Siebel Security Hardening Guide > Overview of Security Threats, Recommendations, and Standards >

General Security Recommendations

Align the policies you create to secure your Siebel Business Applications environment with the overall security policies and principles adopted by your organization. Some of the general policies recommended to help protect your Siebel Business Applications deployment and infrastructure include the following:

• Restricting network access
• Following the principle of least privilege when setting up access controls
• Monitoring activity by enabling a minimum level of logging (auditing and reviewing)
• Keeping up-to-date with the latest security information
• Configuring accounts securely, including securing session management
• Setting security parameters
• Running security-maintenance reports regularly
• Enforcing secure coding practices, for example, data validation, when creating custom code and scripts
• Encrypting Web and network communications and sensitive data in the Siebel database, for example, credit card numbers and passwords
• Installing approved enterprise-wide antivirus software to protect servers and workstations, and updating virus pattern files on a periodic and emergency basis as recommended by the vendor

Patch Management

Implement a patch management process to make sure that all the software in your environment is updated with the latest software versions and security patches. You must make sure all updates and patches for Siebel Business Applications are applied. Also make sure that all updates are applied for the other software that is required to run Siebel Business Applications, but that is not shipped by Oracle. Some examples include your operating system software and browser software.

Critical Patch Updates for Siebel Business Applications

Oracle uses critical patch updates to release security patches for all its applications, including Siebel Business Applications. Critical patch updates are issued each quarter and consist of multiple security fixes in one patch.

For a list of the latest critical patch updates and security alerts for Siebel Business Applications available from Oracle, and for information on security vulnerabilities fixed in a critical patch update, go to the Oracle Critical Patch Updates and Security Alerts Web site at

http://www.oracle.com/technetwork/topics/security/alerts-086861.html

Oracle provides information about product security vulnerabilities only as part of the critical patch update or Security Alert notification process.