Oracle UCM Security: Challenges and Best Practices

18,614 views

Published on

Information on how to "harden" your content server to make it less susceptible to security attacks. Covers risks, vulnerabilities, and countermeasures.

Published in: Technology
0 Comments
7 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
18,614
On SlideShare
0
From Embeds
0
Number of Embeds
3,337
Actions
Shares
0
Downloads
376
Comments
0
Likes
7
Embeds 0
No embeds

No notes for slide
  • Five kinds possible threats. Remember – a threat is a person. That 70% stat is probably meaningless, because there just isn’t enough hard evidence. Its true that 70% of identity thieves are insiders (Identity Theft Resource Center)... but only 30% of corporations have admitted firing somebody because of violating security practices (IDC's 2004 Security Survey ).
  • Im not a huge fan of biometrics. You should have access keys first, add passwords to the keys for extra security, and add biometrics as a last resort. It helps, but only a little. And management is a pain. If somebody copies your password, you can make a new password. If somebody copies your thumbprint, you cant make a new thumb!
  • Oracle UCM Security: Challenges and Best Practices

    1. 1. UCM Security: Challenges and Best Practices Brian “Bex” Huff Chief Software Architect
    2. 2. Purpose <ul><li>Outline what you need to protect your content </li></ul><ul><ul><li>How UCM fits into your security policy </li></ul></ul><ul><ul><li>Use risk-management to minimize cost </li></ul></ul><ul><li>Discuss risks and known vulnerabilities </li></ul><ul><ul><li>General network briefly, UCM in detail </li></ul></ul><ul><li>Present countermeasures to mitigate risks </li></ul><ul><ul><li>General network briefly, UCM in detail </li></ul></ul>
    3. 3. Brief History of Internet Security <ul><li>Early days </li></ul><ul><ul><li>Little security except governments, banks, and telcos </li></ul></ul><ul><ul><li>Most software was far too trusting </li></ul></ul><ul><li>First virus (1983), worm (1988), and trojan (1200 BC) </li></ul><ul><ul><li>Networks must defend against malware </li></ul></ul><ul><ul><li>Sparked battle between cryptographers and US government </li></ul></ul><ul><li>Tech boom: </li></ul><ul><ul><li>http://www.BURN-PILES-OF-MONEY.com </li></ul></ul><ul><ul><li>Spent on security, but didn’t understand it </li></ul></ul><ul><li>Tech bust </li></ul><ul><ul><li>All projects must justify expense, security was neglected </li></ul></ul>
    4. 4. Brief History of Internet Security, cont. <ul><li>Today </li></ul><ul><ul><li>Little security except governments, banks, and telcos </li></ul></ul><ul><li>The Future </li></ul><ul><ul><li>Annoying/disruptive malware is for amateurs </li></ul></ul><ul><ul><li>Intellectual property theft is the future </li></ul></ul><ul><ul><ul><li>Cheap and effective industrial espionage </li></ul></ul></ul><ul><ul><li>Database, file server, web-based CMS are next targets </li></ul></ul><ul><ul><li>Popularity of web services (SOAP, ReST) lead to new attack forms </li></ul></ul>
    5. 5. Cyber Crime Statistics <ul><li>Affected 55 million Americans in 2005 (USA Today) </li></ul><ul><li>Yearly costs estimates vary wildly </li></ul><ul><ul><li>$105 billion (2005, Treasury Department) </li></ul></ul><ul><ul><li>$1 billion (2003, Gartner) </li></ul></ul><ul><li>42% of Americans used internet LESS in 2005 </li></ul><ul><ul><li>Identity theft scares them away (Gartner) </li></ul></ul><ul><li>Customers go elsewhere after security breaches (Ponemon) </li></ul><ul><ul><li>70% would leave after two thefts of customer data </li></ul></ul><ul><ul><li>Each lost customer record lost costs on average: $75 </li></ul></ul>
