OAAM Pre-Authentication OAAM AuthenticationPad

OAAM Security and Autolearning Policies 11-9

11.5.3 Post-Authentication Policies

This section summarizes the post-authentication policies.

11.5.3.1 OAAM Post-Authentication Security

This policy evaluates the level of risk after authentication is successful. The possible actions are Allow, Block, or Challenge.

11.5.3.1.1 OAAM Post-Authentication Security Policy Summary

11.5.3.1.2 OAAM Post-Authentication Security Flow Diagram

Table 11–6 OAAM AuthenticationPad Policy Trigger Combinations Description Combination Detail Result Empty in the snapshot Detect Mobile Browser Check if Mobile Browser is Used = TRUE Challenge SMS = Any Registered Image and Caption =Any Key Pad User = Any Challenge Email = Any Challenge Question = Any Register Challenge Question = Any Action = OAAM HTML Pad Alert = NONE Score = 0 Empty in the snapshot Unregistered Users Check if Mobile Browser is Used = Any Register Challenge Question = Any Challenge SMS = FALSE Registered Image and Caption = FALSE Key Pad User = FALSE Challenge Email = FALSE Challenge Question = FALSE Action = OAAM Text Pad Alert = NONE Score = 0 Empty in the snapshot Registered Users Register Challenge Question = Any Check if Mobile Browser is Used = Any Challenge SMS = FALSE Registered Image and Caption = TRUE Key Pad User = FALSE Challenge Email = FALSE Challenge Question = FALSE Action = OAAM Text Pad Personalized Alert = NONE Score = 0 Table 11–7 OAAM Post-Authentication Security Policy Summary Summary Details Purpose Evaluates the level of risk after authentication is successful. The possible actions are Allow, Block, or Challenge. Scoring Engine Maximum Weight 100 Group Linking All Users 11-10 Oracle Fusion Middleware Administrators Guide for Oracle Adaptive Access Manager Figure 11–6 OAAM Post Authentication Security Flow OAAM Security and Autolearning Policies 11-11

11.5.3.1.3 OAAM Post-Authentication Security: Details of Rules

The table below shows the rule conditions and parameters in the OAAM Post-Authentication Security Policy. Table 11–8 OAAM Post Authentication Security Policy Rules Details Rule Rule Condition and Parameter Values Results Active Anonymizer Location: IP in Group Is in List = TRUE IP in group = anonymizer_active Action = OAAM Block Alert = OAAM Active Anonymizer IP Score = 1000 Suspect Anonymizer Location: IP in Group Is in List = TRUE IP in group = anonymizer_suspect Action = OAAM Challenge Alert = OAAM Suspected Anonymizer IP Score = 700 Unknown Anonymizer Location: IP in Group Is in List = TRUE IP in group = anonymizer_active Action = OAAM Challenge Alert = OAAM Unknown Anonymizer IP Score = 600 Private Anonymizer Location: IP in Group Is in List = TRUE IP in group = anonymizer_private Action = OAAM Challenge Alert = OAAM Private Anonymizer IP Score = 700 Risky Connection Type Location: IP Connection Type in Group Is in List = TRUE Connection type in group = OAAM High Risk Connection Types Action = OAAM Challenge Alert = OAAM Risky Connection type Score = 700 User Blocked Recently User: Action Timed Check Action = BLOCK In seconds = 28800 More than = 2 Action = OAAM Challenge Alert = User Blocked Recently Score = 700 Maximum Users per Device Device: User Count Seconds Elapsed = 2592000 Max number of users allowed = 5 Action = OAAM Challenge Alert = OAAM Device Multiple Users Score = 500 Dormant IP Location: IP Connection type in group Is in List = FALSE Connection type group = OAAM Mobile Connections Location: IP Excessive Use Number of Users = 4 Within hours = 24 And not used in days = 30 Action = OAAM Challenge Alert = OAAM Dormant IP Score = 500 11-12 Oracle Fusion Middleware Administrators Guide for Oracle Adaptive Access Manager

11.5.3.1.4 OAAM Post-Authentication Security: Trigger Combinations

None

11.5.3.2 OAAM Predictive Analysis

This policy harnesses the predictive capabilities of Oracle Data Miner. The rules in this policy are only functional if Oracle Data Miner is configured.

11.5.3.2.1 OAAM Predictive Analysis Policy Summary

Surge of Users from IP Location: IP Connection type in group Is in List = FALSE Connection type group = OAAM Mobile Connections Location: IP is AOL Is AOL = False Location: IP Maximum Users Seconds Elapsed = 300 Max number of users = 3 Action = OAAM Challenge Alert = OAAM IP Multiple Users Score = 600 Risky countries Location: In Country Group Is in List = TRUE Country in country group = OAAM Monitoring Countries Action = OAAM Challenge Alert = OAAM Monitored Country Score = 500 Dormant Device Device: Excessive Use Number of Users = 4 Within hours = 24 And not used in days = 30 Action = OAAM Challenge Alert = OAAM Dormant Device Score = 500 Device with Many Failures Device: Timed not status Authentication status is not = SUCCESS Within duration seconds = 28800 For more than 4 times Action = OAAM Challenge Alert = OAAM Many Failures from Device Score =600 Maximum Devices per User User: Check Devices Used Maximum number of devices = 2 Within duration seconds = 28800 Action = OAAM Challenge Alert = OAAM Max Devices for User Score =300 Risky Device Device: In List Is in group= TRUE Device in group = OAAM Risky Devices Action = OAAM Challenge Alert = OAAM Risky Device Score = 700 Device Maximum Velocity Device: Velocity from last login Last Login within Seconds = 72000 Miles per Hour is more than = 600 Action = OAAM Challenge Alert = OAAM Device Maximum Velocity Score =700 Risky IP Location: IP in group Is in List = TRUE IP List = OAAM Risky IPs Action = OAAM Challenge Alert = OAAM Risky IP Score = 700 Table 11–8 Cont. OAAM Post Authentication Security Policy Rules Details Rule Rule Condition and Parameter Values Results OAAM Security and Autolearning Policies 11-13

11.5.3.2.2 OAAM Predictive Analysis Flow Diagram

Figure 11–7 OAAM Predictive Analysis Policy Flow

11.5.3.2.3 OAAM Predictive Analysis Policy: Details of Rules

The table below shows the rule conditions and parameters in the OAAM Predictive Analysis Policy.

11.5.3.2.4 OAAM Predictive Analysis Policy: Trigger Combination

None Table 11–9 OAAM Predictive Analysis Policy Summary Summary Details Purpose Harnesses the predictive capabilities of Oracle Data Miner. These rules are only functional if Oracle Data Miner is configured. Scoring Engine Maximum Weight 100 Group Linking Linked Users Table 11–10 OAAM Predictive Analysis Policy Rules Details Rule Rule Condition and Parameters Results Predict if current session is fraudulent USER: Check Fraudulent User Request Classification Model = OAAM Fraud Request Model Required Classification = Fraud Minimum Value of Probability required = 0.70 Maximum Value of Probability required = 1.00 Default Value to return if error = FALSE Action = NONE Alert = OAAM Suspected Fraudulent request Score = 700 Predict if current session is anomalous USER: Check Anomalous User Request Anomaly Model = OAAM Anomalous Request Model Minimum Value of Probability required = 0.60 Maximum Value of Probability required = 1.00 Default Value to return if error = FALSE Action = NONE Alert = OAAM Anomalous Request Score = 600