| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
 Previous |
 Next |
View PDF |
| Siebel CRM Siebel Security Guide Siebel Innovation Pack 2015 E24814-01 |
|
Previous |
Next |
View PDF |
Encryption is a method of encoding data for security purposes. Siebel Business Applications support industry standards for secure Web communications, and for encryption of sensitive data such as passwords. The following topics outline the standards supported:
Siebel Business Applications limit the encryption key length to 56-bits in its products. If you want to use encryption keys longer than 56-bits for transport layer encryption and data encryption, then you can do so by using Siebel Strong Encryption. For more information, see "About Siebel Strong Encryption".
To make sure that information remains private, Siebel Business Applications support the use of the following encryption technologies for communications:
TLS encryption for Web client connections. For data security over the Internet, Siebel Business Applications support the use of the Transport Layer Security (TLS) capabilities of supported Web servers to secure transmission of data between the Web browser and the Web server. The use of TLS for Web server and Siebel Web Client communications is transparent to Siebel Business Applications. For information on configuring TLS for Web server communications with the browser, see the vendor documentation.
Siebel Business Applications can be configured to run completely under HTTPS, have specific pages run under HTTPS (for standard interactivity only), or simply handle login requests under HTTPS. For more information, see "Configuring a Siebel Web Client to Use HTTPS" and "Login Security Features".
Encryption for SISNAPI connections (TLS, Microsoft Crypto, or RSA). For communications between Siebel components, Siebel administrators can enable encryption for SISNAPI (Siebel Internet Session API). SISNAPI is a TCP/IP-based Siebel communications protocol that provides a security and compression mechanism for network communications.
SISNAPI encryption can be based on TLS, or on Microsoft Crypto API or RSA algorithms. TLS and RSA are supported on multiple operating systems. By default, SISNAPI encryption based on TLS uses the DES algorithm with a 56-bit key that performs both encryption and decryption. To upgrade to the AES algorithm with 256-bit encryption keys, use Siebel Strong Encryption. For information, see "About Siebel Strong Encryption".
TLS also supports certificate authentication between the Web server and the Siebel Server, or between Siebel Servers.
TLS encryption for connections to directory servers. TLS encryption is supported for connections to certified LDAP directories. TLS encryption is supported for connection to Active Directory.
TLS encryption for connections to email servers. TLS encryption is supported for connections to email servers using Siebel Communications Server components. TLS encryption is supported for connections to Microsoft Exchange Server 2007 or 2010 email servers. For information, see Siebel Email Administration Guide.
Encryption of communications between the Siebel Server and the Siebel database. Encryption of communications between the Siebel Server and the Siebel database. The encryption technologies available to encrypt communications between the Siebel Server and the database depends on the encryption methods supported by your RDBMS vendor. For information on how to configure communications encryption between the Siebel Server and the Siebel database, contact your third-party RDBMS vendor.
Figure 4-1 shows some of the types of communications encryption available in a Siebel Business Applications environment.
The encryption mechanisms illustrated in Figure 4-1 are as follows:
Web client and wireless client connections. If supported by your Web server, TLS can be used to secure transmission of data between the Web browser and the Web server.
Siebel Mobile Web Client connections. You can use either MSCRYPTO or RSA encryption for Mobile Web Client communications with the Siebel Remote server.
Email server connections. TLS encryption for connections to email servers is supported.
SISNAPI connections. SISNAPI encryption of communications between Siebel components can be based on TLS, or on Microsoft Crypto API or RSA algorithms.
To make sure that information remains private, Siebel Business Applications support the use of the following encryption technologies for storing data:
AES database encryption. Siebel Business Applications allow customers to encrypt sensitive information stored in the Siebel database (for example, credit card numbers, Social Security numbers, birth dates, and so on) so that it cannot be viewed without access to the Siebel application.
Customers can configure Siebel Business Applications to encrypt a column's data before it is written to the database and decrypt the same data when it is retrieved. This encryption prevents attempts to view sensitive data directly from the database. Sensitive data can be encrypted by using AES encryption at various key lengths. Encryption can be enabled using Siebel Tools. For more information, see "About Data Encryption".
|
Note: Implement AES encryption using Siebel Strong Encryption for increased data security. |
Siebel Business Applications also use AES encryption to encrypt passwords stored in the siebns.dat file. The siebns.dat file stores information required by the Siebel Gateway Name Server. For more information about encrypted passwords in the siebns.dat file, see "About Encryption of Gateway Name Server Password Parameters".
RC4 encryption. Siebel Business Applications use RC4 encryption to encrypt passwords stored in the Auto-Login Credential Cookie. For more information about the Auto-Login Credential Cookie, see "Auto-Login Credential Cookie".
RSA SHA-1 password hashing. Siebel administrators can enable password hashing for user passwords or for database credentials. Hashing uses a one-way hashing algorithm. The default password hashing method is RSA SHA-1. (The previous mangle algorithm is still available for existing customers.)
The Siebel administrator password is stored in the Gateway Name Server file, siebns.dat, and is not hashed; passwords in siebns.dat are encrypted using AES encryption.
Password hashing invalidates the password to unauthorized external applications and prevents direct SQL access to the data by anything other than Siebel Business Applications. For more information, see "About Password Hashing".
Encryption of the Siebel File System and server disks containing Siebel Business Applications data. It is recommended that you encrypt the Siebel File System and all server disks containing Siebel Business Applications data using third-party products or encryption features provided by your operating system. For information on the encryption technologies available, see the relevant operating system or third-party documentation. For additional information about securing the Siebel File System, see Siebel Security Hardening Guide.
