Best Practices to Secure Linux Server homing Oracle

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Best Practices to Secure Linux Server homing Oracle"

Transcription

1 Best Practices to Secure Linux Server homing Oracle Raj Ravikumar System Analyst BizTech Kyle Snyder CIO, Managing Partner - BizTech

2 Agenda About the Presenters About BizTech What is Linux Enterprise Linux Securing Linux Conclusion Questions

3 The Presenters Kyle Snyder CIO, Managing Partner BizTech 15 years of Oracle Experience End user, implementation consultant, and project manager Over 30 Full Cycle Implementations Primary area of focus in HRMS and Managed Services Accelerate R12 Implementations Raj Ravikumar Over 6 years of IT experience, specializing in System/Network/VM/Oracl e Apps/DBA architecture. Implemented and Managed Datacenter Operations. Lead System Analyst at BizTech MS IT, CCNA, VCP, OCP (Linux, 10g/11g DB, 11i Apps)

4 BizTech Leading Mid-Atlantic Oracle Platinum Partner and IT Services firm focused on Oracle Applications and Technology solutions Over 400 successful Oracle implementations over the past 15 years Based in King of Prussia, PA with offices in New Jersey, New York City and Washington DC Service Fortune 500 companies, organizations and government agencies Oracle certified and experienced consultants

5 Client-Centric Practice Areas Oracle Applications - Full Portfolio of Oracle Applications Solutions - Implementation, Upgrade, Migration - Since 1990 MPL6 to R12 Experience - Over 400 successful implementations to date Oracle Applications Oracle Technology BI/EPM Oracle Technology and Business Intelligence - End to end service offering in BI and EPM - Fully staffed team of Data Architects and DBAs - Solid experience in RAC, HA and HS designs - Understand full Oracle technology stack Clients Managed Services ITO Oracle Software Provider Managed Services and IT Outsource - Remote or Onsite services - Full portfolio of Oracle Applications and Technologies - World-Class Data Center with 24x7 Support - Instant capacity, operational focused business model Oracle Software Provider - Full Portfolio of Oracle License Resell - Help Clients Optimize License models - RapidApp BI Software for the agile enterprise - RapidApp Auditor to manage change and GRC

6 Linux Background FOSS Source code is free! From cell phones to supercomputer

7 Enterprise Linux

8 Enterprise Linux Unbreakable Enterprise Kernel is based on a stable kernel and includes optimizations developed in collaboration with Oracle s Database, Middleware and Hardware engineering teams to ensure stability and optimal performance for the most demanding enterprise workloads.

9 Enterprise Linux Unbreakable Enterprise Kernel has been engineered and tested with performance in mind and internal benchmarks show tremendous performance improvements compared to a standard Enterprise Linux 5 kernel ( ) Unbreakable Enterprise Kernel includes enhancements and bug fixes to improve virtual memory performance, network and disk I/O performance as well as improvements for largenuma (Non-Uniform Memory Access) systems

10 Enterprise Linux The latest Infiniband software stack, OFED Improved RDS (reliable datagram sockets) stack for high speed, low latency networking Overall networking performance has been improved especially at high loads due to the inclusion of receive packet steering Improved asynchronous write back performance Increased scalability on fast storage such as solid state disk (SSD) Advanced support for large NUMA systems

11 Security Source:

12 Security Source:

13 Security Secure Shell SSH Patching Named User Accounts SUDO Access Audit Deamon Restricting Root Access Software and Services VNC Server Password Aging & Policy Firewall Network Security

14 Secure Shell What is SSH Versions of SSH SSH 1 SSH2 Why use SSH2 How to use SSH2 File - /etc/ssh/sshd_config Protocol 1 2 Protocol 2

15 Secure Shell Encryption Cipher Comparison Cipher SSH1 SSH2 DES Yes No 3DES Yes Yes IDEA Yes No Blowfish Yes Yes Twofish No Yes Arcfour No Yes Cast 128- cbc No Yes

16 Secure Shell Authentication Cipher Comparison Cipher SSH1 SSH2 RSA Yes No DSA No Yes

17 Patching Security Maintenance Supportability Error Fixing

18 Manual Process Patching

19 Built in OS tools Patching

20 Third Party Tools Patching Patch Link BlueLane's PatchPoint

21 Patching

22 Named User Accounts Users DBA s / Developers Custom Application Private Groups Restricted Access NIS / Individual Server

23 Sudo Access Super User DO /etc/sudoers visudo No Passwords to remember! Aliases Host User Command

24 Sudo Access setuid on sudo Defaults Specification User Privilege Specification Logging Security

25 Audit Daemon Used to Audit Kernel > 2.6 /etc/audit.rules

26 Audit Daemon

27 Root Access

28 Most Powerful User Root Access File - /etc/ssh/sshd_config PermitRootLogin no AllowGroups, AllowUsers, DenyGroups, and DenyUsers File - /etc/ssh/sshd_config AllowGroups dba AllowUsers scott

