IBS ERP Security Portal

IBS ERP Security Portal is the solution for secure access to E-Business Suite Oracle applications.

On December 11, 2013 the company reported release of the standard certified solution for secure access to E-Business Suite Oracle applications - IBS ERP Security Portal.

Description

The IBS group developed the standard certified solution on ensuring secure access to business applications of Oracle E-Business Suite R12, including providing SSO (Single Sign On) and technology of multifactor authentication on certificates of X.509 (GOST).

The solution provides secure access to Oracle applications of E-Business Suite R12 with implementation of SSO technology and multifactor authentication on digital certificates X.509 (GOST)

Requirements for ensuring secure access (using cryptographic information security tools) to processing systems of personal data and other confidential information are defined in regulating documents of FSTEC of the Russian Federation and FSB of the Russian Federation. The specified problem usually is solved in projects by different separate methods, is frequent using not certified information security tools and using different alternate paths, or with violation of a technology stack of the applied systems.

The IBS company developed the solution which provides secure access to Oracle applications of E-Business Suite R12, implementation of Single Sign On (SSO) technology. In the solution the products StoneGate SSL VPN, components of the Oracle SSO equipment, carriers of key information eToken are used. As a cryptographic core in products CIPFs of production of Crypto Pro are used.

The certified cryptographic gateway StoneGate VPN SSL integrated with the firewall is the cluster distributing loading on a system input. This equipment is integrated with corporate service Active Directory and uses a number of attributes of this service in authentication process. Besides, this equipment allows to make authentication by certificates of X.509, to set the connections protected on GOST 28147-89 algorithm, to use own mechanisms of access isolation and SSO and also to publish supplements on the built-in portal of access. At the same time direct access to the specified resources is not provided, and all traffic is passed via the firewall and by certain rules is proxied through StoneGate SSL VPN.

The centralized authentication according to digital certificates X.509 and a single input (SSO) in OEBS is performed using configured and interconnected the SSO component, entering the product StoneGate SSL VPN and also the component offered by Oracle company for deployment of SSO: Oracle Access Manager (OAM), Oracle Internet Directory (OID) and others. In authentication process data of storage of accounts of OID integrated with OEBS are used. At the same time the necessary user ID and parameters of a session which by means of the AccessGate server are transferred from OAM to OEBS forms.

At workstations of users the client for work with e-Token is established a CIPF of "the Crypto CSP Missile defense" and PKI.

Advantages

• the solution does not break a technology stack of Oracle EBS and therefore it is transparent for applications and has no negative impact on their functionality;
• the product StoneGate SSL VPN certified by FSB and FSTEC in a failsafe configuration is used that guarantees stability of the solution, the high performance, a possibility of a design execution of the portal of access under corporate style of the company;
• the solution uses the reference SSO model recommended to Oracle that also guarantees its stability;
• the solution is integrated with the corporate AD directory, can interact with different certification centers;
• the solution includes the fulfilled settings of all components: OEBS, StoneGate, SSO;
• the solution proposed by IBS company represents the technology fulfilled, being in commercial operation.

Dmitry Romanchenko, the director of the center of security technologies of IBS company, noted: "Considering the fact that IT market is characterized by use of the typified information systems, and normative regulation in questions of data protection is rather stable, the IBS company goes the way developments of complex products which can be unrolled and used on the platform of the customer in the shortest possible time with the minimum costs. The presented solution is one of such products. Proposed solution is focused on clients at whom business applications of Oracle and also other corporate systems of a similar class are implemented".