Oracle UCM Security: Challenges and Best Practices


Published on

Information on how to "harden" your content server to make it less susceptible to security attacks. Covers risks, vulnerabilities, and countermeasures.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Five kinds possible threats. Remember – a threat is a person. That 70% stat is probably meaningless, because there just isn’t enough hard evidence. Its true that 70% of identity thieves are insiders (Identity Theft Resource Center)... but only 30% of corporations have admitted firing somebody because of violating security practices (IDC's 2004 Security Survey ).
  • Im not a huge fan of biometrics. You should have access keys first, add passwords to the keys for extra security, and add biometrics as a last resort. It helps, but only a little. And management is a pain. If somebody copies your password, you can make a new password. If somebody copies your thumbprint, you cant make a new thumb!
  • Oracle UCM Security: Challenges and Best Practices

    1. 1. UCM Security: Challenges and Best Practices Brian “Bex” Huff Chief Software Architect
    2. 2. Purpose <ul><li>Outline what you need to protect your content </li></ul><ul><ul><li>How UCM fits into your security policy </li></ul></ul><ul><ul><li>Use risk-management to minimize cost </li></ul></ul><ul><li>Discuss risks and known vulnerabilities </li></ul><ul><ul><li>General network briefly, UCM in detail </li></ul></ul><ul><li>Present countermeasures to mitigate risks </li></ul><ul><ul><li>General network briefly, UCM in detail </li></ul></ul>
    3. 3. Brief History of Internet Security <ul><li>Early days </li></ul><ul><ul><li>Little security except governments, banks, and telcos </li></ul></ul><ul><ul><li>Most software was far too trusting </li></ul></ul><ul><li>First virus (1983), worm (1988), and trojan (1200 BC) </li></ul><ul><ul><li>Networks must defend against malware </li></ul></ul><ul><ul><li>Sparked battle between cryptographers and US government </li></ul></ul><ul><li>Tech boom: </li></ul><ul><ul><li> </li></ul></ul><ul><ul><li>Spent on security, but didn’t understand it </li></ul></ul><ul><li>Tech bust </li></ul><ul><ul><li>All projects must justify expense, security was neglected </li></ul></ul>
    4. 4. Brief History of Internet Security, cont. <ul><li>Today </li></ul><ul><ul><li>Little security except governments, banks, and telcos </li></ul></ul><ul><li>The Future </li></ul><ul><ul><li>Annoying/disruptive malware is for amateurs </li></ul></ul><ul><ul><li>Intellectual property theft is the future </li></ul></ul><ul><ul><ul><li>Cheap and effective industrial espionage </li></ul></ul></ul><ul><ul><li>Database, file server, web-based CMS are next targets </li></ul></ul><ul><ul><li>Popularity of web services (SOAP, ReST) lead to new attack forms </li></ul></ul>
    5. 5. Cyber Crime Statistics <ul><li>Affected 55 million Americans in 2005 (USA Today) </li></ul><ul><li>Yearly costs estimates vary wildly </li></ul><ul><ul><li>$105 billion (2005, Treasury Department) </li></ul></ul><ul><ul><li>$1 billion (2003, Gartner) </li></ul></ul><ul><li>42% of Americans used internet LESS in 2005 </li></ul><ul><ul><li>Identity theft scares them away (Gartner) </li></ul></ul><ul><li>Customers go elsewhere after security breaches (Ponemon) </li></ul><ul><ul><li>70% would leave after two thefts of customer data </li></ul></ul><ul><ul><li>Each lost customer record lost costs on average: $75 </li></ul></ul>
