Siebel Security Hardening Guide
What's New in This Release
Back to top
Overview of Security Threats, Recommendations, and Standards
About This Guide
Security Threats and Vulnerabilities
General Security Recommendations
Security Standards and Programs
About the Oracle Software Security Assurance Program
Securing the Network and Infrastructure
About Securing the Network Infrastructure
Network Zones and Firewalls
Guidelines for Assigning Ports on Firewalls
Guidelines for Deploying Siebel Business Applications Across a Firewall
Routers
Network Address Translation
Load Balancers
Proxy Servers
Virtual Private Networks
About Using Internet Protocol Security
Preventing Denial of Service Attacks
Recommended Network Topologies
Network Authentication and Monitoring
Enabling Encryption of Network Traffic
Enabling Encryption Between the Web Client Browser and Web Server
Enabling Encryption Between the Web Server and Siebel Server
Enabling Encryption Between the Siebel Server and Siebel Database
Enabling Encryption for Security Adapters
About Using SSL with Siebel Enterprise Application Integration (EAI)
Securing the Siebel Web Server
Securing the Siebel Server
Securing the Siebel Client
Securing Mobile Clients
Securing Siebel Remote
Securing the Synchronization Framework
Encrypting Data in the Local Database and File System
Defining Password Management Procedures
Securing Siebel Wireless
Securing Handheld Devices Running Siebel Business Applications
Securing the Siebel Document Server
Securing Email Communications
Securing the Email Server
Encrypting Communications Between the Siebel Server and the Email Server
Deleting Processed Email Messages
Securing the Siebel Reports Environment
Securing the Operating System
About Securing Operating Systems
Protecting Files and Resources
Securing the Siebel File System
Assigning Rights to the Siebel File System
Excluding Unsafe File Types from the Siebel File System
Assigning Rights to the Siebel Service Owner Account
Applying Patches and Updates
Securing the Siebel Database
Restricting Access to the Siebel Database
Reviewing Authorization Policies
Protecting Sensitive Data in the Siebel Database
Maintaining Database Backups
Securing Siebel Business Applications
About Securing Applications
Guidelines for Deploying Siebel Business Applications
About Disabling Siebel Components
About User Authentication
Implementing Password Management Policies
General Password Policies
Defining Rules for Password Syntax
About Configuring Password Hashing for Users
Reviewing Special User Privileges
About Implementing Authorization and Access Control
Implementing Personal Visibility for the User Profile View
About Securing Application Data During Configuration
About Using Web Services
About Defending Data from HTML Injection
About Using External Business Components
About Using HTTP Methods
About Message Broadcasting
About Securing Third-Party Applications
Implementing Auditing
Operating System Auditing
Database Auditing
Siebel Business Applications Event Logging
About Siebel Audit Trail
Performing Security Testing
About Performing Security Assessments
About the Common Vulnerability Scoring System
Using Masked Data for Testing
Supported Security Standards
Payment Card Industry Data Security Standard
Common Criteria for Information Technology Security Evaluation
Federal Information Processing Standard (FIPS) 140
Default Port Allocations
Port Allocations for Siebel CRM Release 8.x