29 Software and Services During Install or After Install? Oracle Validated rpm package Installation pre-req document - Oralce

30 Software and Services

31 Software and Services

32 Software and Services

33 VNC Service / Source:

34 Password Security Password Aging Password Strength Source: /

35 Password Aging /etc/login.defs Parameter Value Definition PASS_MAX_DAYS 90 Maximum number of days a password may be used PASS_MIN_DAYS 0 Minimum number of days allowed between password changes PASS_MIN_LEN 5 Minimum acceptable password length PASS_WARN_AGE 7 Number of days warning given before a password expires

36 Password Aging Chage for users already created Option Definition -h Help -l List aging Information -m Minimum number of days between password changes -M Maximum number of days during which a password is valid -W Number of days of warning before a password change is required

37 Password Strength/Complexity /etc/pam.d/system-auth pam_cracklib.so module Default Config password requisite /lib/security/$isa/pam_cracklib.so retry=3 3 opportunities to enter the correct password

38 Password Strength/Complexity Option Value Description minlen N The minimum password length difok N The number of characters the new password should differ from the old password dcredit N The number of digits the password should have ucredit N The number of Upper case letter the password should have lcredit N The number of Lower case letter the password should have ocredit N The number of special characters the password should have

39 Linux Firewall Iptables Status Service iptables status Start Service iptables start Stop Service iptables stop Restart Service iptables restart

40 Linux Firewall Mangle Table/Queue Default Filter Table/Queue Forward Chain Input Chain Output Chain NAT Table/Queue Pre-Routing Chain Post-Routing Chain

41 Network Security Hardening /etc/sysctl.conf Option Value Definition net.ipv4.conf.all.rp_filter 1 Disables Routing Triangulation net.ipv4.conf.all.send_redirects 0 Disables Packet Redirects net.ipv4.conf.all.accept_source_route 0 Disables Source Routed Packets net.ipv4.conf.all.log_martians 1 Enabled Logging for packets with malicious IP

42 Network Security Hardening /etc/sysctl.conf Option Value Definition net.ipv4.conf.all.accept_redirects 0 Disables ICMP redirect acceptance net.ipv4.icmp_echo_ignore_broadca sts 1 Disables responding to ping broadcast net.ipv4.tcp_syncookies 1 Protects from DoS attacks

43 Conclusion

44 Questions Raj Ravikumar System Analyst Kyle Snyder CIO, Managing Partner

Automated Drop Ship Order Processing in R12. Kenneth B. Montgomery Senior Business Analyst BizTech kmontgomery@biztech.com Session ID#8636

Automated Drop Ship Order Processing in R12. Kenneth B. Montgomery Senior Business Analyst BizTech kmontgomery@biztech.com Session ID#8636 Automated Drop Ship Order Processing in R12 Kenneth B. Montgomery Senior Business Analyst BizTech kmontgomery@biztech.com Session ID#8636 Please set your cell phones to silent mode. Agenda Introduction

More information

Exploring the Mystery that is AGIS Session ID# -11588

Exploring the Mystery that is AGIS Session ID# -11588 Exploring the Mystery that is AGIS Session ID# -11588 Lee Briggs BizTech Agenda Introductions About Lee Briggs About BizTech Explanation and Discussion of AGIS Sample Configuration in R12 Using AGIS as

More information

Oracle Data Integrators for Beginners. Presented by: Dip Jadawala Company: BizTech Session ID: 9950

Oracle Data Integrators for Beginners. Presented by: Dip Jadawala Company: BizTech Session ID: 9950 Oracle Data Integrators for Beginners Presented by: Dip Jadawala Company: BizTech Session ID: 9950 Please silence your cell phones Overview Introductions Architecture of ODI Topology Manager Designer Operator

More information

Multiperiod Accounting: A User s Guide

Multiperiod Accounting: A User s Guide Multiperiod Accounting: A User s Guide Session ID #11349 Jeannine Suwalski Biztech About Jeannine Suwalski Functional business consultant 4 years experience using Oracle applications Developed Training

More information

Integrating CRM On Demand with the E-Business Suite to Supercharge your Sales Team

Integrating CRM On Demand with the E-Business Suite to Supercharge your Sales Team Integrating CRM On Demand with the E-Business Suite to Supercharge your Sales Team Presented by: Tom Connolly, Jason Lieberman Company: BizTech Session ID: #10351 Overview Introductions Background Web

More information

Creative Accounting: Use of a Project Segment in Your COA

Creative Accounting: Use of a Project Segment in Your COA Creative Accounting: Use of a Project Segment in Your COA Maria Rugerri Accounting Manager Party City Thomas Simkiss COO BizTech Tsimkiss@BizTech.com @BiztechOracle Session: 4983 Agenda About the Preseners

More information

Desktop Integrators You Mean I Can Load Data Straight From a Spreadsheet?