    6. 6. What Should We Do? <ul><li>Don’t panic! </li></ul><ul><ul><li>100% security neither possible nor cost-effective </li></ul></ul><ul><li>Ultimately, people make your assets secure </li></ul><ul><ul><li>Security products (hardware, software) merely assist </li></ul></ul><ul><ul><li>Make your network defensible , not impregnable </li></ul></ul><ul><li>Consider security like risk management </li></ul><ul><ul><li>Security breaches always possible </li></ul></ul><ul><ul><li>Can lower the odds to zero, but for progressively more money </li></ul></ul><ul><ul><li>Minimize risk, but also keep costs under control </li></ul></ul><ul><li>“ Security is a process, not a product” – Bruce Schneier </li></ul>
    7. 7. Making A Security Plan <ul><li>Determine risks and threats </li></ul><ul><ul><li>Who is attacking you, and why? </li></ul></ul><ul><li>Describe policy required to defend </li></ul><ul><ul><li>Who should be allowed to do what? </li></ul></ul><ul><ul><li>Sarbanes Oxley compliance may also require this </li></ul></ul><ul><li>Analyze vulnerabilities, design countermeasures </li></ul><ul><ul><li>Cover all aspects: Protection , Detection , Reaction </li></ul></ul>
    8. 8. 1) Determine Threats and Risks <ul><li>Definition of Risk </li></ul><ul><ul><li>Probability and effects of a harmful event </li></ul></ul><ul><ul><li>Risk = Threat x Vulnerability x Impact </li></ul></ul><ul><ul><li>Threat: person with skills and motive to leverage vulnerability </li></ul></ul><ul><li>Standard Consumers – LOW Risk </li></ul><ul><ul><li>Customers, partners, site visitors, Google, competitors </li></ul></ul><ul><ul><li>Using leaked information against you </li></ul></ul><ul><li>Contributors – MEDIUM Risk </li></ul><ul><ul><li>Typical employees, Site Studio contributors </li></ul></ul><ul><ul><li>Information leakage, bad passwords, malicious content </li></ul></ul>
    9. 9. 1) Determine Threats and Risks, cont. <ul><li>Administrators – HIGH Risk </li></ul><ul><ul><li>Site maintainer </li></ul></ul><ul><ul><li>Setting security improperly, stealing content, clearing log files </li></ul></ul><ul><li>Developers – HIGH Risk </li></ul><ul><ul><li>Component, fragment, or portal designers </li></ul></ul><ul><ul><li>Creating insecure code on your system </li></ul></ul><ul><li>Unauthorized Users – HIGHEST Risk </li></ul><ul><ul><li>Hackers, malware, ex-employees, differs based on organization </li></ul></ul><ul><li>Oft cited stat: 70% of attacks are insiders </li></ul>
    10. 10. 2) Determine Security Policy <ul><li>Specifics depend on organizational needs </li></ul><ul><li>Enterprise network policy </li></ul><ul><ul><li>General process for users, administrators, applications </li></ul></ul><ul><ul><li>Most likely you have one already </li></ul></ul><ul><li>Content Server specific policies </li></ul><ul><ul><li>Who is allowed to view/change each type of content? </li></ul></ul><ul><ul><li>When is content fit for consumption? </li></ul></ul><ul><ul><li>Do contributors need access to scripting languages? </li></ul></ul><ul><ul><ul><li>JSP, ASP, ASP.NET, JavaScript </li></ul></ul></ul><ul><ul><li>Which add-ons and components are secure? </li></ul></ul>
    11. 11. 3) Vulnerabilities and Countermeasures <ul><li>Protection, Detection, Reaction </li></ul><ul><li>Check vulnerabilities common to all networked systems </li></ul><ul><ul><li>Security holes in OS, web server, database </li></ul></ul><ul><ul><li>Bad passwords, eavesdropping, malware </li></ul></ul><ul><ul><li>Evil developers and administrators </li></ul></ul><ul><ul><li>Probably addressed in your current security policy </li></ul></ul><ul><li>Vulnerabilities common to web apps </li></ul><ul><ul><li>Cross Site Scripting ( XSS ) </li></ul></ul><ul><ul><li>Information leakage </li></ul></ul>
