oow16 - ready or not: applying secure configuration to oracle e-business suite [con6712]
TRANSCRIPT
Ready or Not: A l i S C fi tiApplying Secure Configuration to Oracle E‐Business Suite
Eric Bing, Senior Director, Applications Product SecurityElke Phelps, Senior Principal Product ManagerApplications TechnologyOracle E Business Suite DevelopmentOracle E‐Business Suite Development
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted
Program AgendaProgram Agenda
Follow secure deployment recommendations1 p y
Reduce your attack surface
F ll di i id li
2
Follow auditing guidelines
Migrate to TLS 1.2
3
4
Learn about EBS on Oracle Cloud security features5
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Program AgendaProgram Agenda
Follow secure deployment recommendations1 p y
Reduce your attack surface
F ll di i id li
2
Follow auditing guidelines
Migrate to TLS 1.2
3
4
Learn about EBS on Oracle Cloud security features5
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle E‐Business Suite Secure Configuration TimelineOracle E Business Suite Secure Configuration Timeline 12.2 12.2.4 12.2.5 12.2.611i 12.112.0
11i Secure Config ration
5/200212.1 Secure C fi ti
9/201112 Secure
C fi ti
2/200712.2 Secure C fi ti
9/201412.2 Secure C fi ti
9/2016
Configuration Guide
Configuration Guide
Configuration Guide
Configuration Chapter
12 DMZConfiguration
1/2007
Secure 9/2012
EM Compliance 5/2013
Auditing 9/2015
12.2 Secure 9/201611i DMZ
Configuration
6/2004
Configuration Chapter (update)
Configuration Check Scripts
12.2 Secure 9/2012
Checks for EBS
12.2 Allowed 9/2013
12.2 Allowed 9/2014
Guidelines and Scripts
Configuration Console
12.2 “Allowed” F i
9/2016
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 4
Installation JSPs Redirects Features on in installs and upgrade
An analysis of researcher reported attacks againstAn analysis of researcher reported attacks against Oracle E‐Business Suite 12.2 showed that if you deployed your environment per our Secure Configuration Guidelines you would haveConfiguration Guidelines you would have reduced your vulnerability exposure by 77%.
Turning off products that are not used will reduce your exposure even further.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 5
What’s Available Now to Assist You?New
• New content throughout • New tool to assist with • Allowed JSPs
What s Available Now to Assist You?Documentation Secure Configuration Console On By Default (12.2.6)
the Security Administration Guide– Secure Configuration Chapter updated
secure configuration
• Easy to see where you are out of compliance
– Defines whitelist of allowed JSPs for Oracle E‐Business Suite Release 12.2Prevents access to JSPsChapter updated
– Auditing and Logging chapter updated
– New Secure Configuration
• Enable features via the console
• Guidance is provided for
– Prevents access to JSPs which are not used
• Allowed RedirectsDefines whitelist of allowedNew Secure Configuration
Console chapter
• Enabling TLS 1.2 MOS notes updated
• Guidance is provided for features that cannot be turned on via the console
– Defines whitelist of allowed redirect destinations for Oracle E‐Business Suite 12.2
– Prevents redirects that are not listed as allowed
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
• Security FAQ
Confidential – Oracle Internal/Restricted/Highly Restricted 6
not listed as allowed
Follow Secure Deployment RecommendationsFollow Secure Deployment Recommendations
Stay current with patching
F ll d l d i
A
Follow secure deployment recommendationsB
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
How to Deploy Oracle E‐Business Suite SecurelyHow to Deploy Oracle E Business Suite Securely
• Apply Critical Patch Updates (CPUs) + Security Alerts
Stay Current with Patching
pp y p ( ) y– Critical Patch Advisory Pagehttp://www.oracle.com/technetwork/topics/security/alerts‐086861.htmP d t S it U d t (PSU ) ti f th d t b– Product Security Updates (PSUs) are an option for the database• PSUs include CPUs + other database recommended patches• EBS customers may apply either CPUs or PSUs for the DB• As of 12c only PSUs will be released• As of 12c only PSUs will be released
• Apply latest maintenance pack or release update pack– Yes, Oracle E‐Business Suite maintenance packs release update packs improve
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
security as well
How to Deploy Oracle E‐Business Suite SecurelyHow to Deploy Oracle E Business Suite Securely
• Secure Configuration Guide for Oracle E‐Business Suite
Follow Secure Deployment Recommendations
g– Previously known as “Best Practice” documents– Release 12.1, MOS Doc ID 403537.1– Release 12 2 Security Administration Guide Secure Configuration Chapter– Release 12.2, Security Administration Guide, Secure Configuration Chapter