    6. 6. What Should We Do? <ul><li>Don’t panic! </li></ul><ul><ul><li>100% security neither possible nor cost-effective </li></ul></ul><ul><li>Ultimately, people make your assets secure </li></ul><ul><ul><li>Security products (hardware, software) merely assist </li></ul></ul><ul><ul><li>Make your network defensible , not impregnable </li></ul></ul><ul><li>Consider security like risk management </li></ul><ul><ul><li>Security breaches always possible </li></ul></ul><ul><ul><li>Can lower the odds to zero, but for progressively more money </li></ul></ul><ul><ul><li>Minimize risk, but also keep costs under control </li></ul></ul><ul><li>“ Security is a process, not a product” – Bruce Schneier </li></ul>
    7. 7. Making A Security Plan <ul><li>Determine risks and threats </li></ul><ul><ul><li>Who is attacking you, and why? </li></ul></ul><ul><li>Describe policy required to defend </li></ul><ul><ul><li>Who should be allowed to do what? </li></ul></ul><ul><ul><li>Sarbanes Oxley compliance may also require this </li></ul></ul><ul><li>Analyze vulnerabilities, design countermeasures </li></ul><ul><ul><li>Cover all aspects: Protection , Detection , Reaction </li></ul></ul>
    8. 8. 1) Determine Threats and Risks <ul><li>Definition of Risk </li></ul><ul><ul><li>Probability and effects of a harmful event </li></ul></ul><ul><ul><li>Risk = Threat x Vulnerability x Impact </li></ul></ul><ul><ul><li>Threat: person with skills and motive to leverage vulnerability </li></ul></ul><ul><li>Standard Consumers – LOW Risk </li></ul><ul><ul><li>Customers, partners, site visitors, Google, competitors </li></ul></ul><ul><ul><li>Using leaked information against you </li></ul></ul><ul><li>Contributors – MEDIUM Risk </li></ul><ul><ul><li>Typical employees, Site Studio contributors </li></ul></ul><ul><ul><li>Information leakage, bad passwords, malicious content </li></ul></ul>
    9. 9. 1) Determine Threats and Risks, cont. <ul><li>Administrators – HIGH Risk </li></ul><ul><ul><li>Site maintainer </li></ul></ul><ul><ul><li>Setting security improperly, stealing content, clearing log files </li></ul></ul><ul><li>Developers – HIGH Risk </li></ul><ul><ul><li>Component, fragment, or portal designers </li></ul></ul><ul><ul><li>Creating insecure code on your system </li></ul></ul><ul><li>Unauthorized Users – HIGHEST Risk </li></ul><ul><ul><li>Hackers, malware, ex-employees, differs based on organization </li></ul></ul><ul><li>Oft cited stat: 70% of attacks are insiders </li></ul>
    10. 10. 2) Determine Security Policy <ul><li>Specifics depend on organizational needs </li></ul><ul><li>Enterprise network policy </li></ul><ul><ul><li>General process for users, administrators, applications </li></ul></ul><ul><ul><li>Most likely you have one already </li></ul></ul><ul><li>Content Server specific policies </li></ul><ul><ul><li>Who is allowed to view/change each type of content? </li></ul></ul><ul><ul><li>When is content fit for consumption? </li></ul></ul><ul><ul><li>Do contributors need access to scripting languages? </li></ul></ul><ul><ul><ul><li>JSP, ASP, ASP.NET, JavaScript </li></ul></ul></ul><ul><ul><li>Which add-ons and components are secure? </li></ul></ul>
    11. 11. 3) Vulnerabilities and Countermeasures <ul><li>Protection, Detection, Reaction </li></ul><ul><li>Check vulnerabilities common to all networked systems </li></ul><ul><ul><li>Security holes in OS, web server, database </li></ul></ul><ul><ul><li>Bad passwords, eavesdropping, malware </li></ul></ul><ul><ul><li>Evil developers and administrators </li></ul></ul><ul><ul><li>Probably addressed in your current security policy </li></ul></ul><ul><li>Vulnerabilities common to web apps </li></ul><ul><ul><li>Cross Site Scripting ( XSS ) </li></ul></ul><ul><ul><li>Information leakage </li></ul></ul>