    12. 12. Vulnerabilities in Oracle UCM <ul><li>Java-based, so “immune” to buffer overflows </li></ul><ul><li>Primary vulnerabilities in interfaces </li></ul><ul><ul><li>Connection to authentication engine </li></ul></ul><ul><ul><ul><li>Web server, portal server, LDAP </li></ul></ul></ul><ul><ul><li>Database connections (SQL injection) </li></ul></ul><ul><ul><li>Administrative tools can impersonate users </li></ul></ul><ul><li>Contributors uploading insecure content </li></ul><ul><ul><li>Incorrect security group </li></ul></ul><ul><ul><li>Malicious ASP / JSP / JavaScript / HTML Forms </li></ul></ul><ul><li>Insecure components </li></ul><ul><ul><li>Especially when they connect to remote systems </li></ul></ul>
    13. 13. Protection - High Risk Vulnerabilities <ul><li>Important regardless of your organization </li></ul><ul><li>General network security </li></ul><ul><li>Cross site scripting </li></ul><ul><li>Malicious content </li></ul><ul><li>Content server access port (4444) </li></ul>
    14. 14. General Network Security <ul><li>Keep software/firmware patches up-to-date </li></ul><ul><ul><li>99% of attacks are known exploits (CERT) </li></ul></ul><ul><li>Vulnerability analysis tools (Nessus, Metasploit) </li></ul><ul><ul><li>Highly flawed, but catches known exploits </li></ul></ul><ul><li>Secure network topology </li></ul><ul><ul><li>Firewall both external and internal attacks (DMZ) </li></ul></ul><ul><ul><li>Minimize required trust and single points of failure </li></ul></ul><ul><li>Restrict physical / shell access </li></ul><ul><li>Virus/Trojan scanners at internet gateway </li></ul><ul><ul><li>Block malicious emails & web downloads </li></ul></ul><ul><ul><li>Cannot trust users to make secure decisions! </li></ul></ul>
    15. 15. Cross-Site Scripting (XSS) <ul><li>HTML & HTTP flexibility very useful: </li></ul><ul><ul><li>Form on my site to submit a Google search </li></ul></ul><ul><ul><li>Click submit, search results displayed in your browser </li></ul></ul><ul><li>But could cause security problems: </li></ul><ul><ul><li>Click submit, content deleted from your server invisible to you </li></ul></ul><ul><li>Attacks can originate from ANYWHERE: </li></ul><ul><ul><li>Form submission, URLs, or simple page loading </li></ul></ul><ul><ul><li>Attacks can be JavaScript, or pure HTML </li></ul></ul><ul><li>Executed with your browser & security credentials </li></ul><ul><ul><li>Hacker tricks you into attacking the server for him </li></ul></ul><ul><ul><li>Advanced attacks with AJAX can hijack your entire browser! </li></ul></ul>
    16. 16. Cross-Site Scripting, cont. <ul><li>Block forms submitted from untrusted sites </li></ul><ul><ul><li>Block insecure HTTP referrers </li></ul></ul><ul><ul><ul><li>Referrer can be spoofed, but in this case it’s useful </li></ul></ul></ul><ul><ul><li>Block malicious URLs: EnableSecuredGets=true </li></ul></ul><ul><ul><li>More flags available in the HtmlPostAuthenticator component </li></ul></ul><ul><li>Scrub XSS attacks from request data </li></ul><ul><ul><li>Use encodeHtml function, and all HtmlDataInput config flags </li></ul></ul><ul><ul><li>Blocks JavaScript in metadata, content, URL parameters </li></ul></ul><ul><ul><li>Vital for anonymous users, might restrict “power users” </li></ul></ul><ul><ul><li>Available in pre-10gr3 as the FilterDataInput component </li></ul></ul><ul><ul><ul><li>Out of the box in 10gr3 </li></ul></ul></ul>