• Oracle E‐Business Suite Configuration in a DMZ– Follow this guide if your Oracle E‐Business environment is internet accessible– Release 12.1., MOS Note 380490.1– Release 12.2., MOS Note 1375670.1
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Secure Configuration ScriptsSecure Configuration Scripts • Scripts are packaged as SQL and Shell scripts
– Check for updated scripts on a periodic basis– EBSSecConfigChecks.sql – runs all (12) other SQL scripts
• Results are compiled into a single report• Comments in the scripts often contain hints for resolutionEBSCh kM dS i h– EBSCheckModSecurity.sh
– EBSCheckFormsBlockChar.sh
• You should perform routine configuration “Health Checks” – Create a baseline for your environment– Run scripts often and compare against your baseline…check for differences
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
MOS Note 2069190.1, Security Configuration and Auditing Scripts for Oracle E‐Business Suite
Secure Configuration ConsoleNew
•Check – Run the checks
•Configure – Fix a fi ti hi h i t
Secure Configuration Console
configuration which is out of compliance
•Suppress - Mute checks that are not relevant to your system
•Unsuppress - Unmutepreviously suppressed checkschecks
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 11
Secure Configuration ConsoleNew
Secure Configuration ConsoleFailure Details
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 12
Secure Configuration ConsoleNew
Security Guideline DetailsSecure Configuration Console
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 13
Oracle Enterprise Manager: Oracle E‐Business Suite Plug‐In
Out‐of‐box security compliance checks for
Compliance RulesOracle Enterprise Manager: Oracle E Business Suite Plug In
compliance checks for Oracle E‐Business Suite
Integration with Enterprise Manager compliance framework
Security compliance violations and trends are generatedgenerated
Real‐time observations of security compliance in your environment
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle E‐Business Suite 12.2 Data Masking TemplateNew
What is data masking?
Oracle E Business Suite 12.2 Data Masking Template• Enterprise Manager 13c Data Masking Pack
• The act of anonymizing customer, financial, or company‐confidential data to create new, legible data that retains the data's properties such as its width type
LAST_NAME SSN SALARY
AGUILAR 203‐33‐3234 40,000
BENSON 323‐22‐2943 60,000
Production
data s properties, such as its width, type, and format
Why mask your data?Non Production • To protect confidential data in non‐
production environments when the data is shared with non‐production users without revealing sensitive information
LAST_NAME SSN SALARY
ANSKEKSL 111—23‐1111 75,000
BKJHHEIEDK 222‐34‐1345 45,000
Non‐Production
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
without revealing sensitive information
17
Program AgendaProgram Agenda
Follow secure deployment recommendations1 p y
Reduce your attack surface
F ll di i id li
2
Follow auditing guidelines
Migrate to TLS 1.2
3
4
Learn about EBS on Oracle Cloud security features5
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Reduce Your Attack Surface• Allowed JSPs
– Defines whitelist of allowed JSPs for Oracle E‐B i S i R l 12 2
• Cookie Domain Scoping– Provide additional protection for
i i b h b d h
Reduce Your Attack Surface
Business Suite Release 12.2– Prevents access to JSPs which are not used– Enables configuration of allowed JSPs to avoid unnecessary exposure
communication between the browser and the Oracle E‐Business Suite web tier
– Define the scope for cookie sharing to avoid unnecessary exposureunnecessary exposure
• Allowed Redirects– Defines whitelist of allowed redirects for Oracle E B i S i 12 2
• DMZ Configuration– Limited number of Oracle E‐Business Suite
d ifi d f iE‐Business Suite 12.2– Prevents redirects that are not listed as allowed
– Enables configuration of allowed redirects to
products certified for internet access– Responsibilities available for external use only upon configuration
– URL Firewall exposes only the pages that are
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 19
Enables configuration of allowed redirects to avoid unnecessary exposure
URL Firewall exposes only the pages that are required
Reduce Your Attack Surface• Allowed JSPs
– Defines whitelist of allowed JSPs for Oracle E‐B i S i R l 12 2
• Cookie Domain Scoping– Provide additional protection for
i i b h b d h
Reduce Your Attack Surface
Business Suite Release 12.2– Prevents access to JSPs which are not used– Enables configuration of allowed JSPs to avoid unnecessary exposure