Desktop Integrators You Mean I Can Load Data Straight From a Spreadsheet? Desktop Integrators You Mean I Can Load Data Straight From a Spreadsheet? Lee Briggs Director, Financials Practice BizTech LBriggs@BizTech.com Session ID: 7627 Please set your cell phones to silent mode.

More information

Linux Firewall Wizardry. By Nemus

Linux Firewall Wizardry. By Nemus Linux Firewall Wizardry By Nemus The internet and your server So then what do you protect your server with if you don't have a firewall in place? NetFilter / Iptables http://www.netfilter.org Iptables

More information

Nixu SNS Security White Paper May 2007 Version 1.2

Nixu SNS Security White Paper May 2007 Version 1.2 1 Nixu SNS Security White Paper May 2007 Version 1.2 Nixu Software Limited Nixu Group 2 Contents 1 Security Design Principles... 3 1.1 Defense in Depth... 4 1.2 Principle of Least Privilege... 4 1.3 Principle

More information

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT EIGHT. Ubuntu Security. www.uscyberpatriot.org

AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT EIGHT. Ubuntu Security. www.uscyberpatriot.org AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM UNIT EIGHT Ubuntu Security www.uscyberpatriot.org AIR FORCE ASSOCIATION S CYBERPATRIOT NATIONAL YOUTH CYBER EDUCATION PROGRAM

More information

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users

Linux firewall. Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users Linux firewall Need of firewall Single connection between network Allows restricted traffic between networks Denies un authorized users Linux firewall Linux is a open source operating system and any firewall

More information

Firewalls. Chien-Chung Shen cshen@cis.udel.edu

Firewalls. Chien-Chung Shen cshen@cis.udel.edu Firewalls Chien-Chung Shen cshen@cis.udel.edu The Need for Firewalls Internet connectivity is essential however it creates a threat vs. host-based security services (e.g., intrusion detection), not cost-effective

More information

Security Best Practice

Security Best Practice Security Best Practice Presented by Muhibbul Muktadir Tanim mmtanim@gmail.com 1 Hardening Practice for Server Unix / Linux Windows Storage Cyber Awareness & take away Management Checklist 2 Hardening Server

More information

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT Track 2 Workshop PacNOG 7 American Samoa Firewalling and NAT Core Concepts Host security vs Network security What is a firewall? What does it do? Where does one use it? At what level does it function?

More information

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett

Linux Boot Camp. Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett Linux Boot Camp Our Lady of the Lake University Computer Information Systems & Security Department Kevin Barton Artair Burnett Schedule for the Week Schedule for the Week Mon Welcome from Enrollment Management

More information

CDH installation & Application Test Report

CDH installation & Application Test Report CDH installation & Application Test Report He Shouchun (SCUID: 00001008350, Email: she@scu.edu) Chapter 1. Prepare the virtual machine... 2 1.1 Download virtual machine software... 2 1.2 Plan the guest

More information

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation

Securing your Virtual Datacenter. Part 1: Preventing, Mitigating Privilege Escalation Securing your Virtual Datacenter Part 1: Preventing, Mitigating Privilege Escalation Before We Start... Today's discussion is by no means an exhaustive discussion of the security implications of virtualization

More information

Internet infrastructure. Prof. dr. ir. André Mariën

Internet infrastructure. Prof. dr. ir. André Mariën Internet infrastructure Prof. dr. ir. André Mariën (c) A. Mariën 31/01/2006 Topic Firewalls (c) A. Mariën 31/01/2006 Firewalls Only a short introduction See for instance: Building Internet Firewalls, second

More information

SCP - Strategic Infrastructure Security

SCP - Strategic Infrastructure Security SCP - Strategic Infrastructure Security Lesson 1 - Cryptogaphy and Data Security Cryptogaphy and Data Security History of Cryptography The number lock analogy Cryptography Terminology Caesar and Character

More information

HP IMC Firewall Manager

HP IMC Firewall Manager HP IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW102-20120420 Legal and notice information Copyright 2012 Hewlett-Packard Development Company, L.P. No part of this

More information

Linux Firewalls (Ubuntu IPTables) II

Linux Firewalls (Ubuntu IPTables) II Linux Firewalls (Ubuntu IPTables) II Here we will complete the previous firewall lab by making a bridge on the Ubuntu machine, to make the Ubuntu machine completely control the Internet connection on the