    17. 17. Malicious Content <ul><li>Virus scanner on ucm/vault/~temp directory </li></ul><ul><ul><li>Checks for malicious / careless contributors </li></ul></ul><ul><li>Lock down JSP/ASP contribution to just developers </li></ul><ul><ul><li>Lock down JSP with JspEnabledGroups </li></ul></ul><ul><ul><li>Enable ASP at web server only for specific security folders </li></ul></ul><ul><ul><ul><li>http:// myhost/stellent/groups/scripts / </li></ul></ul></ul><ul><ul><li>Remove secure data from JSPs/ASPs </li></ul></ul><ul><ul><ul><li>Consumers with access to native file can view the source </li></ul></ul></ul><ul><li>Treat malicious HCSP same as malicious HTML </li></ul><ul><ul><li>IdocScript limited to page display for security reasons </li></ul></ul>
    18. 18. Direct UCM Port Access <ul><li>Authentication performed outside of UCM </li></ul><ul><ul><li>Web server authenticates, passes username to port 4444 </li></ul></ul><ul><ul><li>Out of the box, only localhost is trusted </li></ul></ul><ul><ul><li>With dedicated server & trusted admins, fairly safe </li></ul></ul><ul><li>Rogue administrator can impersonate users </li></ul><ul><ul><li>Content Integration Suite ( CIS ), RIDC , IdcCommandUX </li></ul></ul><ul><ul><li>SOAP is safer – password authenticated by web server </li></ul></ul><ul><li>First: block access with firewalls </li></ul><ul><ul><li>Block all but web server and portal server </li></ul></ul><ul><ul><ul><li>Restrict to specific named users if possible </li></ul></ul></ul><ul><ul><li>More safe than just SocketHostAddressSecurityFilter </li></ul></ul>
    19. 19. Direct SCS Port Access, cont. <ul><li>Second: password secure access </li></ul><ul><ul><li>Set ProxyPassword to a large random string </li></ul></ul><ul><ul><li>Web server sends secure authentication token: </li></ul></ul><ul><ul><ul><li>User, hashed user password, IP, time, and ProxyPassword </li></ul></ul></ul><ul><ul><li>Blocks connections without token, including some admin tools </li></ul></ul><ul><ul><ul><li>CIS , RIDC , IdcCommandUX </li></ul></ul></ul><ul><li>Third: encrypt all communication on port 4444 </li></ul><ul><ul><li>Uses SSL Certificates </li></ul></ul><ul><ul><li>For J2EE connections only (CIS/CPS/RIDC) </li></ul></ul><ul><ul><li>Use the SecurityProviders component, and the RIDC Developer’s Guide </li></ul></ul><ul><li>NOTE: depending on version, 2&3 might not be compatible </li></ul>
    20. 20. Protection - Lower Risk Vulnerabilities <ul><li>Less risky, depending on organization and network </li></ul><ul><li>Data leakage </li></ul><ul><li>Eavesdropping </li></ul><ul><li>Passwords </li></ul><ul><li>Hacked database, file server, web server </li></ul>
    21. 21. Data Leakage <ul><li>How much does Google know about you, without even trying? </li></ul><ul><li>Simplify the security model </li></ul><ul><ul><li>Less accidental information leakage </li></ul></ul><ul><ul><li>Use security groups to secure , not to organize! </li></ul></ul><ul><ul><li>Use Profiles / WebDAV to simplify contribution </li></ul></ul><ul><li>Workflows for public facing content </li></ul><ul><li>PDF Watermark, Dynamic Watermark </li></ul><ul><ul><li>Embed the word CONFIDENTIAL in converted PDFs </li></ul></ul><ul><ul><li>Add date and viewer’s name with Dynamic Watermark </li></ul></ul><ul><li>NeedToKnow component </li></ul><ul><ul><li>User can view some metadata, but not content </li></ul></ul>
