Announcing Oracle Linux support for Clair and Vuls

As containers gain attention and traction for both development and operational purposes, it becomes increasingly important to monitor the security of running containers . In order to facilitate simple scanning of Docker and Rkt images based on Oracle Linux, we have added support for Clair and Vuls in both upstream projects.

Clair by CoreOS

From the CoreOS website: "Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers.

(more...)

Enable HyperFIDO U2F Key on Linux

Recently, I bought the Hypersecu HyperFIDO K5 Key to help me secure access to several websites and services with U2F (“Universal Two-Factor Authorization”). This works fine on Windows, but with Linux things get a little complicated: The key isn’t accessible to all users by default. This has to be activated using udev rules, which is widely […]

Single-Sign-On to Oracle ERP Cloud

More and more enterprises are using Single-Sign-On (SSO) for there on-premise applications today, but what if they want to use SSO for there cloud applications as well?

This blog post is addressing this topic for Single-Sign-On to Oracle ERP Cloud in a hybrid environment.

First of all lets focus on SSO on-premise and introduce some terminology.

A user (aka principal) wants to have access to a particular service. This service can be found at the (more...)

Webcast: “Secure Configuration for EBS in Oracle Cloud”

EBS security on cloudOracle University has a wealth of free webcasts for Oracle E-Business Suite.  If you're looking for an overview of how to secure an EBS environment running in Oracle Cloud, see:

Elke Phelps, Senior Principal Product Manager, provides an overview of Oracle E-Business Suite secure configuration guidelines and security features available when deploying Oracle E-Business Suite in Oracle Cloud.  Knowledge of Oracle's Cloud (more...)

Reminder: Upgrade Oracle Internet Directory 11.1.1.7 to 11.1.1.9

Oracle Fusion Middleware products get new Patch Set updates.  When a new Patch Set has been released, a 12 month Grace Period for the previous Patch Set begins.  Once that Grace Period ends, no new patches for the previous Patch Set will be released.

For more details, see:

Oracle Internet Directory is part of a (more...)

Oracle database 12.1.0.2.170117 (januari 2017 PSU) and TDE wallets

Recently, I was trying to setup TDE. Doing that I found out the Oracle provided documentation isn’t overly clear, and there is a way to do it in pre-Oracle 12, which is done using ‘alter system’ commands, and a new-ish way to do it in Oracle 12, using ‘administer key management’ commands. I am using version 12.1.0.2.170117, so decided to use the ‘administer key management’ commands. This blogpost is about an (more...)

Oracle Key Vault 12.2 BP4 is Now Available!

Bundle Patch 4 (BP4) of Oracle Key Vault 12.2 is now available.  This release delivers new capabilities and several improvements including: Windows 2008 and 2012 Endpoint Platform Support for Oracle Databases 11.2.0.4 and 12.1.0.2 To learn more please visit the Oracle Key Vault page on the Oracle... [Read More]

Building a Hyper-V Environment for SharePoint / Cyberinc Entitlements Server Prototype – Part 3

In my previous post, I covered the installation of SQL Server 2016 SP1 for our Hyper-V environment. After that is completed, we are ready to install SharePoint Server 2016. That’s what I’ll be covering here. Firstly, you need to download a copy of the software. At the time of writing this post, SharePoint Server 2016 is available from Microsoft. That’s the version I’ve downloaded for installation on the VM.

Installing the Prerequisites

To start the (more...)

Linux: keyring-password for wlan needed / legitimate wlan login

Each time i resume my notebook after a suspend to disk-cycle the connection to WLAN hangs with the following message:

 (Die Systemrichtlinien verhinder das Bearbeiten von Netzwerkeinstellungen für alle Benutzer / Enter password for default keyring to unlock)
I tried to fix this via network-manager with adding the hook at the checkbox "Alle Benutzer dürfen dieses Netzwerk verwenden", but this did not help at all.
The point is, that after resuming my login keyring wants (more...)

Building a Hyper-V Environment for SharePoint / Cyberinc Entitlements Server Prototype – Part 2

In the previous post in this series, I created the Hyper-V VM environment (running Windows Server 2012 R2) I’ll be using to build SharePoint Server 2016 on. The next step is to install either SQL Server 2014 or SQL Server 2016 for the database server requirements. Because I’m a geeky sort of guy and have to be on the bleeding edge, I’m going to use SQL Server 2016 with SP1, which is available from Microsoft (more...)

