For those of you who attended our webinar on 15-May-2014 on how to secure privileged users, Bruce Schneier’s blog post on 5/16/2014 will be of interest. The post was titled “How to Stop an Insider from Stealing All Your Secrets”. In the post he referenced a magazine article by Bob Toxen in the Communications of the ACM.
Bob Toxen’s article is here and it is a fascinating read on Edward Snowden’s exploits at the NSA and what should have been in place to stop him. The article reviews best practices for “Rings of Security” with which to protect against insider threats from privileged users. Of particular interest were Bob’s comments about the NSA’s use of SharePoint and his recommended best practices for the implementation and use of SSH (Secure Shell).
If you have questions or comments on this topic, please contact us at firstname.lastname@example.org. We would enjoy hearing from you.
Tags: AuditingSecurity Strategy and StandardsSensitive Data
Until recently the Oracle E-Business Suite allowed self-designed certificates to assure the validity of Java code run within end-users’ browsers. This meant that the Java JAR files downloaded from the middle tier server were tested by the end-user’s browser for validity using a certificate created by you and/or you organization during installation. Use of a Trusted Certificate Authority (CA) issued certificate, while always an option for enhanced security, is now a requirement. Oracle has recently deemed self-signed certificates as no longer being secure. Oracle strongly recommends that Oracle E-Business Suite users now sign their Java content using a Trusted CA.
- Does this apply to me? This requirement applies to you if you are running the later JRE releases – specifically 7u40 or above. As Oracle releases new versions of Java over time, and for many good security reasons, Integrigy recommends that you start signing your JAR files using a Trusted CA.
- What is Java JAR signing? - In short, signing code confirms the author of the code (where it is coming from) and that code has not been altered or corrupted. Each file in the Java archive (JAR) is programmatically profiled and an inventory file is then added to the JAR file. You then sign this inventory file using public key encryption. You sign using your private key and, once signed, your public key is then automatically inserted into the JAR file – this is your digital certificate of authenticity. When the JAR file is used, the end-user’s browser will verify your public key to test whether or not it should trust the JAR file. You buy your public and private keys from a Certificate Authority (CA). A good reference on Java JAR signing is here.
- How do I sign E-Business JAR files? - Follow the instructions in the Oracle Support note ID 1591073.1 to generate a certificate request, send the request to a CA, import the certificate once it has been generated by the CA and then regenerate your JAR files using the adadmin utility.
- What is a CA? Will this cost money? A CA usually is a third party such as Verisign or Thawte, who for a fee, will sell you a certificate. This certificate will then be verified by the master root certificates that ship with all major browsers. You can also be your own CA. However, if you decide to be your own CA, you will need to take responsibility for distributing your CA root certificates throughout your end-user community’s desktops and laptops.
- Can I use an existing SSL certificate to sign my Java JAR files? No you cannot. The two certificates are used for two different purposes. The SSL certificate authenticates your server and the code signing certificate verifies the authenticity of the code on the server. As such the two certificates are built differently to do two different tasks.
- Why is Oracle not signing their code? – There is an enhancement request for Oracle do this. There are also several reasons why Oracle is not signing their code that involve their flexibility to package and ship patches.
- Can I ignore this? – Talk with your IT security team. Depending on your version of Java there are options to setup a “whitelist” of applications that can ignore checking for signed code. This involves using “Exception Site Lists” or “Deployment Rule Sets”. If you attempt to use Deployment rule sets, you will need to distribute files to each end-user’s desktop. This is however, after you have a CA sign the DeploymentRuleSet.jar. Use of Deployment Rule Sets are typically used as an additional security tool along with signed JAR files.
- Will this require downtime? – Most likely yes. You may need to apply patches to begin signing code, and to sign your JAR files, the Application tier will need to be stopped while your JAR files regenerated.
- How often will I need to sign JAR files? - Every time you patch or potentially clone, depending on if, or how, you decide to share certificates among production, test and development.
- Can I share certificates among instances? - Yes. One certificate can be used for or multiple E-Business Suite environments.
- How should I protect my Private Key used to sign JAR files? – Very carefully is the answer. Do not leave your private key (adkeystore.* files) on the middle tier. Securely wipe it from the operating system after using it and store it in a secure location. You can also potentially use solutions from Vendor such as Symantec or Vormetric who offer hardware security modules, smart cards and smart card-type devices such as USB tokens. Lastly, you can also just use a USB thumb drive that is locked in a safe.
- What should I do? - Java security is only to become more stringent over time. Integrigy recommends that you start signing your code, preferably using a certificate from a third party CA. Set aside time for a small project and be prepared to apply patches and make changes to your cloning and post-cloning steps and procedures depending on if, or how, you decide to share certificates among production, test and development.