    12. 12. Vulnerabilities in Oracle UCM <ul><li>Java-based, so “immune” to buffer overflows </li></ul><ul><li>Primary vulnerabilities in interfaces </li></ul><ul><ul><li>Connection to authentication engine </li></ul></ul><ul><ul><ul><li>Web server, portal server, LDAP </li></ul></ul></ul><ul><ul><li>Database connections (SQL injection) </li></ul></ul><ul><ul><li>Administrative tools can impersonate users </li></ul></ul><ul><li>Contributors uploading insecure content </li></ul><ul><ul><li>Incorrect security group </li></ul></ul><ul><ul><li>Malicious ASP / JSP / JavaScript / HTML Forms </li></ul></ul><ul><li>Insecure components </li></ul><ul><ul><li>Especially when they connect to remote systems </li></ul></ul>
    13. 13. Protection - High Risk Vulnerabilities <ul><li>Important regardless of your organization </li></ul><ul><li>General network security </li></ul><ul><li>Cross site scripting </li></ul><ul><li>Malicious content </li></ul><ul><li>Content server access port (4444) </li></ul>
    14. 14. General Network Security <ul><li>Keep software/firmware patches up-to-date </li></ul><ul><ul><li>99% of attacks are known exploits (CERT) </li></ul></ul><ul><li>Vulnerability analysis tools (Nessus, Metasploit) </li></ul><ul><ul><li>Highly flawed, but catches known exploits </li></ul></ul><ul><li>Secure network topology </li></ul><ul><ul><li>Firewall both external and internal attacks (DMZ) </li></ul></ul><ul><ul><li>Minimize required trust and single points of failure </li></ul></ul><ul><li>Restrict physical / shell access </li></ul><ul><li>Virus/Trojan scanners at internet gateway </li></ul><ul><ul><li>Block malicious emails & web downloads </li></ul></ul><ul><ul><li>Cannot trust users to make secure decisions! </li></ul></ul>
    15. 15. Cross-Site Scripting (XSS) <ul><li>HTML & HTTP flexibility very useful: </li></ul><ul><ul><li>Form on my site to submit a Google search </li></ul></ul><ul><ul><li>Click submit, search results displayed in your browser </li></ul></ul><ul><li>But could cause security problems: </li></ul><ul><ul><li>Click submit, content deleted from your server invisible to you </li></ul></ul><ul><li>Attacks can originate from ANYWHERE: </li></ul><ul><ul><li>Form submission, URLs, or simple page loading </li></ul></ul><ul><ul><li>Attacks can be JavaScript, or pure HTML </li></ul></ul><ul><li>Executed with your browser & security credentials </li></ul><ul><ul><li>Hacker tricks you into attacking the server for him </li></ul></ul><ul><ul><li>Advanced attacks with AJAX can hijack your entire browser! </li></ul></ul>
    16. 16. Cross-Site Scripting, cont. <ul><li>Block forms submitted from untrusted sites </li></ul><ul><ul><li>Block insecure HTTP referrers </li></ul></ul><ul><ul><ul><li>Referrer can be spoofed, but in this case it’s useful </li></ul></ul></ul><ul><ul><li>Block malicious URLs: EnableSecuredGets=true </li></ul></ul><ul><ul><li>More flags available in the HtmlPostAuthenticator component </li></ul></ul><ul><li>Scrub XSS attacks from request data </li></ul><ul><ul><li>Use encodeHtml function, and all HtmlDataInput config flags </li></ul></ul><ul><ul><li>Blocks JavaScript in metadata, content, URL parameters </li></ul></ul><ul><ul><li>Vital for anonymous users, might restrict “power users” </li></ul></ul><ul><ul><li>Available in pre-10gr3 as the FilterDataInput component </li></ul></ul><ul><ul><ul><li>Out of the box in 10gr3 </li></ul></ul></ul>