More information

Virtualization Strategy with Oracle VM and Oracle Linux. Bjorn Naessens

Virtualization Strategy with Oracle VM and Oracle Linux. Bjorn Naessens with Oracle VM and Bjorn Naessens Join the buzz: Wifi pass: BANQ Twitter #oracleopenxperience @oopenxperience 2 About me Certifications OVM 2.x/3.x Implementation Specialist 5.x Certified Administrator

More information

Small Systems Solutions is the. Premier Red Hat and Professional. VMware Certified Partner and Reseller. in Saudi Arabia, as well a competent

Small Systems Solutions is the. Premier Red Hat and Professional. VMware Certified Partner and Reseller. in Saudi Arabia, as well a competent T R A I N I N G C O U R S E S T H E # 1 L I N U X A N D O P E N S O U R C E P R O V I D E R I N S A U D I A R A B I A Introd uction to Linux Administra tion Adva nce Linux Ad ministrati on Linux Identity

More information

Developing Network Security Strategies

Developing Network Security Strategies NETE-4635 Computer Network Analysis and Design Developing Network Security Strategies NETE4635 - Computer Network Analysis and Design Slide 1 Network Security Design The 12 Step Program 1. Identify network

More information

Linux Security Ideas and Tips

Linux Security Ideas and Tips Linux Security Ideas and Tips Hugh Brown Sr. Systems Administrator ITS Enterprise Infrastructure University of Iowa October 8, 2014 Hugh Brown (University of Iowa) Linux Security Ideas and Tips October

More information

URL: http://crosswire.org/~jmarsden/talks/hardening-ubuntu/hardening-ubuntu.html

URL: http://crosswire.org/~jmarsden/talks/hardening-ubuntu/hardening-ubuntu.html Hardening Ubuntu Date: 12 Mar 2011 Author: Jonathan Marsden jmarsden@fastmail.fm URL: http://crosswire.org/~jmarsden/talks/hardening-ubuntu/hardening-ubuntu.html Contents Introduction The BASICS (the bare

More information

Chapter 7. Firewalls http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/security-guide/ch-fw.html

Chapter 7. Firewalls http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/security-guide/ch-fw.html Red Hat Docs > Manuals > Red Hat Enterprise Linux Manuals > Red Hat Enterprise Linux 4: Security Guide Chapter 7. Firewalls http://www.redhat.com/docs/manuals/enterprise/rhel-4-manual/security-guide/ch-fw.html

More information

Packet filtering with Iptables

Packet filtering with Iptables CSC-NETLAB Packet filtering with Iptables Group Nr Name1 Name2 Name3 Date Instructor s Signature Table of Contents 1 Goals...2 2 Introduction...3 3 Getting started...3 4 Connecting to the virtual hosts...3

More information

VMware vcenter Log Insight Security Guide

VMware vcenter Log Insight Security Guide VMware vcenter Log Insight Security Guide vcenter Log Insight 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Security principles Firewalls and NAT

Security principles Firewalls and NAT Security principles Firewalls and NAT These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Host vs Network

More information

VMware vcenter Log Insight Security Guide

VMware vcenter Log Insight Security Guide VMware vcenter Log Insight Security Guide vcenter Log Insight 2.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Oracle Linux Strategy and Roadmap

Oracle Linux Strategy and Roadmap Oracle Linux Strategy and Roadmap Michele Resta, Director Alliances, Oracle 1 Copyright 2011, Oracle and/or its affiliates. All rights reserved. Insert Information Protection Policy Classification from

More information

IBM WebSphere Application Server Version 7.0

IBM WebSphere Application Server Version 7.0 IBM WebSphere Application Server Version 7.0 Centralized Installation Manager for IBM WebSphere Application Server Network Deployment Version 7.0 Note: Before using this information, be sure to read the

More information

Auditing and Hardening Unix Systems Using CIS benchmarks on SUSE Linux

Auditing and Hardening Unix Systems Using CIS benchmarks on SUSE Linux Auditing and Hardening Unix Systems Using CIS benchmarks on SUSE Linux André Carrington, P.Eng, CISSP, CISM Unix experience: 13 years SunOS; NeXTSTEP; Sun Interactive; Wyse Unix; BSD; Solaris; QNX; HP-UX;

More information

RemotelyAnywhere. Security Considerations

RemotelyAnywhere. Security Considerations RemotelyAnywhere Security Considerations Table of Contents Introduction... 3 Microsoft Windows... 3 Default Configuration... 3 Unused Services... 3 Incoming Connections... 4 Default Port Numbers... 4 IP

More information

Solaris For The Modern Data Center. Taking Advantage of Solaris 11 Features

Solaris For The Modern Data Center. Taking Advantage of Solaris 11 Features Solaris For The Modern Data Center Taking Advantage of Solaris 11 Features JANUARY 2013 Contents Introduction... 2 Patching and Maintenance... 2 IPS Packages... 2 Boot Environments... 2 Fast Reboot...

