Tag: ITIL Application Services – SDLC – Web Services

Port ID Port Protocol Appliance Interface Communication Interface Communicate over VIP Programmable Port ID 21 TCP FTP For data access over FTP Management Client Yes No 22 TCP SSH Secure Shell Management Client No No   53 UDP DNS DNS network client Management client Storage Yes No 69 UDP TFTP TFTP Traffic Management Client Storage… Continue reading DataFort E-Series appliance uses the following network ports and protocols

1) Provide a high level overview of what the product is marketed to do. 2) Now, provide the details of what “you” (the buyer) are expecting it to do. 3) Find someplace where the product can be installed and tested. Before you begin, document what your expectations of how the install will go, and your… Continue reading Evaluating a Vendor product

  RSA 7.x – Port Usage Port Protocol Description 1161  UDP  SNMP agent – Used to communicate with a Network Management Server using the Simple Network Management Protocol.  1162  UDP  SNMP agent -Used to communicate with a Network Management Server using the Simple Network Management Protocol.  1645  UDP  RADIUS authentication (legacy port) – Used for… Continue reading RSA 7.x – Port Usage

Web Monitor HTTP_Servers This rule logs URLs and hosts in the URL Log. This rule, like LogUnmatched, does not match connections. It is used for data collection only, not for blocking or allowing. When adding this rule, some options in the Rule Properties window are unavailable. It is recommended that you place this rule near… Continue reading Sample Web Monitor Content Considerations

 Default Oracle TCP / UDP Ports usage Description Port Application Actions Oracle HTTP Server listen port / Oracle HTTP Server port  80 Oracle Application Server  Edit httpd.conf and restart OHS Oracle Internet Directory(non-SSL) 389 Oracle Application Server   Oracle HTTP Server SSL port 443 Oracle Application Server Edit httpd.conf and restart OHS Oracle Internet Directory(SSL)… Continue reading Default Oracle Ports

MS Word 2003 How to turn OFF Delete Block dialogue in Microsoft Word MS word 2003 To turn OFF “Delete Block?”  (no / yes) Tool / Options / General Uncheck 2 boxes pertaining to “Word Perfect help and Navigation” Outlook Repair. Then, please type the following at “Start” “run”: Regsvr32.exe  %Windir%System32Ole32.dll Once doing this, you… Continue reading MS Word 2003 How to turn OFF Delete Block dialogue in Microsoft Word

Priority Oracle 8 -9 Vulnerabilities Patches Security Alert Number And Description   MetaLink Note ID   Latest Version/Date Alert 68, Oracle Security Update 281188.1 Rev 4, 2 March 2005 Alert 67, Unauthorized Access Vulnerabilities in Oracle E-Business Suite 274356.1 Rev 1, 3 June 2004 Alert 66, Security Vulnerabilities in Oracle Application Server Web Cache 265308.1 Rev 2,… Continue reading Oracle 8 -9 Vulnerabilities Patches

Common Web Vulnerabilities Buffer Overflow Attacks Denial of Service Attacks on vulnerable scripts URL Manipulation Sniffing / Spoofing Credentials Client Parameter Manipulation Brute Force Attacks Web Server Fingerprinting Web Defacements Take web servers seriously, server security is essential for web security, recommendations: Harden servers from attack • Use a hardening guide like CIS or MS… Continue reading Web Server Security – Suggestions

Testing must be an on-going activity throughout all phases of a project and should be an integral component of quality assurance efforts. A complete testing strategy cannot be developed until after vendor selection, so this section contains suggestions for possible activities that could be included in a testing strategy, and a general description of the… Continue reading System and Application Unit Testing

Audience: Application & System Services Communication & Collaboration Service: Database Administration Desktop Computer Services Disaster Recovery & Business Continuity Services Facilities A formal model of a complete system All information pertinent to deployment and operations Machine-readable, capturing intent of developers and administrators System topology Developer constraints IT policy Installation directives Health model Monitoring rules Service… Continue reading SDLC – Application System Definition Model

Testing Approach and strategy helps you prepare the list of testing requirements and the testing strategy for supporting the new corporate procurement and application module. Included are descriptions of the target audience, delivery method, and objectives. In addition, the testing approach and strategy identify: The high level objectives and tasks of each testing phase The… Continue reading Testing Approach and Strategy

Deliverables and Combined Processes Discovery Project Roadmap Planning Customer & Stakeholder requirements prioritization & signoff Internal Services Catalog Project Risks Identified UI Models List of Alternative Solutions Selection of Best Solutions for further research Hardware Solutions Demos Financial Approval Potential Solutions Modeled in Test Lab  Initial Security Requirements Definition Initial Project Plan & completion Estimate… Continue reading Sample SDLC Development Project Deliverables

Disable install and demo accounts: Disallow default user/password PUBLIC has execute System privilege PUBLIC has execute Object privilege PUBLIC has execute UTL_FILE privilege PUBLIC has execute UTL_SMTP privilege PUBLIC has execute UTL_HTTP privilege PUBLIC has execute UTL_TCP privilege PUBLIC has execute DBMS_RANDOM Password complexity Restrict number of failed login attempts Authentication protocol fallback Connect and… Continue reading Basic Oracle Hardening

Service Monitoring • Availability• Logging• Auditing• Performance Metrics• Debugging & Tracing• Synthetic Transactions Exception Management • Error Trapping• Root Cause Analysis• Notification Services Version Management • Data Contracts• Message & Operation Contracts• Endpoints (Addresses)• Policies• Internal Dependencies• Claims• Service Retirement• Dependency Analysis Service Delivery • Methodology• Standardized Service Delivery Lifecycles Policy and Security Considerations •… Continue reading Datacenter – Application Lifecycle Considerations

Behind every attack & security problem is – bad software A major concern is that security professionals are often un-aware the problem is – bad software Encrypt your data lines? The riskiest category of software today is Internet-enabled apps “Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit… Continue reading Guiding Principles for Software Security

Secure the weakest link Low-hanging fruit is picked first, I.e. Attack end points, not encrypted links Risk analysis ID’s the weakest link Apportion resources according to risk Practice defense in depth One layer is never enough Overlapping & redundant    Fail securely Failure is unavoidable Allow least privilege Only the minimum access is allowed For… Continue reading Principles of Software Security

Goal to have all imagery served to all A -B Corporate users from a single location Evaluation Outsource to Spatial Energy Host Internal via ESRI Image Server www.bestitdocuments.com

Single storage location for all eGIS data Access for Corporate Users Web Based Mapping Access to all Geo-spatial Data Compliant with Corporate Security Policy Subscription Service to Download Geo-spatial Data Map based access to Documents in Document Management System Map based access to Permits including geographic coverage Collaboration Geo-spatial Functionality Map based access to Environmental… Continue reading Sample eGIS Collaboration

  Server Administration Application Support Infrastructure Support Upgrades DB Overlays, Cloning, creation and data population         Database Maintenance         Patch Management         Middleware Optimization and Mnagement         Databased Backup Administration         Database Security Administration         Database Connection… Continue reading Sample Application Hosting Services