    17. 17. Malicious Content <ul><li>Virus scanner on ucm/vault/~temp directory </li></ul><ul><ul><li>Checks for malicious / careless contributors </li></ul></ul><ul><li>Lock down JSP/ASP contribution to just developers </li></ul><ul><ul><li>Lock down JSP with JspEnabledGroups </li></ul></ul><ul><ul><li>Enable ASP at web server only for specific security folders </li></ul></ul><ul><ul><ul><li>http:// myhost/stellent/groups/scripts / </li></ul></ul></ul><ul><ul><li>Remove secure data from JSPs/ASPs </li></ul></ul><ul><ul><ul><li>Consumers with access to native file can view the source </li></ul></ul></ul><ul><li>Treat malicious HCSP same as malicious HTML </li></ul><ul><ul><li>IdocScript limited to page display for security reasons </li></ul></ul>
    18. 18. Direct UCM Port Access <ul><li>Authentication performed outside of UCM </li></ul><ul><ul><li>Web server authenticates, passes username to port 4444 </li></ul></ul><ul><ul><li>Out of the box, only localhost is trusted </li></ul></ul><ul><ul><li>With dedicated server & trusted admins, fairly safe </li></ul></ul><ul><li>Rogue administrator can impersonate users </li></ul><ul><ul><li>Content Integration Suite ( CIS ), RIDC , IdcCommandUX </li></ul></ul><ul><ul><li>SOAP is safer – password authenticated by web server </li></ul></ul><ul><li>First: block access with firewalls </li></ul><ul><ul><li>Block all but web server and portal server </li></ul></ul><ul><ul><ul><li>Restrict to specific named users if possible </li></ul></ul></ul><ul><ul><li>More safe than just SocketHostAddressSecurityFilter </li></ul></ul>
    19. 19. Direct SCS Port Access, cont. <ul><li>Second: password secure access </li></ul><ul><ul><li>Set ProxyPassword to a large random string </li></ul></ul><ul><ul><li>Web server sends secure authentication token: </li></ul></ul><ul><ul><ul><li>User, hashed user password, IP, time, and ProxyPassword </li></ul></ul></ul><ul><ul><li>Blocks connections without token, including some admin tools </li></ul></ul><ul><ul><ul><li>CIS , RIDC , IdcCommandUX </li></ul></ul></ul><ul><li>Third: encrypt all communication on port 4444 </li></ul><ul><ul><li>Uses SSL Certificates </li></ul></ul><ul><ul><li>For J2EE connections only (CIS/CPS/RIDC) </li></ul></ul><ul><ul><li>Use the SecurityProviders component, and the RIDC Developer’s Guide </li></ul></ul><ul><li>NOTE: depending on version, 2&3 might not be compatible </li></ul>
    20. 20. Protection - Lower Risk Vulnerabilities <ul><li>Less risky, depending on organization and network </li></ul><ul><li>Data leakage </li></ul><ul><li>Eavesdropping </li></ul><ul><li>Passwords </li></ul><ul><li>Hacked database, file server, web server </li></ul>
    21. 21. Data Leakage <ul><li>How much does Google know about you, without even trying? </li></ul><ul><li>Simplify the security model </li></ul><ul><ul><li>Less accidental information leakage </li></ul></ul><ul><ul><li>Use security groups to secure , not to organize! </li></ul></ul><ul><ul><li>Use Profiles / WebDAV to simplify contribution </li></ul></ul><ul><li>Workflows for public facing content </li></ul><ul><li>PDF Watermark, Dynamic Watermark </li></ul><ul><ul><li>Embed the word CONFIDENTIAL in converted PDFs </li></ul></ul><ul><ul><li>Add date and viewer’s name with Dynamic Watermark </li></ul></ul><ul><li>NeedToKnow component </li></ul><ul><ul><li>User can view some metadata, but not content </li></ul></ul>