More information

<Insert Picture Here>

<Insert Picture Here> 1 Session 254 Installing and Tuning Oracle 11.2.0.3 on RedHat 6 on Linux on IBM System z Collaborate13 April 7-11 2013, Denver, Colorado Damian Gallagher Senior Technical Lead, Linux

More information

Securing Linux Servers

Securing Linux Servers Securing Linux Servers Best Practice Document Produced by the AMRES-led working group on Security Authors: M. Kukoleča (AMRES), M. Zdravković (RCUB), I. Ivanović October 2014 TERENA 2014 All rights reserved.

More information

SECURELINK.COM REMOTE SUPPORT NETWORK

SECURELINK.COM REMOTE SUPPORT NETWORK REMOTE SUPPORT NETWORK I. INTRODUCTION EXECUTIVE SUMMARY MANAGING REMOTE SUPPORT IN A SECURE ENVIRONMENT Enterprise software vendors strive to maximize support efficiency log on to the customer system,

More information

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup

1:1 NAT in ZeroShell. Requirements. Overview. Network Setup 1:1 NAT in ZeroShell Requirements The version of ZeroShell used for writing this document is Release 1.0.beta11. This document does not describe installing ZeroShell, it is assumed that the user already

More information

+ iptables. packet filtering && firewall

+ iptables. packet filtering && firewall + iptables packet filtering && firewall + what is iptables? iptables is the userspace command line program used to configure the linux packet filtering ruleset + a.k.a. firewall + iptable flow chart what?

More information

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN Firewall IPTables and its use in a realistic scenario FEUP MIEIC SSIN José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 Topics 1- Firewall 1.1 - How they work? 1.2 - Why use them? 1.3 - NAT

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Module II. Internet Security. Chapter 6. Firewall. Web Security: Theory & Applications. School of Software, Sun Yat-sen University

Module II. Internet Security. Chapter 6. Firewall. Web Security: Theory & Applications. School of Software, Sun Yat-sen University Module II. Internet Security Chapter 6 Firewall Web Security: Theory & Applications School of Software, Sun Yat-sen University Outline 6.1 Introduction to Firewall What Is a Firewall Types of Firewall

More information

Security in the Sauce Labs Cloud

Security in the Sauce Labs Cloud SAUCE LABS REPORT Security in the Sauce Labs Cloud Practices and protocols used in Sauce s infrastructure and Sauce Connect Overview It s impossible to deny that in this day and age internet security should

More information

Stateful Inspection Technology

Stateful Inspection Technology Stateful Inspection Technology Security Requirements TECH NOTE In order to provide robust security, a firewall must track and control the flow of communication passing through it. To reach control decisions

More information

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration Linux Server Support by Applied Technology Research Center Proxy Server Configuration We configure squid for your LAN. Including transparent for HTTP and proxy for HTTPS. We also provide basic training

More information

Automated Deployment of Oracle RAC Using Enterprise Manager Provisioning Pack

Automated Deployment of Oracle RAC Using Enterprise Manager Provisioning Pack Automated Deployment of Oracle RAC Using Enterprise Manager Provisioning Pack By Kai Yu As a part of the Oracle Enterprise Manager s lifecycle management solutions, the Oracle Enterprise Manager Provisioning

More information

Netfilter. GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic. January 2008

Netfilter. GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic. January 2008 Netfilter GNU/Linux Kernel version 2.4+ Setting up firewall to allow NIS and NFS traffic January 2008 Netfilter Features Address Translation S NAT, D NAT IP Accounting and Mangling IP Packet filtering

More information

Syncplicity On-Premise Storage Connector

Syncplicity On-Premise Storage Connector Syncplicity On-Premise Storage Connector Implementation Guide Abstract This document explains how to install and configure the Syncplicity On-Premise Storage Connector. In addition, it also describes how

More information

Securing Your OpenSSH Server (Document v1 13 August 2008)

Securing Your OpenSSH Server (Document v1 13 August 2008) Securing Your OpenSSH Server (Document v1 13 August 2008) Introduction Since brute force attacks against SSH servers are widely carried out, especially by means of automated scripts, you need to harden

More information

STERLING SECURE PROXY. Raj Kumar Integration Management, Inc. Raj.Kumar@integrationmgmt.com

STERLING SECURE PROXY. Raj Kumar Integration Management, Inc. Raj.Kumar@integrationmgmt.com STERLING SECURE PROXY Raj Kumar Integration Management, Inc. Raj.Kumar@integrationmgmt.com Agenda Terminology Proxy Definition Sterling Secure Proxy Overview Architecture Components Architecture Diagram

