication
  • Basic authentication is performed by the
    following modules
  • mod_auth
  • mod_auth_anon
  • A resource can be a protected user or
    group-based, or both.
  • To access the resource, you also need to have the
    permission as defined by the Require directive.

14
Combining User- andHost-Based Authentication
ltLocation /gt AuthName "Who are you" AuthType
Basic AuthUserFile /ias/Apache/Apache/auth/passwo
rd Require valid-user order deny,allow deny
from all allow from hq1.us.oracle.com Satisfy
all lt/Locationgt
15
Establishing Secure Web Sessions
  • The SSL protocol is a standard for secure data
    transmission over the Internet.
  • SSL involves three mechanisms
  • Encryption
  • Authentication
  • Data integrity
  • SSL is implemented through mod_ossl.

16
How SSL Works
https
1
Public certificate
2
Session key
3
Browser
Request client certificate (opt)
4
Oracle9iAS
17
Oracle Wallet Manager
  • Oracle Wallet Manager is a stand-alone Java
    application for
  • Generating a public/private key pair and creating
    a certificate request for submission to a CA.
  • Installing a certificate for the entity.
  • Configuring trusted certificates for the entity.
  • Uploading or downloading a wallet to or from an
    LDAP directory such as Oracle Internet Directory.
  • Importing wallets and exporting wallets.

18
Creating a Certificate Request
19
Exporting a Certificate Request
20
Oracle HTTP Server with SSL Enabled
  • Oracle HTTP Server is already SSL enabled after
    the installation
  • SSL is enabled in opmn.xml
  • There is no specific command to start the Oracle
    HTTP Server with SSL enabled

ltohsgt ltstart-mode mode"ssl"/gt lt/ohsgt
gt cd ORACLE_HOME/dcm/bin gt dcmctl start -ct
ohs
21
What is Single Sign-On?
  • Oracle Application Server Single Sign-On (SSO) is
    a service that enables
  • Authentication to multiple applications in an
    enterprise by entering a username and password
    only once
  • Centralized administration of username and
    password combinations for all users in an
    enterprise

22
Single Sign-On
  • SSO technology utilizes
  • mod_osso An HTTP module that provides single
    sign-on authentication to Oracle9iAS applications
  • Oracle Internet Directory A Lightweight
    Directory Access Protocol (LDAP) server using an
    Oracle9i database as its information store.
  • Oracle Wallet Manger. A container utility that
    stores and manages X.509 certificates and trusted
    certificates

23
Single Sign-On
  • Oracle9iAS SSO technology provides
  • Public key infrastructure (PKI) support when
    using Oracle Internet Directory
  • Multitier integration

24
Authenticating Partner Applications
Partner ApplicationOracle HTTP Server
1
7
7
3
2
6
4
SSO Server
5
Oracle Internet Directory
25
Administering Users With the Delegated
Administration Service (DAS)
http//lthostnamegtltportgt/oiddas
26
Lightweight DirectoryAccess Protocol (LDAP)
  • LDAP offers the following features
  • Simplified ISO X.500 Directory Access Protocol
  • Lightweight, browser-friendly client
    implementation
  • Protocol standard defined and maintained by the
    Internet Engineering Task Force (IETF)
  • Need for interoperability is driving rapid
    adoption in the IT community

27
Oracle Internet Directory (OID)
  • OID is
  • Compliant with LDAP, version 3
  • Implemented as an Oracle9i application
  • OID includes
  • Oracle Directory Server
  • Oracle Directory Replication Server
  • Oracle Directory Manager
  • Command-line tools
  • Delegated Administration Service (DAS)

28
OID Architectural Overview
OID clients
LDAP
OID
LDAP over SSL
Oracle Net connections
Directory administration
Oracle database
29
Benefits of OID
  • OID provides
  • Delegated Administration Service (DAS)
  • Failover in cluster configurations
  • Support for Oracle Real Application Clusters
  • Oracle Directory Integration platform, to
    synchronize with other enterprise repositories
    including third-party LDAP directories
  • Password policy management

30
Identity Management
  • Centralizes and automates many application user
    management functions
  • Faster deployments
  • Brings OID, SSO, DAS, and other security
    components into one management system

31
A
32
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Jerry Held" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!