    22. 22. Eavesdropping <ul><li>Network vulnerable to packet sniffers </li></ul><ul><ul><li>Spy on downloaded content or passwords </li></ul></ul><ul><li>Use SSL (HTTPS) </li></ul><ul><ul><li>Protects passwords and content </li></ul></ul><ul><ul><li>Important for Basic authentication and cookie login </li></ul></ul><ul><ul><ul><li>NTLM authentication is already “encrypted” </li></ul></ul></ul><ul><ul><li>Drawback: performance suffers </li></ul></ul><ul><li>Customizations: use SSL only when needed </li></ul><ul><ul><li>Form-based login with cookies from HTTPS page </li></ul></ul><ul><ul><li>Set up both HTTP and HTTPS ( BrowserUrlPath ) </li></ul></ul><ul><ul><ul><li>Use SSL only for contributors / administrators </li></ul></ul></ul>
    23. 23. Password Hacking <ul><li>Cannot trust users with their passwords </li></ul><ul><ul><li>70% give away passwords for chocolate (BBC) </li></ul></ul><ul><ul><li>Computers getting faster, passwords still 8 letters </li></ul></ul><ul><ul><li>Reused passwords, easily guessed passwords </li></ul></ul><ul><li>Use Single Sign On (SSO) </li></ul><ul><ul><li>NTLM, Active Directory, LDAP, Netegrity SiteMinder </li></ul></ul><ul><ul><li>Eases maintenance of passwords, users, new applications </li></ul></ul><ul><ul><li>Drawback: no login prompt can make XSS worse </li></ul></ul><ul><li>Don’t allow users to know their full access key! </li></ul><ul><ul><li>USB / smart cards with SSL certificates for authentication </li></ul></ul><ul><ul><li>Protect certificate with password </li></ul></ul><ul><ul><ul><li>Add biometrics for more security </li></ul></ul></ul><ul><ul><li>In practice, managing such keys is difficult and time consuming </li></ul></ul><ul><ul><ul><li>If security protocols are tough, people make “back doors” to do their jobs </li></ul></ul></ul>
    24. 24. Hacked Web Server <ul><li>Web server primary target for unauthorized users </li></ul><ul><ul><li>Typically exposed to outside world </li></ul></ul><ul><ul><li>Firewalls help, but don’t stop everything </li></ul></ul><ul><li>Add a reverse proxy for extra security layer </li></ul><ul><ul><li>Run web server on same machine as UCM </li></ul></ul><ul><ul><li>Connect to web server with reverse proxy outside firewall </li></ul></ul><ul><ul><li>If proxy is hacked, UCM is still safe (for now) </li></ul></ul>
    25. 25. Hacked File System <ul><li>Compromise of UCM machine or file server </li></ul><ul><ul><li>If user gains root access, anything is possible </li></ul></ul><ul><li>Use NTLM/Kerberos authentication for Database </li></ul><ul><ul><li>No need to store JdbcPassword </li></ul></ul><ul><ul><li>SQL Server: Use JTDS driver, manual install </li></ul></ul><ul><ul><li>Oracle: Use version-specific thin driver </li></ul></ul><ul><li>Encrypted file system </li></ul><ul><ul><li>Secure the vault , weblayout , search , data directories </li></ul></ul><ul><ul><li>Performance loss, might not work with your web server </li></ul></ul><ul><ul><li>Use FileStoreProviders to encrypt just a handful of items </li></ul></ul>
    26. 26. Database Connections <ul><li>SQL Injection attacks </li></ul><ul><ul><li>Similar to XSS – malicious SQL through hacked web form </li></ul></ul><ul><ul><li>Can take over database through some web applications </li></ul></ul><ul><li>SCS protected by abstraction layer </li></ul><ul><ul><li>SQL in predefined queries, strongly typed parameters </li></ul></ul><ul><li>SCS validates user-submitted data </li></ul><ul><ul><li>Parses dates, numbers, escapes quotes in strings </li></ul></ul><ul><ul><li>Extra parenthesis added if found in query terms </li></ul></ul><ul><li>Reduce table-modification rights of Stellent JDBC user </li></ul><ul><ul><li>Adding metadata, schema, components requires DBA approval </li></ul></ul><ul><ul><li>User-level activity unaffected </li></ul></ul>