communication between the browser and the Oracle E‐Business Suite web tier
– Define the scope for cookie sharing to avoid unnecessary exposureunnecessary exposure
• Allowed Redirects– Defines whitelist of allowed redirects for Oracle E B i S i 12 2
• DMZ Configuration– Limited number of Oracle E‐Business Suite
d ifi d f iE‐Business Suite 12.2– Prevents redirects that are not listed as allowed
– Enables configuration of allowed redirects to
products certified for internet access– Responsibilities available for external use only upon configuration
– URL Firewall exposes only the pages that are
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 20
Enables configuration of allowed redirects to avoid unnecessary exposure
*On by default with EBS 12.2.6
URL Firewall exposes only the pages that are required
Feature Overview of Allowed JSPsFeature Overview of Allowed JSPs
• Reduces the attack surface of Oracle E‐Business Suite
Principles
• Defines whitelist of allowed JSPs for Oracle E‐Business Suite Release 12.2– A whitelist is an explicit list of items that are allowed for access
• Prevents access to JSPs which are not used• Enables configuration of actively allowed JSPs to avoid unnecessary exposureexposure
• Allows custom JSPs to be defined in the list of allowed JSPs
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 21
Allowed JSPsAllowed JSPs
• Configuration Files
Configuration Overview
Configuration Files$OA_HTML/WEB-INF/web.xml$FND_SECURE/allowed_jsps.conf - master configuration file$FND SECURE/allowed jsps <Family>.conf$ _ / _j p _ y$FND_SECURE/allowed_jsps_<Family>_<Product>.conf
– Custom configuration files may also be defined
• Profile Option– Allow Unrestricted JSP Access
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Overview of Configuring Allowed JSPsOverview of Configuring Allowed JSPsOn By Default in E‐Business Suite 12.2.6
1 Evaluate product family usage1. Evaluate product family usage
2. Cross‐check restricted JSPs against access_log
3 Add custom JSPs3. Add custom JSPs
4. Continue to refine the list (comment out JSPs not used)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Allowed JSPsNew
Allowed JSPs
• Automatically configure products in your allowed JSP configuration for you
Automatic configuration
y g p y g y– txkCfgJSPWhitelist.pl – Currently only available in 12.2.6
C fi i b d• Configuration based on–Whether we detect transactional data– How commonly the product is used
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Allowed JSPsNew
Allowed JSPs
• Two modes –
Automatic configuration
– REPORT – reports on current status, product usage and what the script will do– UPDATE – modifies the configuration files
• Usage:$ perl txkCfgJSPWhitelist.pl -contextfile=$CONTEXT_FILE -mode=reportConfiguration file Current Status Transactional Data Updated Statusallowed_jsps_CRM_ASL.conf ACTIVE ABSENT INACTIVE…allowed_jsps_CRM_AMV.conf ACTIVE AVAILABLE ACTIVE…
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Whitelisted ResourcesRoadmap
Whitelisted Resources
• Expanding out Allowed JSP feature to additional Allowed Resources
Allowed Servlets
p g– Explicit list of servlets that are exposed– Rebranding ‐ New Profile
• Security: Whitelisted Resources• Security: Whitelisted Resources– Values: All, JSPs, None
• Replaces Allow Unrestricted JSP Access
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 26
Program AgendaProgram Agenda
Follow secure deployment recommendations1 p y
Reduce your attack surface
F ll di i id li
2
Follow auditing guidelines
Migrate to TLS 1.2
3
4
Learn about EBS on Oracle Cloud security features5
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Auditing and LoggingAuditing and Logging• Documentation
–Oracle E‐Business Suite 12.2 Security Guide, Auditing and Logging Chaptery g gg g p–MOS Note 2069190.1, Security Configuration and Auditing Scripts for Oracle E‐Business Suite
• Scriptsp– Download EBSAuditScripts.zip (contains multiple SQL scripts)
• Validate audit configuration• Query audit tablesQ y• Configure database auditing
– Check periodically for updates to EBSAuditScripts.zip
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Auditing and LoggingAuditing and Logging
• Recent and current activity (monitoring)
Categories
y ( g)– Information about what is happening currently in the system– Information about the last activity performed on a specific record or by a specific session
• Historical activity– Information is similar to recent and current activity that is captured– Information is retained (historical records of activity)o at o s eta ed ( sto ca eco ds o act ty)
• Unexpected events– Unexpected Errors reported by the application or technology stack– Unexpected errors can include security related activity