Building a Hyper-V Environment for SharePoint / Cyberinc Entitlements Server Prototype – Part 1

One of the areas I’ve been investigating as a technical architect at www.archtis.com is using the Cyberinc Entitlements Server (CES) to provide attribute based access control (ABAC) access to documents stored in SharePoint. It’s an area we haven’t tested at all before, so it was important to build a prototype environment to satisfy ourselves that it really does work the way we want it to. At the time of writing this post, CES (more...)

Oracle DBSAT first experience

dbsat_chart

Last year in October Oracle released the Oracle Database Security Assessment Tool (DBSAT) to analyzes database configurations and security policies to improve the security in your environment.

Real benefits

  • quickly identify security configuration errors in the database environment
  • lauch Security best practices
  • increase the security level of your Oracle Databases
  • reduce the attack and exposure risk

What does DBSAT check

  • User Accounts, Privileges and Roles
  • Authorization Control
  • Data Encryption
  • Fine-grained Access Control
  • Auditing Policies
  • Database (more...)

iPaaS and Cloud Security

Within the Oracle iPaaS products you will encounter features that exist to help provide security or mitigate the risks of someone misusing Oracle cloud accidentally (or otherwise). These features look to mitigate security issues such as a Denial of Service (DoS) attack (e.g. flooding a web service with more calls than it can handle preventing […]

The post iPaaS and Cloud Security appeared first on Implementing Oracle Integration Cloud Service.

Who Decommissioned My Enterprise Manager Agent?

I prefer to write blog posts about the interesting questions on OTN. This blog post is one of them. There are usually more than one EM admins managing the systems, and you may want to track other users’ activity. Enterprise Manager Cloud Control provides auditing mechanism called “comprehensive auditing”. It’s not enabled by default for all actions because it may consume a lot of disk space.

If you want to enable it for all actions, (more...)

Escape Special Characters APEX Demo

A few weeks ago I wrote more detail than expected regarding escaping of special characters.

I thought I'd add a simple demonstration, for reference.

Consider the following query, with variations of escaped column output.
with data as 
(select q'[G'day,]'||chr(10)
||'Scott<strong>loves</strong>'
||'<br>APEX<script></script>' as string
from dual)
select
-- UI default
string dflt
-- where no tags expected
,apex_escape.html(string) protected
-- good for most things
,apex_escape.html_whitelist(string) whitelisted
-- replace line feeds with HTML line break. (more...)

Re-evaluating APEX Authorization Schemes

Authorization schemes in Oracle APEX are used to control access to page, buttons, and all sorts of other components.

In my experience, these are best defined at a privilege level, where the same privilege could be allocated to multiple business roles, but that's for another post.

In this post, I want to mention a cool API function called apex_authorization.reset_cache, which helps control the behaviour of these authorization schemes.

Preface

While googling something else (more...)

Trusted Information Sharing – ABAC Architecture

In my previous post, I introduced you to the two concepts of Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC). ABAC resolves a number of the limitations associated with RBAC, as I discussed in that post. In this post, I wanted to drill into the architecture underlying ABAC a little bit more.

In simple terms, there are four main parts of the ABAC architecture. These are:

  • The Policy Decision Point (PDP) – this (more...)

APEX attributes for Escaping Special Characters

A relatively common on the forums is regarding the escaping of special characters in reports, but it seems the developer isn’t always sure what is actually happening and how to how to search for it.

It seems I’ve had this on my “to blog” list since April 2015, but now that 5.1 has been released, it seems more people are coming out to leave 4.x can’t work out where the Standard Report (more…)

Trusted Information Sharing – Some Underlying Concepts

In a recent post, I explained a little bit about what my new role at archTIS is. archTIS is a company that focuses on the area of Trusted Information Sharing. Trusted Information Sharing is a concept that not too many people would understand the complexities of. In fact, when I first started in my new role I wasn’t aware of just how complex it was myself! To explain all that complexity in a single (more...)

Password validation takes a while, how cool is that!!

You log in to your favorite web app and it takes a little while to get your login validated, or your password consumed, depending on your take on things,
or
You log in to your favorite APEX application, and after every 3rd shot, it takes a bit longer to retry

You are sure what you are doing and you are surely not drunk, but just mistyped the ****-password.

It is annoying, but is it?

I (more...)