    27. 27. Protection - Risks in Customizations <ul><li>Difficult to measure </li></ul><ul><li>Untrusted developer making customizations </li></ul><ul><li>How to make secure components </li></ul><ul><li>Possible security customizations </li></ul>
    28. 28. Malicious Components <ul><li>Difficult to defend against </li></ul><ul><ul><li>Requires complete auditing of code for back-doors </li></ul></ul><ul><li>Install “development” servers </li></ul><ul><ul><li>Protects content against rogue developers </li></ul></ul><ul><ul><li>Components audited and installed by trusted admin </li></ul></ul><ul><li>Block Admin Server component installs </li></ul><ul><ul><li>Restrict to Component Wizard from the console </li></ul></ul><ul><ul><li>AllowUpdateComponentConfig , AllowComponentUpload </li></ul></ul>
    29. 29. Secure Component Tips <ul><li>Validate HTML form data in Java </li></ul><ul><ul><li>JavaScript is handy, but not trustable </li></ul></ul><ul><li>Encode IdocScript variables on pages </li></ul><ul><ul><li>IdocScript functions: js , xml , url , encodeHtml </li></ul></ul><ul><ul><li>Prevents introduction of new XSS attacks </li></ul></ul><ul><li>Use predefined SQL queries, avoid raw SQL </li></ul><ul><ul><li>Predefined queries thwart SQL injection attacks </li></ul></ul><ul><li>Validate all code that is sent to a new server, or new process </li></ul><ul><ul><li>Check all command-line calls for malicious attacks </li></ul></ul><ul><ul><li>Understand your remote system well enough to stop attacks </li></ul></ul>
    30. 30. Secure Component Tips, cont. <ul><li>Use the checkSecurity action in custom services </li></ul><ul><ul><li>Service security flags require dSecurityGroup to be present </li></ul></ul><ul><ul><li>Cannot trust values sent by the user </li></ul></ul><ul><ul><li>First determine dSecurityGroup with SQL query </li></ul></ul><ul><ul><li>Then call checkSecurity action in service </li></ul></ul><ul><li>Be paranoid about malicious usage of custom IdocScript </li></ul><ul><ul><li>Restrict functionality to read-only actions </li></ul></ul><ul><ul><li>Workflow IdocScript allows write actions in special context </li></ul></ul><ul><ul><ul><li>Condition variable allowWorkflowIdocScript </li></ul></ul></ul>
    31. 31. Security Customization Examples <ul><li>Modify security with Java components </li></ul><ul><ul><li>Web security plugins require C++ code </li></ul></ul><ul><li>Allow anonymous user to check in content </li></ul><ul><ul><li>SecurityFilter component in HowToComponents </li></ul></ul><ul><ul><li>Deny general access, allow it for specific requests </li></ul></ul><ul><li>Establish download quotas, or download behavior monitors </li></ul><ul><li>Block certain service calls for consumption servers </li></ul><ul><ul><li>Block SOAP or WebDAV explicitly </li></ul></ul><ul><ul><ul><li>With firewall, or customization </li></ul></ul></ul><ul><ul><li>Block all services except bare essentials ( SS_GET_PAGE ) </li></ul></ul>
    32. 32. Security Customization Examples, cont. <ul><li>Custom validation of metadata and content </li></ul><ul><ul><li>Content Profile rules, or Java filters ( validateStandard ) </li></ul></ul><ul><li>Java User Providers for authentication </li></ul><ul><ul><li>For legacy or atypical authentication protocols </li></ul></ul><ul><li>Custom web authentication </li></ul><ul><ul><li>Custom authentication filters ( SiteMinder , SSL Certificates ) </li></ul></ul><ul><ul><li>Custom tokens for flexible SOAP security </li></ul></ul><ul><ul><li>Block login after 3 bad passwords, if not already a rule in SSO system </li></ul></ul><ul><li>Custom cookie login </li></ul><ul><ul><li>Existing sample version doesn’t have a timeout </li></ul></ul><ul><ul><li>Be sure to hash the username, a timestamp, and a secret </li></ul></ul>