If you have questions, please contact us at email@example.com
Tags: Security Strategy and StandardsOracle E-Business SuiteDBAIT Security
On Friday I realized the America’s Cup yacht was going to be installed at Oracle HQ over the weekend so I went home and got my GoPro camera and set it up to take a picture every 30 seconds. For some reason it shut off on Saturday morning, when the helicopter brought the hull over the building, but I still think the footage came out pretty well. Take a look and let me know what you think in the comments below.
(Pro Tip: It’s worth popping out the embedded video and going fullscreen to get the full effect)
Last week I had to build an Oracle 11gR2 database in the lab. Usually this process involves selecting one of several VirtualBox VM images for an appropriate Oracle Enterprise Linux (OEL) build and then several hours of effort. I selected a basic OEL6 image then instead decided to try out Oracle’s preinstall RPM package for Oracle database installations. I had heard about these packages that automate several of the more tedious pre-installation tasks such as modifying kernel parameters and installing and resolving required software packages.
The RPMs respectively are named:
The result was that it worked and I was surprised how easy it was. Starting with a basic OEL6 image I followed the blog post referenced below. The first attempt resulted in strange errors deep into the install which when researched proved to be only the result of running out of file system space. I had opted to run the yum update prior to running the database install
. Evidently this sufficiently filled my root file system to force errors. I trashed the VirtualBox image and selected a new OEL6 image with more space, ran the preinstall 11gR2 RPM and then let the database install program run before going off to a meeting. When I got back, my database was installed and running.
Overall for the lab this worked well, but for a production environment I would recommend validating all configuration steps performed by the preinstall RPM.
If you have questions, please contact us at firstname.lastname@example.org
-Michael Miller, CISSP-ISSMP
Tags: Oracle Database
UPDATE: Check out this post for a time lapse video of the boat being installed over the weekend.
On May 20th 2008, I arrived at work and was surprised to see an Americas cup yacht as I looked out from my office window and posted pictures to this blog. This weekend, almost 6 years later to the day, we had a new boat arrive to live on the lake and this time I was ready because preparations have been going on for a while. I popped into the office on Saturday to see how it was looking and it was looking, well it was looking very big. These multi hulled machines are amazing pieces engineering and seeing one so close is pretty cool. Take a look below at the old boat and the new one viewed from the same office and you will get an idea of the difference in size. More pictures to come soon…
If you are using R12.1.2 , user may report some difficulty with Homepage responsblity , therefore they prefer similar to 11i or R12.1 In release 12.1.2 the E-Business Suite homepage has been re-designed using the configurable pages infrastructure. This is new Enhancement which allows customers to work with a WYSIWYG model of configuration. This allows [...]
There are two primary options for sharing authentication solutions with the Oracle E-Business Suite. The Oracle E-Business Suite and OBIEE both can take advantage of Oracle’s Single Sign-On (SSO) solutions. If SSO is used, both OBIEE and the E-Business Suite would be subscribing applications.
The other option is for OBIEE to use the Oracle E-Business Suite for authentication. This solution requires that users first log into the E-Business Suite and from there exercise (click-on) a menu function to bring them into OBIEE without having to type a user name or password.
OBIEE and Oracle E-Business Suite Integration
Configuring OBIEE to use the Oracle E-Business Suite for authentication is straight forward and can be completed in a test environment with only a small amount of effort. It is technically accomplished through the sharing of the E-Business Suite session cookie.
Further documentation on the specific steps to configure OBIEE to use the E-Business Suite for authentication can be found on Metalink as well as in the OBIEE documentation. A high level summary is as follows:
- Using the BI Admin client tool, modify the RPD file to add a connection to the E-Business Suite database.
- Add an initialization block to the RPD file that calls the E-Business Suite API APP_SESSION.validate_icx_session and then call FND_GLOBAL to collect the variables resp_id, resp_appl_id, security_group_id, resp_name, user_id, employee_id and user_name.
- Edit the OBIEE configuration files authenicationschema.xml and instanceconfig.xml
- Create a menu function to launch OBIEE. You must use the SSWA OracleOasis.jsp$mode=OBIEE
- Populate the system profile option ‘FND: Oracle Business Intelligence Suite EE base URL’ with the url for OBIEE. For example: http://theobieeserver.yourcompany.com:9704
- Upload the modified RPD file using Enterprise Manager and bounce all OBIEE services
Authentication integration between OBIEE and the E-Business Suite is through a combination of a shared session cookie and a dynamic URL. The key to making it work are edits to OBIEE’s instanceconfig.xml configuration file. It is in this file that OBIEE instructed is to look for the E-Business Suite session cookie.
