Siebel Security Hardening Guide

What's New in This Release

Back to top

Overview of Security Threats, Recommendations, and Standards

About This Guide

Security Threats and Vulnerabilities

General Security Recommendations

Security Standards and Programs

About the Oracle Software Security Assurance Program

Back to top

Securing the Network and Infrastructure

About Securing the Network Infrastructure

Network Zones and Firewalls

Guidelines for Assigning Ports on Firewalls

Guidelines for Deploying Siebel Business Applications Across a Firewall


Network Address Translation

Load Balancers

Proxy Servers

Virtual Private Networks

About Using Internet Protocol Security

Preventing Denial of Service Attacks

Recommended Network Topologies

Network Authentication and Monitoring

Enabling Encryption of Network Traffic

Enabling Encryption Between the Web Client Browser and Web Server

Enabling Encryption Between the Web Server and Siebel Server

Enabling Encryption Between the Siebel Server and Siebel Database

Enabling Encryption for Security Adapters

About Using SSL with Siebel Enterprise Application Integration (EAI)

Securing the Siebel Web Server

Securing the Siebel Server

Securing the Siebel Client

Securing Mobile Clients

Securing Siebel Remote

Securing the Synchronization Framework

Encrypting Data in the Local Database and File System

Defining Password Management Procedures

Securing Siebel Wireless

Securing Handheld Devices Running Siebel Business Applications

Securing the Siebel Document Server

Securing Email Communications

Securing the Email Server

Encrypting Communications Between the Siebel Server and the Email Server

Deleting Processed Email Messages

Securing the Siebel Reports Environment

Back to top

Securing the Operating System

About Securing Operating Systems

Protecting Files and Resources

Securing the Siebel File System

Assigning Rights to the Siebel File System

Excluding Unsafe File Types from the Siebel File System

Assigning Rights to the Siebel Service Owner Account

Applying Patches and Updates

Back to top

Securing the Siebel Database

Restricting Access to the Siebel Database

Reviewing Authorization Policies

Protecting Sensitive Data in the Siebel Database

Maintaining Database Backups

Back to top

Securing Siebel Business Applications

About Securing Applications

Guidelines for Deploying Siebel Business Applications

About Disabling Siebel Components

About User Authentication

Implementing Password Management Policies

General Password Policies

Defining Rules for Password Syntax

About Configuring Password Hashing for Users

Reviewing Special User Privileges

About Implementing Authorization and Access Control

Implementing Personal Visibility for the User Profile View

About Securing Application Data During Configuration

About Using Web Services

About Defending Data from HTML Injection

About Using External Business Components

About Using HTTP Methods

About Message Broadcasting

About Securing Third-Party Applications

Back to top

Implementing Auditing

Operating System Auditing

Database Auditing

Siebel Business Applications Event Logging

About Siebel Audit Trail

Back to top

Performing Security Testing

About Performing Security Assessments

About the Common Vulnerability Scoring System

Using Masked Data for Testing

Back to top

Supported Security Standards

Payment Card Industry Data Security Standard

Common Criteria for Information Technology Security Evaluation

Federal Information Processing Standard (FIPS) 140

Back to top

Default Port Allocations

Port Allocations for Siebel CRM Release 8.x

Back to top

Siebel Security Hardening Guide Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.