    22. 22. Eavesdropping <ul><li>Network vulnerable to packet sniffers </li></ul><ul><ul><li>Spy on downloaded content or passwords </li></ul></ul><ul><li>Use SSL (HTTPS) </li></ul><ul><ul><li>Protects passwords and content </li></ul></ul><ul><ul><li>Important for Basic authentication and cookie login </li></ul></ul><ul><ul><ul><li>NTLM authentication is already “encrypted” </li></ul></ul></ul><ul><ul><li>Drawback: performance suffers </li></ul></ul><ul><li>Customizations: use SSL only when needed </li></ul><ul><ul><li>Form-based login with cookies from HTTPS page </li></ul></ul><ul><ul><li>Set up both HTTP and HTTPS ( BrowserUrlPath ) </li></ul></ul><ul><ul><ul><li>Use SSL only for contributors / administrators </li></ul></ul></ul>
    23. 23. Password Hacking <ul><li>Cannot trust users with their passwords </li></ul><ul><ul><li>70% give away passwords for chocolate (BBC) </li></ul></ul><ul><ul><li>Computers getting faster, passwords still 8 letters </li></ul></ul><ul><ul><li>Reused passwords, easily guessed passwords </li></ul></ul><ul><li>Use Single Sign On (SSO) </li></ul><ul><ul><li>NTLM, Active Directory, LDAP, Netegrity SiteMinder </li></ul></ul><ul><ul><li>Eases maintenance of passwords, users, new applications </li></ul></ul><ul><ul><li>Drawback: no login prompt can make XSS worse </li></ul></ul><ul><li>Don’t allow users to know their full access key! </li></ul><ul><ul><li>USB / smart cards with SSL certificates for authentication </li></ul></ul><ul><ul><li>Protect certificate with password </li></ul></ul><ul><ul><ul><li>Add biometrics for more security </li></ul></ul></ul><ul><ul><li>In practice, managing such keys is difficult and time consuming </li></ul></ul><ul><ul><ul><li>If security protocols are tough, people make “back doors” to do their jobs </li></ul></ul></ul>
    24. 24. Hacked Web Server <ul><li>Web server primary target for unauthorized users </li></ul><ul><ul><li>Typically exposed to outside world </li></ul></ul><ul><ul><li>Firewalls help, but don’t stop everything </li></ul></ul><ul><li>Add a reverse proxy for extra security layer </li></ul><ul><ul><li>Run web server on same machine as UCM </li></ul></ul><ul><ul><li>Connect to web server with reverse proxy outside firewall </li></ul></ul><ul><ul><li>If proxy is hacked, UCM is still safe (for now) </li></ul></ul>
    25. 25. Hacked File System <ul><li>Compromise of UCM machine or file server </li></ul><ul><ul><li>If user gains root access, anything is possible </li></ul></ul><ul><li>Use NTLM/Kerberos authentication for Database </li></ul><ul><ul><li>No need to store JdbcPassword </li></ul></ul><ul><ul><li>SQL Server: Use JTDS driver, manual install </li></ul></ul><ul><ul><li>Oracle: Use version-specific thin driver </li></ul></ul><ul><li>Encrypted file system </li></ul><ul><ul><li>Secure the vault , weblayout , search , data directories </li></ul></ul><ul><ul><li>Performance loss, might not work with your web server </li></ul></ul><ul><ul><li>Use FileStoreProviders to encrypt just a handful of items </li></ul></ul>
    26. 26. Database Connections <ul><li>SQL Injection attacks </li></ul><ul><ul><li>Similar to XSS – malicious SQL through hacked web form </li></ul></ul><ul><ul><li>Can take over database through some web applications </li></ul></ul><ul><li>SCS protected by abstraction layer </li></ul><ul><ul><li>SQL in predefined queries, strongly typed parameters </li></ul></ul><ul><li>SCS validates user-submitted data </li></ul><ul><ul><li>Parses dates, numbers, escapes quotes in strings </li></ul></ul><ul><ul><li>Extra parenthesis added if found in query terms </li></ul></ul><ul><li>Reduce table-modification rights of Stellent JDBC user </li></ul><ul><ul><li>Adding metadata, schema, components requires DBA approval </li></ul></ul><ul><ul><li>User-level activity unaffected </li></ul></ul>