If you have questions, please contact us at email@example.com
-Michael Miller, CISSP-ISSMP
Tags: Oracle E-Business SuiteOracle Business Intelligence (OBIEE)Security Resource
As a bit of a sci-fi geek (a dedicated Browncoat, amongst other things) I was shocked to discover that Cthulhu's had completely passed me by. For those uninitiated into this global geek cult a Cthulhu is a squid like creature created in the fantasy works of H.P.Lovecraft in 1926. But in modern sci-fi has become a jokey euphemism for horror and evil on a great scale. A recent Neil Gaiman short story piqued my curiosity even more.Cthulhu created a mini trend in the world of crafts, with squid and octopus creations becoming extremely popular in amigurumi and jewellery. Which led me to discover these cephalopod inspired creations on Folksy.First up is a stunning print from I Like It I Think Its Nice. The detail in this print is quite outstanding, and wonderfully fantastical at the same time.
Here's some of that famous Octopus jewellery I mentioned, this one's on a lovely gold plated chain from Laura's Jewellery.
As a lover of all things laser cut (I've even dabbled a little myself) this piece really stood out for me. Mirrored purple acrylic, with a delicate engraving, and Czech glass ink drops, lovely work from Tea Stained Jewellery.
Although these little Jellyfish are not cephalopods, their little tentacles were too cute to be left out. Snap one up from Orangefishy Plush.
Wear your Octopus love on your sleeve! Well, your hem if you buy this snappy t-shirt from Conkerlove. Loving the button eyes.
Create your own under sea imaginary adventure with these Octopus finger puppets from MuNGBEANS. Or you could just wear them whilst reading a Cthulhu novel.
Its amigurumi time from Ali's Crafts, a cute little child safe critter handmade with loving care.
And finally, the more deadly side of Octopi in this recycled card depicting the venomous Blue Ringed Octopus. Wonderful hand stitched detail from Ethel & Iris.
A slightly odd inspiration for this article, but I hope you've enjoyed reading it, and are now aware of the Cult of Cthulhu!P.S. I hope you're having a Happy New Year too.
I think we were all blown away last week by the Royal Wedding - the pagenatry, the flags, THE dress, the splendour and the great outpouring of general "Britishness". But we mustn't forget that this was really just a young couple's marriage - their declaration of love for one another, and their commitment for their lives ahead.But this isn't the only "matter of the heart" that we should be paying tribute to... On this day in 1968 the first heart transplant in the UK was conducted at the National Heart Hospital in Marylebone, London. This amazing, life-saving surgery was undertaken by South African born surgeon Donald Ross, on an unnamed 45 year old man. At the time this was a wonderous new procedure, that (sadly, but necessarily) has become a very "ordinary" operation these days - but has saved, and will continue to save, many many lives each year.So this week's selection of beautiful Folksy items are all dedicated to "hearts" - symbols of love, and vital organs alike!
Handcut Heart Card
Small Copper Heart
Silver Heart Earrings
Heart & Heart Felt Brooch
Key to my Heart Keyring
The team at FOF hope that you've all had a wonderfully relaxing and fun-filled Christmas and New Year - we certainly have! And to welcome us all into 2011 and a new decade, here's a stunning selection to celebrate the New Year and all that it stands for!It's traditional to go first-footing on New Year's Eve, so here's something to keep those tootsies in tip-top condition.
Night Time Foot Butter by FreyalunaIn the UK, it's lucky if the first person to cross your threshold on New Year's Day is a man (although tradition doesn't say that it has to be a good-looking man...)
Old Man Comedy Photograph, Croatia by Kate Seaton PhotographyIt's also considered good luck if that man brings with him either a lump of coal...(well, a bit of poetic licence was required here)
coal tit birdseed card by kate broughton...or bread...
Bread Slice Kawaii Coaster by Asking For Trouble...or money.
Mini purse, hand printed pink silk by SabineCornicIn some parts of Britain, the gift of mistletoe is also considered auspicious.
Everlasting Mistletoe Sprig by Phoenix GlassThen, at the stroke of midnight, that's the cue for the fireworks to go off..
'Firework' Recycled Skateboard Belt Buckle by O'blue Thrashion... and for the bubbly to be opened...
Champagne Supernova Original Painting by Mazzi's Art...and for the dancing to begin!We hope that 2011 brings you health, wealth and happiness - it's time to celebrate!
