http://www.checklist20.com/bestpractices.htmlOracle E-Business Suite is the most comprehensive suite of integrated, global business applications that provides: The most complete, integrated business intelligence portfolio, The most adaptable global business platform and The most customer-focused applications strategyhttp://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=243&tn=Practice Safe CloningMany copies of production environments are created, a.k.a. cloning, for various purposes. These copies are typically used for performance test by DBAs or developers or to test upgrade/patching of the production database. Cloning of production envi ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=394&tn=Execute E-Business Suite Security ReportThis built-in report validates the profile option values, seeded application user accounts for security.  Use the following procedure to execute the report:Start Oracle E-Business SuiteConnect to responsibility Application DiagnosticsSelect t ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=393&tn=Execute Database Security ReportStart Oracle E-Business SuiteConnect to responsibility Application DiagnosticsSelect the Diagnose menu optionClick button Select Application and select Application "Oracle Application Object Library"Scroll down to group "EbusinessSecurity"Select t ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=247&tn=Change passwords and disable unused default Oracle Applications accountsOracle ships seeded user accounts with default passwords. Change the default passwords immediately.Default passwords for database accounts are widely known, and if not changed could allow unauthorized access to various parts of the system. Al ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=390&tn=Enable Detail Auditing for Key Oracle EBS TablesConsider auditing some of the key tables that control system security:ALR_ALERTSFND_AUDIT_COLUMNSFND_AUDIT_GROUPSFND_AUDIT_SCHEMASFND_AUDIT_TABLESFND_CONCURRENT_PROGRAMSFND_DATA_GROUPSFND_DATA_GROUP_UNITSFND_ENABLED_PLSQLFND_FLEX_VALIDATIONFND_FOR ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=389&tn=Review Unsuccessful Logins The system automatically stores unsuccessful logon attempts in the APPLSYS.FND_UNSUCCESSFUL_LOGINS and ICX.ICX_FAILURES tables. The ICX_FAILURES table holds more information than the FND_UNSUCCESSFUL_LOGINS. Both the FND_UNSUCCESSFUL_LOGINS and IC ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=388&tn=Track last updated details using Who Column ValuesFor most E-Business Suite tables, database rows are updated with the creation and last update information. The system stores this information in the following columns (known as “Who Columns”): Who Column Name         ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=387&tn=Review System Audit Reports Oracle E-Business Suite ships standard reports to access signon, unsuccessful signon, responsibility usage, form usage and concurrent request usage. Access these reports through the system administrator responsibility. ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=386&tn=Enable Privileged User and System Activity With OAMOracle Application Manager (OAM) provides screens for monitoring current and past system activity. In addition, OAM provides a framework extensible for running custom OAM reports. Monitoring features include current and historic user activity down ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=249&tn=Enable Application Server Trust Level OptionResponsibilities or applications with the specified level of trust can only be accessed by an application server with at least the same level of trust. Users can see this profile option, but they cannot update it. ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=385&tn=Limit Access to Forms Allowing SQL QueryTo improve flexibility, some forms allow users to enter SQL statements. Unfortunately, this feature may be abused. Restrict access to these forms by assigning the responsibility to a small group of users. ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=384&tn=Limit Access to Security Related FormsSome forms allow users to modify the EBS security setup. Through these forms users could alter security configuration (e.g. grant inappropriate privileges to themselves or to others). Assign users only those responsibilities necessary for them to ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=383&tn=Restrict and review administrative responsibilities assigned to usersOracle Applications responsibilities like SYSADMIN responsibility has broad administrative privileges. For this reason, regularly review this list of users having administrative responsibilities including SYSADMIN and product administrative respon ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=382&tn=Activate Secure Server Authentication to Oracle Application Database ServerUsually Oracle EBS is deployed in a multi-tier configuration with one database server and many possible middle-tier application servers. The application servers include Apache JSP/Servlet, Forms, Discoverer and also some client programs such as Ap ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=381&tn=Configure Concurrent Manager For Safe AuthenticationConcurrent Manager passes the APPS schema password to concurrent programs on the command line. Because some Operating Systems allow all machine users to read a program’s command line arguments, the password may be intercepted. ENCRYPT signals Conc ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=380&tn=Minimize usage of shared application accountsWhen users share one generic account associating accountability to individual users is a challenge. System cannot identify which user performs a function. Instead, create shared responsibilities which is assigned to multiple users. It helps to sha ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=248&tn=Enable Oracle User Management (UMX)UMX provides a common user registration flow in which a user can enter a new password or select to have one generated randomly. UMX uses workflow to drive the registration process once a request has been submitted. ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=245&tn=Enable custom password profile options for Oracle Application LoginEnabling the profile options support strong application passwords, account lockout after failed logon attempts and session inactivity timeout.For additional  password security custom password rules can be implemented by using Signon Password ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=377&tn=Use DMZ architecture to manage external/internet implementationIf Oracle EBS is exposed to the external users using internet, implement DMZ, external web-tiers, firewall and reverse proxies in a secure external EBS deployment ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=376&tn=Use SSL(HTTPS) between client(browser) and web serverInformation sent over the network and across the internet in http protocol is easily intercepted. Secure sockets layer(SSL) is a well known encryption scheme that ensures safe transfer of data in-transit.  ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=375&tn=Disable unauthenticated access using workflow notification mailerWhen the parameter SEND_ACCESS_KEY is set to Y in workflow e-mail notification settings, Oracle EBS suite sign-on process is bypassed since the e-mail notification contains an access key. When set to N, an unauthenticated user who clicks on the no ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=374&tn=Hide critical application account passwords in log filesadpatch utility used for patching Oracle application tier stores passwords in clear text if flags are not properly used during the adpatch execution ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=246&tn=Review GUEST application user account responsibilityOracle EBS uses GUEST application account to represent unauthenticated user session for certain applications. Limit guest user responsibilities to those necessary for sign-on and guest access. ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=244&tn=Encrypt creditcard and other sensitive informationOracle Payables, Oracle Order Capture, Oracle Order Management, Oracle Service Contracts, Oracle istore and iPayments modules in Oracle applications store creditcard information of customers. It is recommended that creditcard encryption is enabled ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=242&tn=Database(Oracle) Best PracticesRefer to Oracle Database Best Practices  at http://www.checklist20.com/bestpractices.html#cid=70&cn=Oracle%20Database ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=251&tn=Harden external web servers If any of the E-biz modules are implemented for external partners and customers, setup external webtiier with minimal required codebase. ...  View More]]>http://www.checklist20.com/bestpractices.html#cid=146&cn=Oracle E-business (General)&tid=250&tn=Enable Application Auditing for critical resourcesSet SIGNONAUDIT:LEVEL to "Form" at the site level. At this setting, thesystem logs all user sign-ons, responsibility selections and form accesses to APPLSYS.FND_LOGINS, APPLSYS.FND_LOGIN_RESPONSIBILITIES and APPLSYS.FND_LOGIN_RESP_FORMS. ...  View More]]>