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Unexpected errors can include security related activity
Auditing and Logging
• Data Changes Tracked • Apache Access Logs • Unsuccessful logon
Auditing and LoggingRecent or Current Activity Historical Activity Unexpected Events
with Row Who Columns
• Sign‐On Audit
• Session Auditing
• Page Access Tracking
• Oracle E‐Business Suite AuditTrail
attempts
• Debug logging
• OHS Apache error logs• Session Auditing
• Database connection tagging
AuditTrail
• Proxy User Auditing
• Database listener log
• OHS Apache error logs
• Database listener log
• Database alert log
• Database alert log
• Database auditing
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
• Fine‐grained auditing
Program AgendaProgram Agenda
Follow secure deployment recommendations1 p y
Reduce your attack surface
F ll di i id li
2
Follow auditing guidelines
Migrate to TLS 1.2
3
4
Learn about EBS on Oracle Cloud security features5
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Transport Layer Security (TLS) vs Secure Socket Layer (SSL)Transport Layer Security (TLS) vs Secure Socket Layer (SSL)
• TLS is the successor to SSL; HTTPS is HTTP working on top of TLS
Review
• TLS 1.2 is what we will talk about for Oracle E‐Business Suite going forward
• SSL 3.0 is no longer recommended (dead)
• TLS creates an encrypted connection between two machines allowing for private information to be transmitted without the problems of eavesdropping, data tampering, or message forgery
• Industry standards mandating the move to TLS 1.2– OMB NIST mandate (800‐52 rev1) to move to TLS 1.2– PCI council (PCI DSS v3.1) requires new implementations to be on at least TLS 1.1
i i i f S f bl S 2 b 20 8
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
• Migrate to a minimum of TLS 1.1, preferably TLS 1.2 by June 2018
TLS Addresses Recent Security Vulnerabilities• POODLE
– Padding Oracle On Downgraded Legacy Encryption
• FREAK, Logjam, RC4‐NO‐MORE– Factoring Attack on RSA‐EXPORT Keys
TLS Addresses Recent Security Vulnerabilities
– Migration to TLS (SSLv3 is turned off) – Weak DH parameters (<2048), RC4)– Disable weak cipher suites– Strong cipher suites by default
• For example, EBS R12.2 (FMW 11.1.1.9):
[000a] RSA_DES_192_CBC3_SHA [002f] RSA_WITH_AES_128_SHA [0035] RSA WITH AES 256 SHA Available[0035] RSA_WITH_AES_256_SHA [003c] RSA_WITH_AES_128_CBC_SHA256 [003d] RSA_WITH_AES_256_CBC_SHA256[009c] RSA_WITH_AES_128_GCM_SHA256[009d] RSA_WITH_AES_256_GCM_SHA384
Available withTLS 1.2
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 35
“everything less than TLS 1.2 … is y gcryptographically broken”
– Adam Langley, Google Chrome
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 36
TLS Connections in Oracle E‐Business Suite
• Inbound Connections from a client to the Oracle
• Loopback connections from Oracle E‐Business
• Outbound connections from Oracle E‐Business
TLS Connections in Oracle E Business Suite
from a client to the Oracle HTTP Server
from Oracle E Business Suite to itself
from Oracle E Business Suite to External Site(s)
Intranet User
Internet User
ExternalApplication Node
Internal Application Node
EBS Database
ExternalSite
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
DMZ
39
Examples of TLS Connections in Oracle E‐Business SuiteExamples of TLS Connections in Oracle E Business Suite
Inbound Connections• Browser access• Forms access
Loopback Connections• Workflow notification emails from Concurrent
Outbound Connections• Punchout in iProcurement• XML Gateway connection
li i• Incoming XML Gateway message
• Mobile access via a REST i
Manager tier• Payment call back from database tier
• OAM log viewer
to a partner application• Payments credit card processing
REST service • OAM log viewer
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 40
What’s New with the Certification of EBS and TLS 1.2?New
What s New with the Certification of EBS and TLS 1.2?• Oracle E‐Business Suite Release 12.2 and 12.1 Certified with TLS 1.2
– “TLS 1.2 with Backward Compatibility” aka “TLS 1.2 w/BC”p y /–Mandatory prerequisites and configuration
• Oracle E‐Business Suite Release 12.1 Uses OpenSSL• Optional Configurations
– Configuring “TLS 1.2 Only”– Disabling HTTP PortDisabling HTTP Port– Enabling TLS from Oracle HTTP Server (OHS) to Application Server (OC4J / WLS)
• Certified for EBS 12.1: OHS to OC4J• Pending certification for EBS 12 2: OHS to WebLogic Server (WLS )
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Pending certification for EBS 12.2: OHS to WebLogic Server (WLS )
Oracle Confidential – Internal/Restricted/Highly Restricted 41
What’s New with the Certification of EBS and TLS 1.2?What s New with the Certification of EBS and TLS 1.2?