Blogging on gives me the opportunity to blog about my passions - and one of these is sewing. I just love to sew (except repairing clothes or taking up trousers) and my Mum taught me on a Singer sewing machine that belonged to her grandmother.I am also passionate about embroidery and when my children were small we used to go to the Young Embroiderers Club, organised by the Embroidery Guild in Baildon. Well there are some very talented embroiderers on Folksy and I hope you enjoy their work. (Don't forget to click and buy - support your local Foksy artist).
Vintage Embroidered Pincushion by Pretty Goods
Flowers and Curls Silk Purse by Silk Tree Purses
Caged Bird Brooch by Yam Soup
Dry Stone Wall Textile Art by Chocolate Frog
Afternoon Tea by Hung Drawn Quoted
Floral Heart Egg Cosies by Felt Fancies
Embroidered Lavender Bags by Flaming Norah
Embroidered Card by Boo Boo Craft
Birdie Felt Brooch by Applique Originals
Portrait Embroidery by Gentry Illustration
Sunshine Textile Embroidery by Sally Young
Embroidered and Beaded Brooch by Nadine Arbuthnot Adornments
Stop Press! It's not too late to buy your Valentine's Card before the big day! Folksy has brilliant original art cards and designs and so much better than a store-bought card (no mass production, one of a kind design, personal service - you can't get that from Clinton Cards).
Valentine Card from Andy Lanham Art
Small Heart Card by The Mosaic Garden
Let Love Out Valentine Pocket moleskine cahier by Champignons
You Set My Heart On Fire Embroidered Valentine Card by Silver Birch Crafts
Appliqued Heart Valentines Card by Claire Hurd Design
Recycled Valentine Card by Nina Rowan Paper Boutique
Star Trek Meerkat Valentine Card by Nifty Knits
I Love You Card by Zebedee
Valentine Card by Lino King Cards
Amore Card by SooziebeeGlassprimitif
In my opinion it is a design fault in genetics that we weren't all born with pierced ears - we would have no excuse not to wear fabulous earrings. I love earrings - I can't leave the house with bare ears and I own hundreds of pairs. I also own hundreds of odd ones too! Folksy has a huge selection of quality jewellers and silversmiths so, to save you browsing, I have chosen a few of my favourites. Red Red Red by Ravenwolf Design
Jellyfish Earrings by Felicity Taylor
Paper Earrings by Crowns From Ashes
Vintage Peacock Dangle Earrings by Decade Design
Steampunk Clock Hands Earrings by Mollie Magpie
Pink Sunrise reworked vintage earrings by Made With Love
Lemonart Earrings by Lemon Art
Japanese Dragonscale earrings by Corvus Chainmaille
Heart Studs ~ Fine Silver Earrings by Murano Silver
Green turquoise earrings by Blue Forest Jewellery
Pink Tourmaline Sterling Silver Hoop Earrings by YOSA
Beez Kneez by Lej Jewellery
Lego Spacemen Earrings by The Bothered Owl
Spring is my favourite time of year - the lambs are bouncing, the trees are budding, the days are growing warmer, and even the rain (when it invariably falls) seems gentle and kind by comparison to the harshness of winter. So here's a selection of some beautiful items which sum up this lovely time of year for me.
Splash of Rain - Silky Baby alpaca laceweight yarn by Abstract Cat Crafts
Rain Cloud Necklace by Killer Cupcake
Singing in the Rain Necklace by Boho Boutique
Azure Splash... A Handmade Ceramic Brooch by H B Ceramics
Vintage Buttons Rain Boots - Sew Cute by Asking For Trouble
Spring Greens Mini Bunting by says alice
Spring is in the air - Citrine Nugget and Sterling Silver Necklace by Tania Covo Designs
This week we're having a bit of a history lesson, courtesy of all you erudite people at Folksy!The Ides of March is 15th March in the Roman calendar, and was originally a festive day dedicated to the god Mars. It is also the day in 44 BC that Julius Caesar was stabbed 23 times in the Roman Senate, which gave rise to Shakespeare's famous quotation "Beware the Ides of March" in his eponymous play. Today, the Ides of March is celebrated in Rome with a toga run. Sounds like much more fun to me.So we're taking a stroll through ancient history this week, focusing on the Roman empire. Prepare to be educated!
