Siebel Security Guide > Communications and Data Encryption >
Types of Encryption
Encryption is a method of encoding data for security purposes. Siebel Business Applications support industry standards for secure Web communications and encryption of sensitive data such as passwords.
To facilitate compliance with U.S. export restrictions on encryption technology, Siebel Business Applications limit the encryption key length to 56-bit in its products. Customers who want to use encryption keys longer than 56-bit for transport layer encryption and data encryption can do so by using the Siebel Strong Encryption Pack. For more information, see About the Siebel Strong Encryption Pack.
To make sure that information remains private, Siebel Business Applications support the use of the following encryption technologies for transmitting and storing data:
- SSL encryption for Web client connections. For data security over the Internet, Siebel Business Applications use the Secure Sockets Layer, version 3.0 (SSL) capabilities of supported Web servers to secure transmission of data between the Web browser and the Web server.
Siebel Business Applications can be configured to run completely under HTTPS, have specific pages run under HTTPS (for standard interactivity only), or simply handle login requests under HTTPS. For more information, see Configuring a Siebel Web Client to Use SSL and Login Security Features.
- Encryption for SISNAPI connections (SSL, Microsoft Crypto, or RSA). For communications between Siebel components, Siebel administrators can enable encryption for SISNAPI (Siebel Internet Session API). SISNAPI is a TCP/IP-based Siebel communications protocol that provides a security and compression mechanism for network communications.
SISNAPI encryption can be based on Secure Sockets Layer, version 3.0 (SSL) or on Microsoft Crypto API or RSA algorithms. SSL and RSA are supported across multiple operating systems. By default, SISNAPI encryption based on SSL uses the DES algorithm with a 56-bit key that performs both encryption and decryption. To upgrade to the AES algorithm with 256-bit encryption keys, you have to install the Siebel Strong Encryption Pack. For more information on the Siebel Strong Encryption Pack, see About the Siebel Strong Encryption Pack.
SSL also supports certificate authentication between the Web server and the Siebel Server, or between Siebel Servers.
- SSL encryption for connection to LDAP or ADSI directories. Secure Sockets Layer (SSL) can be used for connection to certified LDAP or ADSI directories.
- SSL encryption for connections to email servers. SSL encryption is supported for connections to email servers, using Siebel Communications Server components. For more information, see Siebel Communications Server Administration Guide.
- AES and RC2 database encryption. Siebel Business Applications allow customers to encrypt sensitive information stored in the Siebel database (for example, credit card numbers, Social Security numbers, birth dates, and so on) so that it cannot be viewed without access to Siebel Business Applications.
Customers can configure Siebel Business Applications to encrypt a column's data before it is written to the database and decrypt the same data when it is retrieved. This encryption prevents attempts to view sensitive data directly from the database.
Sensitive data can be encrypted by using AES (Advanced Encryption Standard) or RC2 encryption, at various key lengths. Encryption can be enabled using Siebel Tools. For more information, see About Data Encryption.
- RC4 encryption. Siebel Business Applications use RC4 encryption to encrypt passwords stored in the siebns.dat file and to encrypt the Auto-Login Credential Cookie. The siebns.dat file stores information required by the Siebel Gateway Name Server. For more information about encrypted passwords in the siebns.dat file, see About Password Encryption. For more information about the Auto-Login Credential Cookie, see Auto-Login Credential Cookie.
- RSA SHA-1 password hashing. Siebel administrators can enable password hashing. Hashing uses a one-way hashing algorithm. The default password hashing method is RSA SHA-1. (The previous mangle algorithm is still available for existing customers.)
Password hashing invalidates the password to unauthorized external applications and prevents direct SQL access to the data by anything other than Siebel Business Applications. For more information, see About Password Hashing.
This chapter does not describe how to encrypt communications between the Siebel Server and the Database Server because this will depend on the encryption methods supported by your RDBMS vendor. For information on how to configure communications encryption between the Siebel Server and your Database Server, contact your third-party RDBMS vendor.
Figure 5 shows some of the types of encryption available in a Siebel Business Applications environment.
Figure 5. Communications Encryption in a Siebel Business Applications Environment