    27. 27. Protection - Risks in Customizations <ul><li>Difficult to measure </li></ul><ul><li>Untrusted developer making customizations </li></ul><ul><li>How to make secure components </li></ul><ul><li>Possible security customizations </li></ul>
    28. 28. Malicious Components <ul><li>Difficult to defend against </li></ul><ul><ul><li>Requires complete auditing of code for back-doors </li></ul></ul><ul><li>Install “development” servers </li></ul><ul><ul><li>Protects content against rogue developers </li></ul></ul><ul><ul><li>Components audited and installed by trusted admin </li></ul></ul><ul><li>Block Admin Server component installs </li></ul><ul><ul><li>Restrict to Component Wizard from the console </li></ul></ul><ul><ul><li>AllowUpdateComponentConfig , AllowComponentUpload </li></ul></ul>
    29. 29. Secure Component Tips <ul><li>Validate HTML form data in Java </li></ul><ul><ul><li>JavaScript is handy, but not trustable </li></ul></ul><ul><li>Encode IdocScript variables on pages </li></ul><ul><ul><li>IdocScript functions: js , xml , url , encodeHtml </li></ul></ul><ul><ul><li>Prevents introduction of new XSS attacks </li></ul></ul><ul><li>Use predefined SQL queries, avoid raw SQL </li></ul><ul><ul><li>Predefined queries thwart SQL injection attacks </li></ul></ul><ul><li>Validate all code that is sent to a new server, or new process </li></ul><ul><ul><li>Check all command-line calls for malicious attacks </li></ul></ul><ul><ul><li>Understand your remote system well enough to stop attacks </li></ul></ul>
    30. 30. Secure Component Tips, cont. <ul><li>Use the checkSecurity action in custom services </li></ul><ul><ul><li>Service security flags require dSecurityGroup to be present </li></ul></ul><ul><ul><li>Cannot trust values sent by the user </li></ul></ul><ul><ul><li>First determine dSecurityGroup with SQL query </li></ul></ul><ul><ul><li>Then call checkSecurity action in service </li></ul></ul><ul><li>Be paranoid about malicious usage of custom IdocScript </li></ul><ul><ul><li>Restrict functionality to read-only actions </li></ul></ul><ul><ul><li>Workflow IdocScript allows write actions in special context </li></ul></ul><ul><ul><ul><li>Condition variable allowWorkflowIdocScript </li></ul></ul></ul>
    31. 31. Security Customization Examples <ul><li>Modify security with Java components </li></ul><ul><ul><li>Web security plugins require C++ code </li></ul></ul><ul><li>Allow anonymous user to check in content </li></ul><ul><ul><li>SecurityFilter component in HowToComponents </li></ul></ul><ul><ul><li>Deny general access, allow it for specific requests </li></ul></ul><ul><li>Establish download quotas, or download behavior monitors </li></ul><ul><li>Block certain service calls for consumption servers </li></ul><ul><ul><li>Block SOAP or WebDAV explicitly </li></ul></ul><ul><ul><ul><li>With firewall, or customization </li></ul></ul></ul><ul><ul><li>Block all services except bare essentials ( SS_GET_PAGE ) </li></ul></ul>
    32. 32. Security Customization Examples, cont. <ul><li>Custom validation of metadata and content </li></ul><ul><ul><li>Content Profile rules, or Java filters ( validateStandard ) </li></ul></ul><ul><li>Java User Providers for authentication </li></ul><ul><ul><li>For legacy or atypical authentication protocols </li></ul></ul><ul><li>Custom web authentication </li></ul><ul><ul><li>Custom authentication filters ( SiteMinder , SSL Certificates ) </li></ul></ul><ul><ul><li>Custom tokens for flexible SOAP security </li></ul></ul><ul><ul><li>Block login after 3 bad passwords, if not already a rule in SSO system </li></ul></ul><ul><li>Custom cookie login </li></ul><ul><ul><li>Existing sample version doesn’t have a timeout </li></ul></ul><ul><ul><li>Be sure to hash the username, a timestamp, and a secret </li></ul></ul>
