Siebel Security Hardening Guide > Securing the Network and Infrastructure >

Securing the Siebel Server

The following recommendations can enhance the security of your Siebel Servers.

Encrypting Communications to the Siebel Server

Enable encryption between the Web server and Siebel Server and between the Siebel Server and the Siebel database. For additional information on encrypting communications, see Enabling Encryption of Network Traffic.

Restricting Siebel Server Access

To restrict privileges to Siebel Server processes, assign an operating system account that is specific to the Siebel Server. Make sure this account has access only to files, processes, and executable files required by Siebel Business Applications.

• In Windows operating system environments, remove or limit the use of shared folders.
• In UNIX operating system environments:
  • Do not make the Siebel Server account the root administrator.
  • Disable UNIX r-services (for example, rlogin, rshell, rexec, rcp).

    R-services allow users to log in to and run various commands on a remote host computer. Before you can run the r-services on a remote host, you are required to provide authentication to access the host unless the local computer is listed in the .rhosts file, in which case authentication is not required. Therefore to provide the appropriate level of access and control to the Siebel Server, it is recommended that you disable the usage of r-services. Once you have disabled r-services, .rhosts files are not required and can be removed.