Secure Your Mission Critical Application’s WebLogic Domain

| April 17, 2014 | 0 Comments

If you are managing and administering a WebLogic domain which serves for;

  • Bank applications
  • Government applications
  • e-Business web applications that open to the internet

You must strongly secure your WebLogic domain among internal and external hacking attacks.

Here are the crucial settings for securing mission critical WebLogic domains:

    • Do not use default ports for admin server and managed servers
    • Do not use “weblogic” value for default admin username
    • Do not use username|password parameters and values in start scripts.
      Use “-Dweblogic.system.BootIdentityFile=$PATH/boot.properties” parameter and encrypted boot file.
Administrative Engineering: Secure your WebLogic Domain

Administrative Engineering: Secure your WebLogic Domain

  • Enable administration ports
  • Enable “Cross Domain Security”
  • Change your console context path
  • Use custom Identity and Custom Trust (JKS)
  • Use custom Hostname Verifier
  • Load real SSL certificate even for internally traffic
  • Set “Max Post Size” (by default it’s unlimited) value
  • Set  ”Frontedn Host” and “Frontend Https Port” values
  • Set “Minimum, Maximum, IO Buffer Size” values
  • Secure JMS Resources by Security Policies
  • Disable “Default Connection Factories” for JMS
  • Integrate and define LDAP authenticator
  • Enable administration auditing by setting “Configuration Audit Type

Most of WebLogic domains are insecure. Especially, they are vulnerable and unguarded among to internal/LAN network.

In general, 99% percentage of the list items, that I’ve shared above basically, are not configured by the administrator.

If you are administering or managing a mission critical WebLogic domain, think twice and reconfigure your security settings.

Do not hesitate contact to us to support your mission critical applications. Just drop us an email.

 

LinkedInTwitterGoogle+FacebooktumblrEmail
    Share admineer resources...

Tags:

Category: BPM, JMS, Middleware, OSB, SOA, WebLogic

M.Fevzi Korkutata

About the Author ()

M.Fevzi Korkutata: Deep level technical consultant... Oracle ACE Associate in Middleware & SOA expertise. His specialty is large scale and mission critical live production systems and like to work as DevOps. He knows all kind of application servers and its environments. Software product development, operation management, design, implementation, integration... etc. Korkutata working as "Application and Infrastructure Architect"... Likes to work and communicate internationally, stay connected :)

Leave a Reply

Your email address will not be published. Required fields are marked *