    33. 33. Detection – Network Violations <ul><li>Check logs frequently </li></ul><ul><ul><li>Firewall, intrusion detection, web server </li></ul></ul><ul><ul><li>Sometimes only human eyes catch ‘suspicious’ behavior </li></ul></ul><ul><li>Syndicate access logs to remote servers </li></ul><ul><ul><li>Must compromise several systems to “cover your tracks” </li></ul></ul><ul><li>Intrusion detection systems (Snort, some firewalls) </li></ul><ul><ul><li>Detects known attacks, generally suspicious packets </li></ul></ul>
    34. 34. Detection – UCM Specific <ul><li>Check SCS web logs </li></ul><ul><ul><li>Access violation logged </li></ul></ul><ul><ul><li>Login failures not automatically logged </li></ul></ul><ul><ul><ul><li>Use SSO or custom component </li></ul></ul></ul><ul><li>Content Tracker </li></ul><ul><ul><li>Tracks popularity – who viewed what? </li></ul></ul><ul><ul><li>Check for allowed – but unusual – activity: </li></ul></ul><ul><ul><ul><li>Downloading data before quitting </li></ul></ul></ul><ul><ul><ul><li>Downloading random highly secure data </li></ul></ul></ul><ul><ul><li>Excellent dual-purpose technology </li></ul></ul>
    35. 35. Reaction – Respond to Intrusion <ul><li>Someone someday will bypass all your security </li></ul><ul><ul><li>Reaction depends on business needs </li></ul></ul><ul><ul><ul><li>Block access with firewall? Unplug from network? </li></ul></ul></ul><ul><ul><li>Minimize damage and disruption while you patch </li></ul></ul><ul><li>Establish backup and recovery plans </li></ul><ul><ul><li>Backup all applications and data </li></ul></ul><ul><ul><li>Most high-availability sites have sufficient plans </li></ul></ul><ul><li>Redundancy is primary </li></ul><ul><ul><li>System must survive a crash / compromise of one server </li></ul></ul><ul><ul><li>One compromise shouldn’t lead to several </li></ul></ul>
    36. 36. Reaction – UCM specific <ul><li>Block hacked user accounts </li></ul><ul><ul><li>Supported by some SSO vendors </li></ul></ul><ul><ul><li>Block the administrator at least ( SysadminBlocker ) </li></ul></ul><ul><li>Make database read-only </li></ul><ul><ul><li>Block ‘commit’ rights to Stellent’s JDBC user at the database </li></ul></ul><ul><ul><ul><li>Blocks ALL write activity, possible side effects </li></ul></ul></ul><ul><ul><li>Make Counters table read-only </li></ul></ul><ul><ul><ul><li>Blocks all transactions </li></ul></ul></ul>
    37. 37. Conclusions <ul><li>Oracle UCM less vulnerable than most systems </li></ul><ul><ul><li>Smaller target than operating system, database </li></ul></ul><ul><ul><li>Recommendation: minimize XSS and direct port access </li></ul></ul><ul><ul><li>Others countermeasures as needed </li></ul></ul><ul><li>Which countermeasures to use? </li></ul><ul><ul><li>First, use dual-purpose technology </li></ul></ul><ul><ul><ul><li>SSO, web proxies, Content Tracker </li></ul></ul></ul><ul><ul><li>Second, select those with little cost/drawbacks </li></ul></ul><ul><ul><ul><li>ProxyCredentials , SSL, simplified security model </li></ul></ul></ul><ul><ul><li>Lastly, select those with significant cost/drawbacks </li></ul></ul><ul><ul><ul><li>Scrub JavaScript content, SSL Providers, custom components </li></ul></ul></ul>
    38. 38. Now Available…
    39. 39. <ul><li>My Company: http:// </li></ul><ul><li>My Blog: http:// </li></ul><ul><li>My Self: [email_address] </li></ul>Questions?