    33. 33. Detection – Network Violations <ul><li>Check logs frequently </li></ul><ul><ul><li>Firewall, intrusion detection, web server </li></ul></ul><ul><ul><li>Sometimes only human eyes catch ‘suspicious’ behavior </li></ul></ul><ul><li>Syndicate access logs to remote servers </li></ul><ul><ul><li>Must compromise several systems to “cover your tracks” </li></ul></ul><ul><li>Intrusion detection systems (Snort, some firewalls) </li></ul><ul><ul><li>Detects known attacks, generally suspicious packets </li></ul></ul>
    34. 34. Detection – UCM Specific <ul><li>Check SCS web logs </li></ul><ul><ul><li>Access violation logged </li></ul></ul><ul><ul><li>Login failures not automatically logged </li></ul></ul><ul><ul><ul><li>Use SSO or custom component </li></ul></ul></ul><ul><li>Content Tracker </li></ul><ul><ul><li>Tracks popularity – who viewed what? </li></ul></ul><ul><ul><li>Check for allowed – but unusual – activity: </li></ul></ul><ul><ul><ul><li>Downloading data before quitting </li></ul></ul></ul><ul><ul><ul><li>Downloading random highly secure data </li></ul></ul></ul><ul><ul><li>Excellent dual-purpose technology </li></ul></ul>
    35. 35. Reaction – Respond to Intrusion <ul><li>Someone someday will bypass all your security </li></ul><ul><ul><li>Reaction depends on business needs </li></ul></ul><ul><ul><ul><li>Block access with firewall? Unplug from network? </li></ul></ul></ul><ul><ul><li>Minimize damage and disruption while you patch </li></ul></ul><ul><li>Establish backup and recovery plans </li></ul><ul><ul><li>Backup all applications and data </li></ul></ul><ul><ul><li>Most high-availability sites have sufficient plans </li></ul></ul><ul><li>Redundancy is primary </li></ul><ul><ul><li>System must survive a crash / compromise of one server </li></ul></ul><ul><ul><li>One compromise shouldn’t lead to several </li></ul></ul>
    36. 36. Reaction – UCM specific <ul><li>Block hacked user accounts </li></ul><ul><ul><li>Supported by some SSO vendors </li></ul></ul><ul><ul><li>Block the administrator at least ( SysadminBlocker ) </li></ul></ul><ul><li>Make database read-only </li></ul><ul><ul><li>Block ‘commit’ rights to Stellent’s JDBC user at the database </li></ul></ul><ul><ul><ul><li>Blocks ALL write activity, possible side effects </li></ul></ul></ul><ul><ul><li>Make Counters table read-only </li></ul></ul><ul><ul><ul><li>Blocks all transactions </li></ul></ul></ul>
    37. 37. Conclusions <ul><li>Oracle UCM less vulnerable than most systems </li></ul><ul><ul><li>Smaller target than operating system, database </li></ul></ul><ul><ul><li>Recommendation: minimize XSS and direct port access </li></ul></ul><ul><ul><li>Others countermeasures as needed </li></ul></ul><ul><li>Which countermeasures to use? </li></ul><ul><ul><li>First, use dual-purpose technology </li></ul></ul><ul><ul><ul><li>SSO, web proxies, Content Tracker </li></ul></ul></ul><ul><ul><li>Second, select those with little cost/drawbacks </li></ul></ul><ul><ul><ul><li>ProxyCredentials , SSL, simplified security model </li></ul></ul></ul><ul><ul><li>Lastly, select those with significant cost/drawbacks </li></ul></ul><ul><ul><ul><li>Scrub JavaScript content, SSL Providers, custom components </li></ul></ul></ul>
    38. 38. Now Available…
    39. 39. <ul><li>My Company: http:// bezzotech.com </li></ul><ul><li>My Blog: http:// bexhuff.com </li></ul><ul><li>My Self: [email_address] </li></ul>Questions?

    ×