More information

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Copyright 2013, Oracle and/or its affiliates. All rights reserved. 1 Security Inside-Out with Oracle Database 12c Denise Mallin, CISSP Oracle Enterprise Architect - Security The following is intended to outline our general product direction. It is intended for information

More information

Assignment 3 Firewalls

Assignment 3 Firewalls LEIC/MEIC - IST Alameda ONLY For ALAMEDA LAB equipment Network and Computer Security 2013/2014 Assignment 3 Firewalls Goal: Configure a firewall using iptables and fwbuilder. 1 Introduction This lab assignment

More information

Red Hat Enterprise Linux 6. Stanislav Polášek ELOS Technologies sp@elostech.cz

Red Hat Enterprise Linux 6. Stanislav Polášek ELOS Technologies sp@elostech.cz Stanislav Polášek ELOS Technologies sp@elostech.cz Red Hat - an Established Global Leader Compiler Development Identity & Authentication Storage & File Systems Middleware Kernel Development Virtualization

More information

Secure Network Filesystem (Secure NFS) By Travis Zigler

Secure Network Filesystem (Secure NFS) By Travis Zigler Secure Network Filesystem (Secure NFS) By Travis Zigler Overview of Secure NFS Problems with NFS Security of Basic NFS Configurations Securing NFS with SSH Tutorial Securing NFS with SSL Overview Conclusions

More information

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise

More information

Oracle Solaris: Aktueller Stand und Ausblick

Oracle Solaris: Aktueller Stand und Ausblick Oracle Solaris: Aktueller Stand und Ausblick Detlef Drewanz Principal Sales Consultant, EMEA Server Presales The following is intended to outline our general product direction. It

More information

Protecting and controlling Virtual LANs by Linux router-firewall

Protecting and controlling Virtual LANs by Linux router-firewall Protecting and controlling Virtual LANs by Linux router-firewall Tihomir Katić Mile Šikić Krešimir Šikić Faculty of Electrical Engineering and Computing University of Zagreb Unska 3, HR 10000 Zagreb, Croatia

More information

Password Security Module 8

Password Security Module 8 Password Security Air Force Association s CyberPatriot The National High School Cyber Defense Competition Module 8 Password Security Module 8 Unix GCCS Operating Definitions Patching Timeline System Explain

More information

What s New in MySQL 5.7 Security Georgi Joro Kodinov Team Lead MySQL Server General Team

What s New in MySQL 5.7 Security Georgi Joro Kodinov Team Lead MySQL Server General Team What s New in MySQL 5.7 Security Georgi Joro Kodinov Team Lead MySQL Server General Team Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

Attachment E. RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive.

Attachment E. RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive. Attachment E RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive. Questions Support for Information Security 1. The Supplier

More information

Avnet Guide to Oracle: Oracle Linux

Avnet Guide to Oracle: Oracle Linux Accelerating Your Success TM Avnet Guide to Oracle: Oracle Linux Avnet Technology Solutions Oracle Business Unit Oracle Linux Webinar Accelerating Your Success TM Overview Welcome and Introduction Why

More information

Monitoring Clearswift Gateways with SCOM

Monitoring Clearswift Gateways with SCOM Technical Guide Version 01 28/11/2014 Documentation Information File Name Document Author Document Filename Monitoring the gateways with _v1.docx Iván Blesa Monitoring the gateways with _v1.docx Issue

More information

Network Infrastructure Security Recommendations

Network Infrastructure Security Recommendations Hardening Red Hat Enterprise Linux Ensure that file systems with user-writeable directories (ie /home, /tmp, /var/tem) are mounted on separate partitions. Ensure updates are applied as soon as they become

More information

SERVER HARDENING. Presented by: Daniel Waymel and Corrin Thompson at TexSAW 2014 at the University of Texas at Dallas

SERVER HARDENING. Presented by: Daniel Waymel and Corrin Thompson at TexSAW 2014 at the University of Texas at Dallas SERVER HARDENING Presented by: Daniel Waymel and Corrin Thompson at TexSAW 2014 at the University of Texas at Dallas OUTLINE Intro Securing Your Access Restricting Unwanted Access Monitoring and Alerts

More information

Oracle Security on Windows

Oracle Security on Windows Introduction - commercial slide. UKOUG Windows SIG, September 25 th 2007 Oracle Security on Windows By Pete Finnigan Written Friday, 07 September 2007 Founded February 2003 CEO Pete Finnigan Clients UK,

More information

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS Server virtualization offers tremendous benefits for enterprise IT organizations server

