Siebel Security Hardening Guide > Securing the Network and Infrastructure >

Securing the Siebel Client

The following general guidelines are applicable for securing all client computers that access Siebel Business Applications. For specific information on security recommendations for mobile clients, see Securing Mobile Clients.

Enabling ActiveX Controls

Siebel Business Applications in high-interactivity mode use ActiveX technology to deliver several features, for example, email client integration. A browser running a high-interactivity application must be enabled to access and use ActiveX controls. You can do one of the following:

• Allow users to download ActiveX controls on demand from a Web server.

  This option is not preferred because it requires that users are assigned permissions associated with power users.

• Deploy the required ActiveX controls on users' computers (recommended option).

  If you deploy ActiveX controls on users' computers, then you can configure the client-browser settings to prevent additional ActiveX controls from being downloaded. For information on deploying ActiveX controls, see Siebel System Administration Guide.

If you are not using supported security-setting templates for applicable Web content zones for your Siebel Business Applications in high-interactivity mode, then to enable full functionality related to ActiveX controls you must manually enable the Internet Explorer ActiveX settings. For information on this task, see the chapter on configuring the browser for Siebel Web clients in Siebel System Administration Guide.

You can optionally deploy Siebel Business Applications using the Siebel Open UI. Siebel Open UI does not use third-party plug-ins, such as ActiveX or Java, and is therefore more secure than other Siebel user interface modes. It is recommended that you implement the Siebel Open UI if appropriate for your Siebel implementation. For additional information, see Configuring Siebel Open UI.

NOTE:  The functionality described in this topic requires that you install Siebel CRM Release 8.1.1.9 or later, or 8.2.2.2 or later. For information, see the applicable Siebel Maintenance Release Guide on My Oracle Support.

Encrypting Communications for Web Clients

It is recommended that you secure all communications between the Siebel Web Client and the Web server using either TLS or SSL, if support for these protocols is provided by your Web server. Encryption is not set by default. For additional information, see Enabling Encryption Between the Web Client Browser and Web Server.

Providing Physical Security for the Client Device

The physical security of the client device is handled outside of Siebel Business Applications. You can use utilities that provide computer-level security by enforcing computer passwords or encrypting the computer hard drive. Most leading handheld devices have user-enabled passwords.

It is recommended that you use a two-factor authentication approach (for example, RSA Secure ID) for network components; this is a security process that confirms user identities using something users have and something they know. Requiring two different forms of electronic identification reduces the risk of fraud and protects against password attacks.

Defining a Policy for Unattended Personal Computer Sessions

Users should not leave workstations unattended while they are logged in to Siebel Business Applications; doing so makes their computer potentially accessible to unauthorized users. Define a corporate policy for handling unattended PC sessions. Oracle recommends using password-locked screen saver features on all PCs.

Keeping Browser Software Updated

Update browser software when new versions are released; new releases often include additional security features. If you are using Internet Explorer, then check the Microsoft Web site for the latest browser security patches.

Certain features and functions in Siebel Business Applications work in conjunction with security or other settings on the Web browser. Some of the security features provided by supported browsers and operating systems are not supported when used with Siebel Business Applications.

Detailed information about the browser settings used in deploying Siebel clients is provided in Siebel System Administration Guide. For more information about the settings in your Web browser, see the documentation that came with your browser, and Siebel System Requirements and Supported Platforms on Oracle Technology Network.

NOTE:  For Siebel CRM product releases 8.1.1.9 and later and for 8.2.2.2 and later, the system requirements and supported platform certifications are available from the Certification tab on My Oracle Support. For information about the Certification application, see article 1492194.1 (Article ID) on My Oracle Support.

Updating Security Patches

To protect against malicious software (malware), apply security patches provided by the desktop operating system provider on a regular basis. The same is true of patches released by antivirus software suppliers, and by companies that provide other third-party software products supported by Siebel Business Applications.