|Bookshelf Home | Contents | Index | PDF|
Stored data can be selectively encrypted at the field level, and access to this data can be secured. In addition, data can be converted into an encrypted form for transmission over a network. Encrypting communications safeguards such data from unauthorized access. Transmitted data must be protected from intrusive techniques (such as sniffer programs) that can capture data and monitor network activity.
End-to-end encryption protects confidentiality along the entire data path: from the client browser, to the Web server, to the Siebel Server, to the database, and back. Figure 2 shows the types of encryption available for communications within the Siebel environment.
Siebel Business Applications run using the Siebel Web Client in a standard Web browser. When a user accesses a Siebel application, a Web session is established between the browser and the Siebel Server, with the Web server in between. Secure Sockets Layer (SSL) protects against session hijacking when sensitive data is transmitted. Siebel Business Applications support 128-bit SSL data encryption, an extremely secure level of protection for Internet communications.
Siebel software components communicate over the network using a Siebel TCP/IP-based protocol called SISNAPI (Siebel Internet Session API). Customers have the option to secure SISNAPI using Secure Sockets Layer (SSL) or embedded encryption from RSA or Microsoft Crypto APIs. These technologies allow data to be transmitted securely between the Web server and the Siebel Server.
For more information, see Configuring Secure Communications.
Siebel Business Applications allow customers to encrypt sensitive information stored in the database so that it cannot be viewed without access to the Siebel application. Customers can configure Siebel software to encrypt a field of data before it is written to the database and decrypt the same data when it is retrieved. This prevents attempts to view sensitive data directly from the database. Siebel Business Applications support data encryption using AES and RC2 algorithms.
For more information, see Configuring Data Encryption.
|Security Guide for Siebel Business Applications|