More information

Stratusphere Solutions

Stratusphere Solutions Stratusphere Solutions Security Overview Introduction This guide has been authored by experts at Liquidware Labs in order to provide a security overview of Liquidware Labs Stratusphere product, the leading

More information

DEPLOYMENT GUIDE Version 1.1. Configuring BIG-IP WOM with Oracle Database Data Guard, GoldenGate, Streams, and Recovery Manager

DEPLOYMENT GUIDE Version 1.1. Configuring BIG-IP WOM with Oracle Database Data Guard, GoldenGate, Streams, and Recovery Manager DEPLOYMENT GUIDE Version 1.1 Configuring BIG-IP WOM with Oracle Database Data Guard, GoldenGate, Streams, and Recovery Manager Table of Contents Table of Contents Configuring BIG-IP WOM with Oracle Database

More information

OpenSSH: Secure Shell

OpenSSH: Secure Shell OpenSSH: Secure Shell Remote console access Campus-Booster ID : **XXXXX www.supinfo.com Copyright SUPINFO. All rights reserved OpenSSH: Secure Shell Your trainer Presenter s Name Title: **Enter title or

More information

Preparing for the Installation

Preparing for the Installation CHAPTER 3 This section describes how to set up the environment for installation. To ensure a successful installation, use the checklist provided in Installation Scenarios and Checklists, page 1-3 for the

More information

Securing Data in Oracle Database 12c

Securing Data in Oracle Database 12c Securing Data in Oracle Database 12c Thomas Kyte http://asktom.oracle.com/ Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes

More information

Enabling Remote Access to the ACE

Enabling Remote Access to the ACE CHAPTER 2 This chapter describes how to configure remote access to the Cisco Application Control Engine (ACE) module by establishing a remote connection by using the Secure Shell (SSH) or Telnet protocols.

More information

Using Likewise Enterprise to Boost Compliance with Sarbanes-Oxley

Using Likewise Enterprise to Boost Compliance with Sarbanes-Oxley Likewise Enterprise Using Likewise Enterprise to Boost Compliance with Sarbanes-Oxley IMPROVE SOX COMPLIANCE WITH CENTRALIZED ACCESS CONTROL AND AUTHENTICATION With Likewise Enterprise, you get one user,

More information

Railo Installation on CentOS Linux 6 Best Practices

Railo Installation on CentOS Linux 6 Best Practices Railo Installation on CentOS Linux 6 Best Practices Purpose: This document is intended for system administrators who want to deploy their Mura CMS, Railo, Tomcat, and JRE stack in a secure but easy to

More information

Deploying F5 to Replace Microsoft TMG or ISA Server

Deploying F5 to Replace Microsoft TMG or ISA Server Deploying F5 to Replace Microsoft TMG or ISA Server Welcome to the F5 deployment guide for configuring the BIG-IP system as a forward and reverse proxy, enabling you to remove or relocate gateway security

More information

GroupWise SMTP Infrastructure Design:

GroupWise SMTP Infrastructure Design: Managing an Enterprise Series : GWIA configuration and use Lawrence Kearney Enterprise and Workgroup Service Analyst lawrence.kearney@earthlink.net http://www.lawrencekearney.com Session Agenda Discussion

More information

MySQL Strategy. Morten Andersen, MySQL Enterprise Sales. Copyright 2014 Oracle and/or its affiliates. All rights reserved.

MySQL Strategy. Morten Andersen, MySQL Enterprise Sales. Copyright 2014 Oracle and/or its affiliates. All rights reserved. MySQL Strategy Morten Andersen, MySQL Enterprise Sales Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not

More information

Hardware and Software Requirements for Installing California.pro

Hardware and Software Requirements for Installing California.pro Hardware and Requirements for Installing California.pro This document lists the hardware and software requirements to install and run California.pro. Workstation with SQL Server Recommended: 64-Bit Windows

More information

6WRUP:DWFK. Policies for Dedicated SQL Servers Group

6WRUP:DWFK. Policies for Dedicated SQL Servers Group OKENA 71 Second Ave., 3 rd Floor Waltham, MA 02451 Phone 781 209 3200 Fax 781 209 3199 6WRUP:DWFK Policies for Dedicated SQL Servers Group The sample policies shipped with StormWatch address both application-specific

More information

McAfee.com Personal Firewall

McAfee.com Personal Firewall McAfee.com Personal Firewall 1 Table of Contents Table of Contents...2 Installing Personal Firewall...3 Configuring Personal Firewall and Completing the Installation...3 Configuring Personal Firewall...

