Bookshelf Home | Contents | Index | PDF     

Siebel Security Hardening Guide > Securing Siebel Business Applications >

Guidelines for Deploying Siebel Business Applications

This topic provides guidelines for minimizing security vulnerabilities when deploying Siebel Business Applications. Consider the following:

  • Verify that the environment in which Siebel Business Applications is to be deployed is secure. Verify that the underlying platform (operating system, Web server, and database server) upon which Siebel Business Applications reside or are connected to has been secured using the respective vendor's security guides and has been checked against your organization's security policy.
  • Do not configure an email relay service or other communications service on any of the computers where Siebel Business Applications reside. If email is needed, then permit only outgoing email to notify administrators of any critical events. With applications such as Siebel Email Marketing, configure the Siebel Server to forward the emails to an email relay service on another server in the demilitarized zone, which can forward the emails to the appropriate destination. For additional information, see Siebel Marketing Installation and Administration Guide.
  • Enforce a server-management policy. For example, system administrators log in to servers using their respective personal user IDs and password (with administrative privileges) instead of the default administrator accounts.
  • Delete optional learning aids. For example, delete the sample Siebel database and demo data. For information on deleting the sample Siebel database, see Siebel Installation Guide for the operating system you are using.
  • Disable or uninstall optional Siebel Business Applications components that are not required in your environment. For information, see About Disabling Siebel Components.
  • Install application-specific patches. For additional information on the patches available with Siebel Business Applications, see Critical Patch Updates for Siebel Business Applications.
  • Store all application-specific files in a directory. Limit the attack surface to this directory and any subdirectories it contains.
  • Add application-layer authentication.
      
Siebel Security Hardening Guide Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices.