Download Oracle - Step 2 - Andrew.cmu.edu

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
Document related concepts
no text concepts found
Transcript 
Survivable Network Analysis
Oracle Financial Management
Services
Ali Ardalan
Qianming “Michelle” Chen
Yi Hu
Jason Milletary
Jian Song
SNA, Step 2, 10/31
Overview







Essential User Capabilities
Summary of Essential Components
Firewall Type
Essential Components Diagram
Essential Scenarios
Essential Component Details
Next Steps
SNA, Step 2, 10/31
Essential User Capabilities


Essential Capabilities performed by 300 dedicated
users
Dedicated users must have access to financial
service applications




Core Financial Applications
Application Desktop Integrator Applications
Feeder systems must integrate with financial
applications
Primary actions performed by users are:

Billing, reporting & reconciliation of budgets and expenses
SNA, Step 2, 10/31
Summary of Essential Components





Kerberos Domain Controller (authentication)
Acis.as.cmu.edu (public access points)
Mistral (db server)
Tandem (print & e-mail)
Chinook (backup server)
SNA, Step 2, 10/31
Logical Proxy (Application Gateway) Firewall
SCP
Oracle
Connection Mgr.
HTTPS
SSH
…
Tandem
LPR
(print)
SSH
SMTP
(e-mail)
(External)
PRIVATE NETWORK
CAMPUS NETWORK
Acis.as. cmu.edu (Sun Sparc Cluster)
1. Restricts
traffic based
upon packet
content
2. Application
specific
(Internal)
SNA, Step 2, 10/31
Essential Components Diagram
Mistral (databse server)
Kerberos Domain Contriller
O. DB O. Listener O. Forms
Kerberos
CAMPUS NETWORK
HTTP
Acis.as. cmu.edu (Sun Sparc Cluster)
FTP
SQL Net
LPR
(print)
…
CITRIX
SSH
SMTP
(e-mail)
Oracle
Connection Mgr.
SCP
HTTPS
SSH
…
SSH
O. DB O. Listener O. Forms
FIBER
Tandem
LPR
(print)
Chinook (Backup)
SMTP
(e-mail)
Cyert Computer Center
HTTP
FTP
SNA, Step 2, 10/31
SQL Net
LPR
(print)
CITRIX
SSH
…
SMTP
(e-mail)
6555 Penn Ave
Essential Components [1]

Acis.as.cmu.edu:



Cluster of Sun Sparc Servers
Public Access Points
Support services





Oracle Connection Manager
HTTP, Telnet, FTP, HTTPS(some Kerberos
authenticated)
SCP (Secure Copy Protocol – unix)
SSH
Web DB, Big Brother (Monitoring software), …
SNA, Step 2, 10/31
Essential Components [2]

Mistral: Database Server
 Hosts main Oracle Server:







HTTP
Oracle Listeners, Names, Database
CITRIX Application Server
NFS(data sharing),
SMTP (e-mail)
LPR (printer) & Fs (other printer)
SQL net, FTP, SSH(file upload)…
SNA, Step 2, 10/31
Essential Components [3]

Tandem



Print & E-mail gateway
No user accounts on this machine
Services provided:



SSH (Administrator Connections)
LPD (Printing)
SMTP (email)
SNA, Step 2, 10/31
Essential Components [4]

Chinook






Disaster Recovery Machine: standby database
Located offsite at 6555 Penn Ave.
Test & Development machine
Mirroring of Development database every
5-minutes
Existing passive fiber link between campus and
this location.
Exact Same HW & SW as Mistral
SNA, Step 2, 10/31
Essential Scenarios – Budget Spreadsheet
Mistral (Databse Server)
Kerberos Domain Contriller
Kerberos
HTTP
CITRIX
O. Listener
CAMPUS NETWORK
(out)
Acis.as. cmu.edu (Sun Sparc Cluster)
HTTPS
Oracle
Connection
Mgr.
SCP
Tandem
LPR
(print)
SSH
SMTP
(e-mail)
SNA, Step 2, 10/31
O. DB
O. Forms
Essential Scenarios – Feeder System
Mistral (Database Server)
Kerberos Domain Contriller
CAMPUS NETWORK
Kerberos
HTTP
Acis.as. cmu.edu (Sun Sparc Cluster)
HTTPS
Oracle
Connection
Mgr.
SCP
Tandem
LPR
(print)
SSH
SMTP
(e-mail)
SNA, Step 2, 10/31
LPR
(print)
SMTP
(e-mail)
Secure
Directory
O. DB
O. Listener
O. Forms
Essential Components – DB Mirroring
Mistral (Database Server)
Chinook (Backup)
O. DB
O. DB
O. Mirroring
Software
O. Mirroring
Software
Automatic mirroring of development
database changes every 5-minutes
SNA, Step 2, 10/31
Ongoing Steps

Client & Users



3rd client meeting to verify essential services and
components
On-going interviews of Business Managers with
and w/o feeder systems
Within Our Group



Development of potential intrusion detection
scenarios & attacker profiles
Identify compromisable components
Physical visit to 6555 Penn Ave. Backup facility
SNA, Step 2, 10/31
A potential security threat

Business Managers:




30+ business managers
SCS, MCS, CIT, etc…
Determine exactly who is able to obtain various
forms of access to areas of the oracle financial
system
For example, MCS:



College Manager
7 Business Managers
Provide access to 2-3 individuals (regular users)
SNA, Step 2, 10/31
Related documents