EBS 12 2 EBS 12 2
For Reference Only for Existing SSL/TLS 1.0 Customers
Structure and Content for TLS 1.2
EBS 12.2MOS Note 1367293.1
Content for SSLv3 and TLS 1.0
EBS 12.2MOS Note 2143101.1 New
Note ID
New
EBS 12.1 EBS 12.1MOS Note 376700.1 MOS Note 2143099.1 New
Note ID
Content for SSLv3 and TLS 1.0Structure and Content for TLS 1.2New
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Oracle Confidential – Internal/Restricted/Highly Restricted 43
Program AgendaProgram Agenda
Follow secure deployment recommendations1 p y
Reduce your attack surface
F ll di i id li
2
Follow auditing guidelines
Migrate to TLS 1.2
3
4
Learn about EBS on Oracle Cloud security features5
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle E‐Business Suite on Oracle CloudOracle E Business Suite on Oracle CloudSecurity Lists and Security Rules
Security ListSecList1 SecList3 SecList4 SecList5
Allows you to control network access to or from Oracle Compute Cloud Service
instances.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 46
Oracle E‐Business Suite on Oracle CloudOracle E Business Suite on Oracle CloudSecurity Lists and Security Rules
S it Li tSecurity ListAllows you to control network access to or
from Oracle Compute Cloud Service i
SecList1 SecList2 SecList3 SecList4
Security RuleLike a firewall rule allows you to define
instances.
Like a firewall rule, allows you to define what traffic is permitted between security
lists, instances and external hosts.Allow DB Port
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 47
Oracle E‐Business Suite on Oracle CloudOracle E Business Suite on Oracle CloudAdditional Security with Security Lists and Security Rules
EBS App Node 1
EBS EBS i i i
env_appenv_otd env_db[host]_provm
DB Node OTDProvisioning Tools VM
VPN/Security IP List
EBS App Node 2
on-premises
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 49
Oracle E‐Business Suite on Oracle CloudOracle E Business Suite on Oracle CloudAdditional Security with Security Lists and Security Rules
Allow ssh
EBS App Node 1
EBS EBS i i i
env_appenv_otd env_db[host]_provm
Allow ssh
DB Node OTDProvisioning Tools VM
EBS App Node 2
Allow ssh
Allow ssh
on-premises
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 50
Oracle E‐Business Suite on Oracle CloudOracle E Business Suite on Oracle CloudAdditional Security with Security Lists and Security Rules
Allow http/https
EBS App Node 1
EBS EBS i i i
env_appenv_otd env_db[host]_provm
DB Node OTDProvisioning Tools VM
VPN/Security IP List
EBS App Node 2
Allow http/https
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 51
on-premises Oracle Cloud
Oracle E‐Business Suite on Oracle CloudOracle E Business Suite on Oracle CloudAdditional Security with Security Lists and Security Rules
Allow required portsAllow required ports
EBS App Node 1
EBS EBS i i i
env_appenv_otd env_db[host]_provm
DB Node OTDProvisioning Tools VM
VPN/Security IP List
EBS App Node 2
Allow required ports
Allow required ports
Allow required ports
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 52
Oracle Cloud
dRoadmap
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 53
Oracle E‐Business Suite SecurityRoadmap
• Turn additional security • Certify Database 12c • Certify Database Vault for
Oracle E Business Suite SecurityOracle Cloud & On‐Premises Oracle Cloud On‐Premises
features on by default
• Whitelisted Resources
• Add additional checks to
Database Vault (DBCS) with EBS 12.2
• Provide an improved
EBS 12.2 with Database 12c and 11gR2
• Certify Database Vault for • Add additional checks to the Secure Configuration Console
• Certify EBS 12 1 Data
process for enabling TDE with EBS 12.1.3 and EBS 12.2 on DBCS
EBS 12.1.3 and Database 12c
• Certify EBS 12.1 Data Masking Templates with EM13cR1
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Confidential – Oracle Internal/Restricted/Highly Restricted 54