Olive branch - upcycled antique saucer - candlestick by Loglike
Roman Numeral Bracelet by Jupiter Rocks�
Roman Print Clutch Bag by Grown-Up Gladrags
Handmade Roman Necklace by Beaux Bijoux Handmade Jewellery
Marble, The Colosseum - Ltd Ed A4 Photo Print by Lemonade & Lamingtons ART
Latin manuscript pendant by Artifex Jewellery
Colourful Roman Ruins Photograph, Croatia by Kate Seaton Photography
Roman style metallic button necklace by made by kate d
Roman Mosaic Stained Glass Suncatcher by JOYSofGLASS
Armadillo Leather Cuff by Alpha Prime
Pencils are the best invention - ever! Look at what you can do with them - draw, scratch your head, clean your ears, jab the annoying person next to you.... I think pencils are great. The design hasn't changed much during the history of the pencil and it is ergonomically designed to be held comfortably. Fortunately the content has changed from lead to graphite so that we are not poisoning ourselves as we chew distractedly on the end. So, let's take a look at some pencil inspired Folksy items and make our mark!
Large Pencil Cushion from Dinky Daisy
Coloured Pencils Photoprint from Dyche Photography
Pen and Pencil Set from Turning Time
Bird Print Pencil Case from Leanne Woods Designs
Pencil Case from Paper Spoon
Personalised Teacher Rubber Stamp from Skull and Crossbones
Pen Pot from Malcolm's Creations
A5 Drawing Sketchbook from Chalk Hill Studio
He Says He Can Hear The Forest Whisper from Hidden Eloise
Tattoos, the ultimate permanent form of self expression, clothes can change - tattoos are for life. Well some are, these wonderful tattoo inspired items offer a less permanent solution, whilst still being a form of self expression. Don't forget to click the shop name in the description to see more about any of the items featured.First in, a lovely Valentine t-shirt from Pidgeon Stitch, the scroll detail can be customised.
A little Demon Pin-Up girl of your very own, with this hand drawn pendant from Candy Apple.
Lost at Sea is rapidly becoming one of my all time Folksy favs, and this skull brooch is a great example of classic tattoo art.
Another customisable item on the menu today, this winged heart necklace can be personalised from KittyPink.
A Royal Skull pendant from Inks on Links is superbly hand drawn onto shrink plastic.
This cute trinket box from Juliet Killed Romeo is perfect for bringing a little retro chic to your dressing table.
Could come in handy to wear on Mother's Day, a superb cross stitch brooch from Magasin.
Put your hair up in a bouncy 50's ponytail and finish of with these cute hair slides from Very Vintage Designs.
Slightly different winged heart necklace to finish on, this one comes from KittyPink again, I just couldn't leave it out!
A little bit tattoo, a little bit Rock-a-Billy all these items are handmade by some very talented people, support crafters and buy handmade.Article by Aleximo, xXx
One of two things always inspire me; Bunnies and Birds. I've talked about bunnies in several previous articles on another site, so now it's time for the birds! Once again Folksy makers and sellers have outdone themselves with amazing birdy related items. Here's a selection of my favorites;Below is an amazingly beautiful and detailed clutch purse from notes, in a super summery sunshine yellow.
These super kawaii Birdy Amigurumi Toys from Owl on the Sill are so adorable! Love their little birdy quiffs;
Jiji Kiki comes top trumps again with this vintage love birds necklace. Look at the cute heart beads detailing;
I'm a big fan of papercraft, and Under the Stairs Studios creates some of the most inventive paper circuses I've ever seen. Would make a great deluxe birthday card!
Molly's Mum is a shop that's been on my radar for a while now, everything is so wonderfully made with fabulous fabrics and attention to detail. Make sure you check out the owl brooches too;
Who doesn't love Jemima Lumley's Jewellery? I bet these earrings look stunning on, and even better with one of the matching birdy necklaces also available;
For all of us who have a button stash, these would make a welcome addition I'm sure. Handmade by Mollimoo (aka Chumley) these buttons are also available in blue;
Upcycling is everywhere, even this article can't escape it! Here's the upcycled item for this selection, check out the cute ribbon tails; from Kerli;
I truly admire ceramists, as my clay creations are truly horrendous! This pair of lovebird bowls from Prince Design UK would be a simply stunning wedding gift, timeless and elegant.
Now I realise this is a little cheeky, but what the heck. For the first (and most likely last) time here's one of my items. Understand that this is mearly to prove the point I stated at the beginning of this article, that I gain inspiration from birds. So to the point, here is a set of my birdy badges;
Aside from my shameless self promotion at the end (feel free to ignore it) I hope you like my selection of beautiful birdy items fresh from the pages of Folksy this month. Since I found so many wonderful bird based items I intend to follow this artilce up with a 'part 2' sometime in the future. But for now, don't let these unique handmade creations fly away without you. Many thanks to all those who suggested items,Aleximo, xXx