| Siebel CRM Siebel Security Hardening Guide Siebel Innovation Pack 2015 E24815-01 |
|
 Previous |
 Next |
View PDF |
| Siebel CRM Siebel Security Hardening Guide Siebel Innovation Pack 2015 E24815-01 |
|
Previous |
Next |
View PDF |
The following recommendations can enhance the security of your Siebel Servers.
Enable encryption between the Web server and Siebel Server and between the Siebel Server and the Siebel database. For additional information on encrypting communications, see "Enabling Encryption of Network Traffic".
To restrict privileges to Siebel Server processes, assign an operating system account that is specific to the Siebel Server. Make sure this account has access only to files, processes, and executable files required by Siebel Business Applications.
In Windows operating system environments, remove or limit the use of shared folders.
In UNIX operating system environments:
Do not make the Siebel Server account the root administrator.
Disable UNIX r-services (for example, rlogin, rshell, rexec, rcp).
R-services allow users to log in to and run various commands on a remote host computer. Before you can run the r-services on a remote host, you are required to provide authentication to access the host unless the local computer is listed in the .rhosts file, in which case authentication is not required. Therefore to provide the appropriate level of access and control to the Siebel Server, it is recommended that you disable the usage of r-services. Once you have disabled r-services, .rhosts files are not required and can be removed.
The user credentials in the jndi.properties file are stored in clear text format. To fix this, it is recommended that you encrypt the jndi.properties file as shown in the following procedure.
To encrypt the jndi.properties file
Set up the Siebel Server and the JMS server.
Create a named subsystem based on JMSSubsys.
Encrypt the jndi.properties file using the batch script files.
Note the following:
The batch script files include the following: EncodeJndiProperties.sh, EncodeJndiProperties.bat, Siebel.jar, and ClientAppEAIJMSBsvDll.
The batch script files use the java-based encryption utility, com.siebel.eai.jms.EncodeJndiProperties, to encrypt the jndi.properties file and set the following properties in the JMSSubsys subsystem:
JNDIEncryptionCheck. Boolean value used to verify whether the jndi.properties file is encrypted (True) or not (False). The default value for JNDIEncryptionCheck is True.
JNDIEncryptionSeed. Seed value used to encrypt and decrypt the password.
The prerequisites for running the batch scripts include:
<JNDI file name>. Full path to the jndi.properties file which is to be encrypted.
<Encryption seed>. Encryption seed for encrypting the jndi.properties credentials.
<Gateway Server Name>. Gateway server name.
<Gateway Server Port>. Gateway server port.
<Siebel Enterprise>. Siebel enterprise name.
<Username>. Username to connect to the gateway server.
<Password>. Password to connect to the server.
<Name Subsystem>. The named subsystem to set the seed for decryption.
The batch scripts expect the user to set the SIEBEL_ROOT and JAVA_HOME environment variables.
Check the jndi.properties file to confirm that the password is actually encrypted.
To confirm that the setup works, use the Business Service simulator to run a test to set messages to the JMS server using the named subsystem created is Step 0
