1. SNA, Step 2, 10/31
Survivable Network Analysis
Oracle Financial Management
Services
Ali Ardalan
Qianming “Michelle” Chen
Yi Hu
Jason Milletary
Jian Song
2. SNA, Step 2, 10/31
Overview
Essential User Capabilities
Summary of Essential Components
Firewall Type
Essential Components Diagram
Essential Scenarios
Essential Component Details
Next Steps
3. SNA, Step 2, 10/31
Essential User Capabilities
Essential Capabilities performed by 300 dedicated
users
Dedicated users must have access to financial
service applications
Core Financial Applications
Application Desktop Integrator Applications
Feeder systems must integrate with financial
applications
Primary actions performed by users are:
Billing, reporting & reconciliation of budgets and expenses
9. SNA, Step 2, 10/31
Essential Components [3]
Tandem
Print & E-mail gateway
No user accounts on this machine
Services provided:
SSH (Administrator Connections)
LPD (Printing)
SMTP (email)
10. SNA, Step 2, 10/31
Essential Components [4]
Chinook
Disaster Recovery Machine: standby database
Located offsite at 6555 Penn Ave.
Test & Development machine
Mirroring of Development database every
5-minutes
Existing passive fiber link between campus and
this location.
Exact Same HW & SW as Mistral
11. SNA, Step 2, 10/31
Essential Scenarios – Budget Spreadsheet
Kerberos
SCP
HTTPS
Oracle
Connection
Mgr.
Kerberos Domain Contriller
Acis.as. cmu.edu (Sun Sparc Cluster)
LPR
(print)
SSH
SMTP
(e-mail)
Tandem
O. DB
HTTP O. Listener
Mistral (Databse Server)
O. Forms
CITRIX
CAMPUS
NETWORK
(out)
12. SNA, Step 2, 10/31
Essential Scenarios – Feeder System
Kerberos
SCP
HTTPS
Oracle
Connection
Mgr.
Kerberos Domain Contriller
Acis.as. cmu.edu (Sun Sparc Cluster)
LPR
(print)
SSH
SMTP
(e-mail)
Tandem
O. DB
HTTP O. Listener
Mistral (Database Server)
O. Forms
Secure
Directory
CAMPUS
NETWORK
LPR
(print)
SMTP
(e-mail)
13. SNA, Step 2, 10/31
Essential Components – DB Mirroring
O. DB
O. Mirroring
Software
Mistral (Database Server) Chinook (Backup)
O. DB
O. Mirroring
Software
Automatic mirroring of development
database changes every 5-minutes
14. SNA, Step 2, 10/31
Ongoing Steps
Client & Users
3rd client meeting to verify essential services and
components
On-going interviews of Business Managers with
and w/o feeder systems
Within Our Group
Development of potential intrusion detection
scenarios & attacker profiles
Identify compromisable components
Physical visit to 6555 Penn Ave. Backup facility
15. SNA, Step 2, 10/31
A potential security threat
Business Managers:
30+ business managers
SCS, MCS, CIT, etc…
Determine exactly who is able to obtain various
forms of access to areas of the oracle financial
system
For example, MCS:
College Manager
7 Business Managers
Provide access to 2-3 individuals (regular users)