Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Communications and Data Encryption >

Types of Encryption

Encryption is a method of encoding data for security purposes. Siebel Business Applications support industry standards for secure Web communications and encryption of sensitive data such as passwords.

Siebel Business Applications limit the encryption key length to 56-bits in its products. If you want to use encryption keys longer than 56-bits for transport layer encryption and data encryption, then you can do so by using the Siebel Strong Encryption Pack. For more information, see About the Siebel Strong Encryption Pack.

Communications Encryption

To make sure that information remains private, Siebel Business Applications support the use of the following encryption technologies for communications:

  • SSL or TLS encryption for Web client connections. For data security over the Internet, Siebel Business Applications support the use of the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) capabilities of supported Web servers to secure transmission of data between the Web browser and the Web server. The use of SSL or TLS for Web server and Siebel Web Client communications is transparent to Siebel Business Applications. For information on configuring SSL or TLS for Web server communications with the browser, see the vendor documentation.

    Siebel Business Applications can be configured to run completely under HTTPS, have specific pages run under HTTPS (for standard interactivity only), or simply handle login requests under HTTPS. For more information, see Configuring a Siebel Web Client to Use HTTPS and Login Security Features.

  • Encryption for SISNAPI connections (SSL, TLS, Microsoft Crypto, or RSA). For communications between Siebel components, Siebel administrators can enable encryption for SISNAPI (Siebel Internet Session API). SISNAPI is a TCP/IP-based Siebel communications protocol that provides a security and compression mechanism for network communications.

    SISNAPI encryption can be based on SSL, TLS, or on Microsoft Crypto API or RSA algorithms. SSL, TLS, and RSA are supported on multiple operating systems. By default, SISNAPI encryption based on SSL and TLS uses the DES algorithm with a 56-bit key that performs both encryption and decryption. To upgrade to the AES algorithm with 256-bit encryption keys, use the Siebel Strong Encryption Pack. For information, see About the Siebel Strong Encryption Pack.

    SSL and TLS also support certificate authentication between the Web server and the Siebel Server, or between Siebel Servers.

  • SSL encryption for secure connection to Lightweight Directory Access Protocol (LDAP) or Active Directory Service Interfaces (ADSI) directories. SSL can be used for connections to certified LDAP directories or Active Directory.
  • SSL or TLS encryption for connections to email servers. SSL encryption is supported for connections to email servers using Siebel Communications Server components. TLS encryption is supported for connections to Microsoft Exchange Server 2007 or 2010 email servers. For information, see Siebel Email Administration Guide.

    NOTE:  The functionality described in this topic requires that you install Siebel CRM Release 8.1.1.8 or later, or 8.2.2.1 or later. For information, see the applicable Siebel Maintenance Release Guide on My Oracle Support.

  • Encryption of communications between the Siebel Server and the Siebel database. The encryption technologies available to encrypt communications between the Siebel Server and the database depends on the encryption methods supported by your RDBMS vendor. For information on how to configure communications encryption between the Siebel Server and the Siebel database, contact your third-party RDBMS vendor.

Figure 3 shows some of the types of communications encryption available in a Siebel Business Applications environment.

Figure 3. Communications Encryption in the Siebel Application Environment

The encryption mechanisms illustrated in Figure 3 are as follows:

  1. Web client and wireless client connections. If supported by your Web server, SSL and TLS can be used to secure transmission of data between the Web browser and the Web server.
  2. Siebel Mobile Web Client connections. You can use either MSCRYPTO or RSA encryption for Mobile Web Client communications with the Siebel Remote server.
  3. Email server connections. SSL or TLS encryption for connections to email servers is supported.
  4. SISNAPI connections. SISNAPI encryption of communications between Siebel components can be based on SSL, TLS, or on Microsoft Crypto API or RSA algorithms.

Data Encryption

To make sure that information remains private, Siebel Business Applications support the use of the following encryption technologies for storing data:

  • AES and RC2 database encryption. Siebel Business Applications allow customers to encrypt sensitive information stored in the Siebel database (for example, credit card numbers, Social Security numbers, birth dates, and so on) so that it cannot be viewed without access to the Siebel application.

    Customers can configure Siebel Business Applications to encrypt a column's data before it is written to the database and decrypt the same data when it is retrieved. This encryption prevents attempts to view sensitive data directly from the database.

    Sensitive data can be encrypted by using AES (Advanced Encryption Standard) or RC2 encryption, at various key lengths. Encryption can be enabled using Siebel Tools. For more information, see About Data Encryption.

  • RC4 encryption. Siebel Business Applications use RC4 encryption to encrypt passwords stored in the siebns.dat file and to encrypt the Auto-Login Credential Cookie. The siebns.dat file stores information required by the Siebel Gateway Name Server. For more information about encrypted passwords in the siebns.dat file, see About Encryption of Gateway Name Server Password Parameters. For more information about the Auto-Login Credential Cookie, see Auto-Login Credential Cookie.
  • RSA SHA-1 password hashing. Siebel administrators can enable password hashing for user passwords or for database credentials. Hashing uses a one-way hashing algorithm. The default password hashing method is RSA SHA-1. (The previous mangle algorithm is still available for existing customers.)

    The Siebel administrator password is stored in the Gateway Name Server file, siebns.dat, and is not hashed; passwords in siebns.dat are encrypted using RC4 encryption.

    Password hashing invalidates the password to unauthorized external applications and prevents direct SQL access to the data by anything other than Siebel Business Applications. For more information, see About Password Hashing.

  • Encryption of the Siebel File System and server disks containing Siebel Business Applications data. It is recommended that you encrypt the Siebel File System and all server disks containing Siebel Business Applications data using third-party products or encryption features provided by your operating system. For information on the encryption technologies available, see the relevant operating system or third-party documentation. For additional information about securing the Siebel File System, see Siebel Security Hardening Guide.
    
Siebel Security Guide Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.