More information

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data

Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Oracle Solaris Security: Mitigate Risk by Isolating Users, Applications, and Data Will Fiveash presenter, Darren Moffat author Staff Engineer Solaris Kerberos Development Safe Harbor Statement The following

More information

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p. Preface p. ix Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p. 6 Common Linux Features p. 8 Primary Advantages

More information

Guide. Operating System Security Hardening Guide for SAP HANA. Developed for SAP HANA Running on SUSE Linux Enterprise Server. Solution Guide Server

Guide. Operating System Security Hardening Guide for SAP HANA. Developed for SAP HANA Running on SUSE Linux Enterprise Server. Solution Guide Server Operating System Security Hardening Guide for SAP HANA Developed for SAP HANA Running on SUSE Linux Enterprise Server Guide wwwsusecom Solution Guide Server Table of Contents page Introduction 2 SUSE Linux

More information

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client Astaro Security Gateway V8 Remote Access via SSL Configuring ASG and Client 1. Introduction This guide contains complementary information on the Administration Guide and the Online Help. If you are not

More information

Building Oracle Grid with Oracle VM on Blade Servers and iscsi Storage. Kai Yu Dell Oracle Solutions Engineering

Building Oracle Grid with Oracle VM on Blade Servers and iscsi Storage. Kai Yu Dell Oracle Solutions Engineering Building Oracle Grid with Oracle VM on Blade Servers and iscsi Storage Kai Yu Dell Oracle Solutions Engineering About Author Kai Yu 15 years with Oracle technology, specialized in Oracle Grid/RAC, Oracle

More information

SonicWALL Advantages Over WatchGuard

SonicWALL Advantages Over WatchGuard Competitive Analysis August 2001 WatchGuard SOHO - Product Overview WatchGuard Technologies extended its product offerings to the fast-growing broadband market through the acquisition of BeadleNet, LLC,

More information

GPFS and Remote Shell

GPFS and Remote Shell GPFS and Remote Shell Yuri Volobuev GPFS Development Ver. 1.1, January 2015. Abstract The use of a remote shell command (e.g. ssh) by GPFS is one of the most frequently misunderstood aspects of GPFS administration,

More information

Linux Security on HP Servers: General Security Topics. Abstract. Intended Audience

Linux Security on HP Servers: General Security Topics. Abstract. Intended Audience Linux Security on HP Servers: General Security Topics Technical introduction This white paper discusses general security technologies available in Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise

More information

Install and Configure SQL Server Database Software Interview Questions and Answers

Install and Configure SQL Server Database Software Interview Questions and Answers Written by Zakir Hossain, CS Graduate (OSU) CEO, Data Group Fed Certifications: PFA (Programming Foreign Assistance), COR (Contracting Officer), AOR (Assistance Officer) Oracle Certifications: OCP (Oracle

More information

An Enterprise Perspective on Cloud Innovation. Andy Brown UBS Group CTO Client Facing Technologies CIO

An Enterprise Perspective on Cloud Innovation. Andy Brown UBS Group CTO Client Facing Technologies CIO An Enterprise Perspective on Cloud Innovation Andy Brown UBS Group CTO Client Facing Technologies CIO UBS: One of the leading financial firms UBS draws on its 150-year heritage to serve private, institutional

More information

Operating System Security Hardening for SAP HANA

Operating System Security Hardening for SAP HANA Operating System Security Hardening for SAP HANA Peter Schinagl Technical Architect Global SAP Alliance peters@suse.com Markus Gürtler Architect & Technical Manager SAP Linux Lab mguertler@suse.com Corporate

More information

8 steps to protect your Cisco router

8 steps to protect your Cisco router 8 steps to protect your Cisco router Daniel B. Cid daniel@underlinux.com.br Network security is a completely changing area; new devices like IDS (Intrusion Detection systems), IPS (Intrusion Prevention

More information

Network security Exercise 9 How to build a wall of fire Linux Netfilter

Network security Exercise 9 How to build a wall of fire Linux Netfilter Network security Exercise 9 How to build a wall of fire Linux Netfilter Tobias Limmer Computer Networks and Communication Systems Dept. of Computer Sciences, University of Erlangen-Nuremberg, Germany 14.

More information

Network Access Security. Lesson 10

Network Access Security. Lesson 10 Network Access Security Lesson 10 Objectives Exam Objective Matrix Technology Skill Covered Exam Objective Exam Objective Number Firewalls Given a scenario, install and configure routers and switches.

More information

CloudPassage Halo Technical Overview

CloudPassage Halo Technical Overview TECHNICAL BRIEF CloudPassage Halo Technical Overview The Halo cloud security platform was purpose-built to provide your organization with the critical protection, visibility and control needed to assure

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24 Introduction to Computer Networks Lecture24 Network security (continued) Key distribution Secure Shell Overview Authentication Practical issues Firewalls Denial of Service Attacks Definition Examples Key

More information