Documente Academic
Documente Profesional
Documente Cultură
Michael Miller
Chief Security Officer
Integrigy Corporation
Phil Reimann
Director of Business Development
Integrigy Corporation
Agenda
Q&A
OBIEE
2
OBIEE
Top Ten
About Integrigy
ERP Applications
Databases
Products
AppSentry
Services
Validates
Security
AppDefend
Verify
Security
Ensure
Compliance
Security Assessments
Oracle EBS, OBIEE, Databases,
Sensitive Data, Penetration Testing
Compliance Assistance
SOX, PCI, HIPAA
Protects
Oracle EBS
Build
Security
You
Agenda
Q&A
OBIEE
2
OBIEE
Top Ten
FMW Repository
Database
Enterprise
Manager
WebLogic
External
LDAP
OBIEE
OBIEE
Web
Catalog
RPD
OBIEE
BI Admin
Tool
(Windows based)
Data Sources
(e.g. warehouse)
OBIEE Security
Catalog
User selects
report 6
Login
Business
Model Filters
Mappings
Physical Filters
Tables & Columns
Data
Source
Data
Source
5
Variables
Set
Application
Roles 4
Passed
Authentication
2
-LDAP(External/Internal)
OPSS
3
(Authorization)
WebLogic
Agenda
Q&A
OBIEE
2
OBIEE
Top Ten
61.
2
2.
Metadata database
security
72.
3
3.
83.
Write-Back enabled
94.
5.
No Usage Tracking
4
4.
RPD security
5
5.
10
Patch Levels
Sustaining support
Recommend
-
Recommendations
-
FMW Repository
Database
WebLogic
BI System User
OracleSystemUser
Act-As
Level of access
Full access
Users whose
identity can be
assumed by the
proxy user
Access method
Construct URL
manually
Standard functionality
of UI
How to know if
being used
No indication given
Credentials exposed in
plain text when URL
submitted
Little to none
Security risk
Key accounts
-
RPD Security
Recommendation
-
Commonly find
-
Catalog (ACLs)
Presentation Layer permission
grants
Data level filters
Recommendation
-
Catalog
Business
Model Filters
Mappings
Physical Filters
Tables & Columns
Examples:
Recommendation
-
Example of exposing
Oracle E-Business
Suite Passwords from
APPLSYS.FND_USER
Recommend
OBIEE logging,
monitoring and
auditing
Full audit of Security
ACL
19
Write-Back
Recommend
-
Security concerns
-
No Usage Tracking
Reports on changes to
-
Recommendation
-
Recommend to Disable
-
11g only
Agenda
Q&A
OBIEE
2
OBIEE
Top Ten
Contact Information
Mike Miller
web: www.integrigy.com
e-mail: info@integrigy.com
Integrigy Corporation
blog: integrigy.com/oracle-security-blog