Scribd Logo
Upload

Welcome to Scribd!

  • SNA Pres2

    Uploaded by

    Tibco Group
    7 views15 pages
    This document summarizes the essential components and user capabilities for Oracle Financial Management services. It identifies the key components as the Kerberos domain controller, Acis.as.cmu.edu public access points, the Mistral database server, the Tandem print and email server, and the Chinook backup server. The essential user capabilities are performing billing, reporting, reconciliation of budgets and expenses for 300 dedicated financial users. Diagrams show how the essential components are connected and how users access the systems. Ongoing steps include verifying services with clients and identifying potential security threats.

    Original Description:

    Original Title

    SNA_Pres2

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes the essential components and user capabilities for Oracle Financial Management services. It identifies the key components as the Kerberos domain controller, Acis.as.cmu.edu public access points, the Mistral database server, the Tandem print and email server, and the Chinook backup server. The essential user capabilities are performing billing, reporting, reconciliation of budgets and expenses for 300 dedicated financial users. Diagrams show how the essential components are connected and how users access the systems. Ongoing steps include verifying services with clients and identifying potential security threats.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    7 views15 pages

    SNA Pres2

    Uploaded by

    Tibco Group
    This document summarizes the essential components and user capabilities for Oracle Financial Management services. It identifies the key components as the Kerberos domain controller, Acis.as.cmu.edu public access points, the Mistral database server, the Tandem print and email server, and the Chinook backup server. The essential user capabilities are performing billing, reporting, reconciliation of budgets and expenses for 300 dedicated financial users. Diagrams show how the essential components are connected and how users access the systems. Ongoing steps include verifying services with clients and identifying potential security threats.

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as ppt, pdf, or txt
    of 15

    Survivable Network Analysis

    Oracle Financial Management


    Services

    Ali Ardalan
    Qianming “Michelle” Chen
    Yi Hu
    Jason Milletary
    Jian Song

    SNA, Step 2, 10/31


    Overview
     Essential User Capabilities
     Summary of Essential Components
     Firewall Type
     Essential Components Diagram
     Essential Scenarios
     Essential Component Details
     Next Steps
    SNA, Step 2, 10/31
    Essential User Capabilities

     Essential Capabilities performed by 300 dedicated users


     Dedicated users must have access to financial service
    applications
     Core Financial Applications
     Application Desktop Integrator Applications
     Feeder systems must integrate with financial applications
     Primary actions performed by users are:
     Billing, reporting & reconciliation of budgets and expenses

    SNA, Step 2, 10/31


    Summary of Essential Components
     Kerberos Domain Controller (authentication)
     Acis.as.cmu.edu (public access points)
     Mistral (db server)
     Tandem (print & e-mail)
     Chinook (backup server)

    SNA, Step 2, 10/31


    Logical Proxy (Application Gateway) Firewall

    1. Restricts
    Acis.as. cmu.edu (Sun Sparc Cluster)
    traffic based
    CAMPUS NETWORK

    PRIVATE NETWORK
    SCP Oracle upon packet
    Connection Mgr.
    content
    HTTPS SSH … 2. Application
    specific
    Tandem

    LPR SMTP
    SSH
    (print) (e-mail)

    (External) (Internal)
    SNA, Step 2, 10/31
    Essential Components Diagram
    Mistral (databse server)
    Kerberos Domain Contriller

    Kerberos O. DB O. Listener O. Forms

    HTTP SQL Net CITRIX



    FTP LPR SMTP
    CAMPUS NETWORK

    Acis.as. cmu.edu (Sun Sparc Cluster) SSH


    (print) (e-mail)
    SCP Oracle
    Connection Mgr.

    Chinook (Backup)
    HTTPS SSH …
    O. DB O. Listener O. Forms

    HTTP

    Tandem FIBER SQL Net CITRIX

    LPR SMTP FTP LPR SMTP


    SSH SSH
    (print) (e-mail) (print) (e-mail)

    Cyert Computer Center 6555 Penn Ave


    SNA, Step 2, 10/31
    Essential Components [1]
     Acis.as.cmu.edu:
     Cluster of Sun Sparc Servers
     Public Access Points
     Support services
     Oracle Connection Manager
     HTTP, Telnet, FTP, HTTPS(some Kerberos
    authenticated)
     SCP (Secure Copy Protocol – unix)
     SSH
     Web DB, Big Brother (Monitoring software), …

    SNA, Step 2, 10/31


    Essential Components [2]
     Mistral: Database Server
     Hosts main Oracle Server:

     HTTP
     Oracle Listeners, Names, Database
     CITRIX Application Server
     NFS(data sharing),
     SMTP (e-mail)
     LPR (printer) & Fs (other printer)
     SQL net, FTP, SSH(file upload)…

    SNA, Step 2, 10/31


    Essential Components [3]
     Tandem
     Print & E-mail gateway
     No user accounts on this machine
     Services provided:
     SSH (Administrator Connections)
     LPD (Printing)
     SMTP (email)

    SNA, Step 2, 10/31


    Essential Components [4]
     Chinook
     Disaster Recovery Machine: standby database
     Located offsite at 6555 Penn Ave.
     Test & Development machine
     Mirroring of Development database every
    5-minutes
     Existing passive fiber link between campus and
    this location.
     Exact Same HW & SW as Mistral

    SNA, Step 2, 10/31


    Essential Scenarios – Budget Spreadsheet
    Mistral (Databse Server)
    Kerberos Domain Contriller

    Kerberos HTTP CITRIX O. Listener

    (out)
    O. DB O. Forms
    CAMPUS NETWORK

    Acis.as. cmu.edu (Sun Sparc Cluster)

    HTTPS
    Oracle
    Connection
    SCP Mgr.

    Tandem

    LPR SMTP
    SSH
    (print) (e-mail)

    SNA, Step 2, 10/31


    Essential Scenarios – Feeder System
    Mistral (Database Server)
    Kerberos Domain Contriller

    Kerberos HTTP Secure O. Listener


    Directory

    LPR
    (print) O. DB O. Forms
    CAMPUS NETWORK

    Acis.as. cmu.edu (Sun Sparc Cluster)


    SMTP
    HTTPS (e-mail)
    Oracle
    Connection
    SCP Mgr.

    Tandem

    LPR SMTP
    SSH
    (print) (e-mail)

    SNA, Step 2, 10/31


    Essential Components – DB Mirroring

    Mistral (Database Server) Chinook (Backup)

    O. DB O. DB

    O. Mirroring O. Mirroring
    Software Software

    Automatic mirroring of development


    database changes every 5-minutes

    SNA, Step 2, 10/31


    Ongoing Steps
     Client & Users
     3rd client meeting to verify essential services and
    components
     On-going interviews of Business Managers with
    and w/o feeder systems
     Within Our Group
     Development of potential intrusion detection
    scenarios & attacker profiles
     Identify compromisable components
     Physical visit to 6555 Penn Ave. Backup facility

    SNA, Step 2, 10/31


    A potential security threat
     Business Managers:
     30+ business managers
     SCS, MCS, CIT, etc…
     Determine exactly who is able to obtain various
    forms of access to areas of the oracle financial
    system
     For example, MCS:
     College Manager
     7 Business Managers
     Provide access to 2-3 individuals (regular users)

    SNA, Step 2, 10/31

    You might also like