Scribd Logo
Upload

Welcome to Scribd!

  • DMZ

    Uploaded by

    Naveen Kumar
    92 views2 pages
    Security is becoming increasingly important as more and more Internet-accessible applications are developed and deployed. Sites must deploy firewalls, reverse proxy servers, and other la nding servers to defend against attackers whom th ey have little chance of locating or punishing. Firewalls ensure that if intrusion attempts against machines in The DMZ are successful, the intrusion is contained within The DMZ. The main benefit of a properly-configured DMZ is better sec urity.

    Original Description:

    Original Title

    dmz

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Security is becoming increasingly important as more and more Internet-accessible applications are developed and deployed. Sites must deploy firewalls, reverse proxy servers, and other la nding servers to defend against attackers whom th ey have little chance of locating or punishing. Firewalls ensure that if intrusion attempts against machines in The DMZ are successful, the intrusion is contained within The DMZ. The main benefit of a properly-configured DMZ is better sec urity.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    92 views2 pages

    DMZ

    Uploaded by

    Naveen Kumar
    Security is becoming increasingly important as more and more Internet-accessible applications are developed and deployed. Sites must deploy firewalls, reverse proxy servers, and other la nding servers to defend against attackers whom th ey have little chance of locating or punishing. Firewalls ensure that if intrusion attempts against machines in The DMZ are successful, the intrusion is contained within The DMZ. The main benefit of a properly-configured DMZ is better sec urity.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    287176.

    1 ----- Oracle Applications 11i DMZ Configuration document


    ========================
    Security is becoming increasingly important as more and more Internet-accessible
    applications are developed and deployed.
    - Internet-accessible sites must now defend themselves against attackers whom th
    ey have little chance of locating or punishing.
    These sites must therefore deploy firewalls, reverse proxy servers, and other la
    nding servers to defend against determined attacks
    by highly skilled and knowledgeable people. In addition to enhanced security req
    uirements, Internet-accessible applications often need
    to conform to higher scalability and availability as these may be accessed by us
    ers 24x7 from different parts of the globe.
    When configuring Oracle E-Business Suite in a DMZ configuration, firewalls are d
    eployed at various levels as shown in Figure F2 to ensure that only
    the traffic that the architecture expects is allowed to cross the firewall bound
    aries.
    The firewalls ensure that if intrusion attempts against machines in the DMZ are
    successful,
    the intrusion is contained within the DMZ and the machines in the intranet are n
    ot affected.
    To make Oracle E-Business Suite modules as secure as possible, the following tas
    ks may need to be performed.
    Use of separate web node for external usage
    Setting of server level profile values
    Associate trust levels to application middle tier nodes
    Mark a subset of responsibilities as available on an external web node
    Deploy a Reverse proxy in front of the external web node
    Configuring a URL firewall and mod security in the reverse proxy
    Run only the required Oracle E-Business Suite Application services on the extern
    al web tier

    The DMZ, which stands for DeMilitarized Zone consists of the portions of a corpo
    rate network that are between the corporate intranet and the Internet. The DMZ c
    an be a simple one segment LAN or it can be broken down into multiple regions as
    shown in Figure F2. The main benefit of a properly-configured DMZ is better sec
    urity: in the event of a security breach, only the area contained within the DMZ
    is exposed to potential damage, while the corporate intranet remains somewhat p
    rotected.
    Configuring Oracle E-Business Suite 11i in DMZ
    ===============================================
    Update Node Trust Level
    -------------------------
    Currently, three trust levels are supported:
    Administrative
    Servers marked as Administrative are typically those used exclusively by system
    administrators. These servers are considered secure and provide access to any an
    d all E-Business Suite functions.
    Normal
    Servers marked as Normal are those used by employees within a company s firewall.
    Users logging in from normal servers have access to only a limited set of respon
    sibilities.
    External
    Servers marked as External are those used by customers or employees outside of a
    company s firewall. These servers have access to an even smaller set of responsib
    ilities.
    The default value for this profile option for all E-Business Suite middle tiers
    is set to Normal.
    Identify the external web tier in your Oracle E-business Suite 11i environment a
    nd set the NODE_TRUST_LEVEL profile option value at the server level to External
    .
    Update List of Responsibilities
    --------------------------------
    To change the value of the Responsibility Trust Level profile option at the resp
    onsibility level for a particular responsibility to external for using via exter
    nal site. ..

    Update Home Page Mode to Framework


    -----------------------------------
    The new Oracle E-Business Suite 11i Home page based on the Oracle Applications F
    ramework architecture is required for the deployment of the Oracle E-Business Su
    ite in a DMZ configuration. To enable this, apply the required patches mentioned
    in Section 4 and set the self-service personal home page mode to "Framework Onl
    y" as shown in the diagram below.

    Configuration Details for Using Reverse Proxies in DMZ


    --------------------------------------------------------
    set the webentry point, s_webentryhost, to the reverse proxy server.
    set the webentry domain, s_webentrydomain, to the domain name of the reverse pro
    xy server.
    set the active webport, s_active_webport, to the port where the reverse proxy se
    rver listen for client requests. For example port 80 for HTTP or 443 for HTTPS.
    set the webentry protocol, s_webentryurlprotocol, to the protocol value the clie
    nts use to access the reverse proxy server.
    set the login page, s_login_page, to ://.:. Replace , , , and with their respect
    ive values.

    Configuring the URL Firewall


    -----------------------------
    The purpose of the URL Firewall is to ensure that only URLs required for the ext
    ernally exposed functionality can be accessed from the internet.
    The URL firewall is implemented as a whitelist list of URLs required; any URL re
    quest that is not matched in the whitelist list is refused. This will limit the
    exposure of your Oracle E-Business Suite deployment by reducing the attack surf
    ace available to external parties.

    To implement the URL Firewall configuration on the reverse proxy server, copy ur
    l_fw.conf from $IAS_CONFIG_HOME/Apache/Apache/conf/url_fw.conf on the external m
    idtier to the reverse proxy host.

    You might also like