1 2 Previous Next 19 Replies Latest reply on Mar 23, 2020 2:57 PM by Beauty_and_dBest

    COVID-19 Lockdown EBS

    Beauty_and_dBest

      11i

      9i

      OL5

       

       

      Hi ALL,

       

      Our country is in locked-down state due to pandemic COVID-19.

      Our office is closed and we are all instructed to work from home.

       

      We are still using EBS 11i with 9i database, and our VPN can not accommodate all employees accessing from home.

       

      We can  expose / port our EBS 11i to public internet, but without SSL. Is this dangerous?

      Is 11i supported with SSL? Or can it still be setup?

       

      Please help secure our site by sharing docs how to install an SSL certificate with our  Oracle EBS 11i.

       

      Is there any work-around or substitute  for SSL?

       

      I understand SSL is now TLS?

       

       

      Kind regards,

      jc

        • 1. Re: COVID-19 Lockdown EBS
          SMOOTHEDATH

          Hello jc ,

           

          Please see below master document .

           

          ANNOUNCEMENT: E-Business Suite 11.5.10 Configurations with SSL/TLS Encryption (Doc ID 2193395.1)

           

          But I think with current security standards and EBS 11i support being terminated long back , there may be some security vulnerabilities .

          Please check with your network team , also inform business of having potential security threats .

           

          And also , it will take sometime to configure ( I don't recommend directly implementing this in your PROD ) . So immediate solution is not possible .

           

          -Regards

          SMS

          • 2. Re: COVID-19 Lockdown EBS
            Beauty_and_dBest

            Thanks SMS,

             

            Our network team is not well verse with EBS.

            Please help me how to write justification letter/reasons to management that this can not be done right away

            I need to explain, and cite reasons why.

             

            Is below okay to say?

             

            Reason why SSL can not be implemented:

             

            1. Current security standards and certificates no longer support EBS 11i.

            2. Potential security threats since mo more security patches available.

            3. Need database 9i to be upgraded to 11.2.0.4  to support  SHA version 2.

                 As per validation, enabling HTTPS will require an upgrade from their existing to Ebiz 11i  9i db to 11.2.0.4 database to support the SHA(Secure Hash Algorithm) version 2.

                 SHA-1 is no longer supported by most of the browsers as well as the Commercial CA (Certifiate Authority) Server.

                 https://www.globalsign.com/en/blog/moving-from-sha-1-to-sha-256/

             

             

             

            Kind regards,

            • 3. Re: COVID-19 Lockdown EBS
              SMOOTHEDATH

              Hi

               

              I agree with all your points .

               

              It is always better to go with latest Security standards . But since you are in lower version it may require more testing to confirm .

              So a quick solution is not feasible

               

              -Regards

              SMS

              • 4. Re: COVID-19 Lockdown EBS
                Beauty_and_dBest

                Thanks SMS,

                 

                But is there doc notes to back it up?

                Those listed above are only theories?

                 

                 

                Kind regards,

                • 5. Re: COVID-19 Lockdown EBS
                  SMOOTHEDATH

                  Hi

                   

                  Note is the approach and solution on how to enable SSL/TLS and also for configuring reverse proxy .

                   

                  You can always enable SSL\TLS with certified options for your EBS and database with some associated risks .

                  Risk ->

                       You may not be able to use latest security algorithms ( But an https:// site is always better than http:// )

                       SHA-1 is not certified by latest browsers .

                   

                  My point is a quick solution may not be feasible and a through checking is required .

                  May be by the time you finalize solution drama with COVID-19 might be over . ( Hopefully )

                   

                  A direct document is not available I guess , you can raise an SR with the points and get this confirmed .

                  Then you can approach client

                   

                  -Regards

                  SMS

                  • 6. Re: COVID-19 Lockdown EBS
                    Beauty_and_dBest

                    Thanks SMS, and ALL,

                     

                    Hope everyone is  covid-19 free.

                    • 7. Re: COVID-19 Lockdown EBS
                      Beauty_and_dBest

                      Hi again SMS, and ALL,

                       

                      Sorry I am reopening this thread.

                       

                      Can I ask one more question please....

                       

                      Can I tell management that no worries even if you open EBS 11i to public internet?

                      Because in 11i, it is very hard for any browser to open the Java forms page.

                      So the hacker would not waste time learning it.

                      Even myself consider good in EBS 12.2,  still find it very hard to open forms 11i .

                      Is this  good reason not to worry if you expose 11i to public internet?

                       

                      Please comment.....need your advise.....

                       

                       

                      Kind regards,

                      • 8. Re: COVID-19 Lockdown EBS
                        SMOOTHEDATH

                        Hi

                         

                        I am not good in hacking , but I think hackers if they want browser dependency is not a problem .

                        They even can hack your DB

                         

                        It is not a good idea , to open EBS without https to outside world

                         

                        I think you can explore the possibility of using a external https server / reverse proxy .

                         

                        I am not sure about this , that's why I asked you check with your network team .

                         

                        May be someone here can help as well

                         

                        -Regards

                        SMS

                        • 9. Re: COVID-19 Lockdown EBS
                          3784430

                          I think the upshot of this pandemic will be lots of external working and of course improved security ... has to be a  big opportunity for IT industry  Every cloud ....

                          • 10. Re: COVID-19 Lockdown EBS
                            Beauty_and_dBest

                            Hi 3784430,

                             

                            I don't understand  what you mean by Every cloud....

                            Do you mean we will migrate to Oracle Cloud?

                             

                            Kind regards,

                            • 11. Re: COVID-19 Lockdown EBS
                              3784430

                              LOL ! 

                              • 12. Re: COVID-19 Lockdown EBS
                                Maaz Khan

                                Hi Jc,

                                 

                                Can I tell management that no worries even if you open EBS 11i to public internet?

                                -- You are on 9i database and 11i ebs, both are not supported and exposing it to internet will involve huge risk.

                                Because in 11i, it is very hard for any browser to open the Java forms page.

                                -- This reason is not justified as hackers have many other ways to hack into your system

                                 

                                Regards,

                                Maaz

                                • 13. Re: COVID-19 Lockdown EBS
                                  Beauty_and_dBest

                                  Can you explain please...or at least have suggestions how to secure EBS on public internet?

                                   

                                  Thanks.

                                  • 14. Re: COVID-19 Lockdown EBS
                                    Beauty_and_dBest

                                    Thanks Maaz,

                                     

                                    Because in 11i, it is very hard for any browser to open the Java forms page.

                                    -- This reason is not justified as hackers have many other ways to hack into your system

                                     

                                    I wonder what hackers would like to hack into our EBS?

                                     

                                    I think hackers usually are interested to hack for CPU/Memory resources. We are often victimized by   bit-coin mining hackers , where they inject a program into out server which scans all the credit card in the world, which consume lots of CPU? They attack our server via open VNC where my password is just oracle123.

                                     

                                     

                                    Kind regards,

                                    1 2 Previous Next