Siebel Security Hardening Guide > Securing the Network and Infrastructure >

Network Authentication and Monitoring

The following authentication practices are recommended to secure your network:

• Maintain and implement authentication information centrally in a Web single sign-on (SSO) environment, then copy the information to the demilitarized zone. It is recommended that the authentication information in the demilitarized zone is read-only, is encrypted while stored, and is encrypted when transferred between the authentication database and other components.
• Maintain access to the internal resources from any external network on the least-privilege principle to protect the internal network from being compromised.
• Allow services through the firewall only from specific IP addresses to specific IP addresses, depending on the business requirement.
• Deploy network-based Intrusion Detection Systems (IDS) in stealth mode within the zones of control, and restrict access to log files and to methods of setting log levels so that intruders cannot cover their tracks.

  Network-based IDS can be deployed to provide identification and notification capabilities and can be used to complement firewalls in thwarting attacks. Implement a real-time monitoring mechanism to react to any critical penetration attempts in a timely manner.

• Setup and maintain host-based IDS on bastion hosts (for example, email relay) with appropriate monitoring mechanisms in place to react to access violations. Deploy host-based IDS on all key computers to defend against common and company-specific violations from insiders and outsiders. Host-based IDS can help with monitoring and reporting user and network activity, auditing system configurations and vulnerabilities, checking file integrity, recognizing attack patterns, and auditing user activity for policy violations.
• Use scanning tools to find common security violations.
• Add all networking patches.
• Enable auditing and track users' login activity.

  For information on configuring and using Siebel Audit Trail, see Siebel Applications Administration Guide and Implementing Auditing.