Siebel CRM Siebel Security Hardening Guide Siebel Innovation Pack 2015 E24815-01 |
|
Previous |
Next |
View PDF |
To secure your Siebel Business Applications environment, you must understand the security threats that exist and the typical approaches used by attackers. This understanding helps you to identify the correct countermeasures that you must adopt. The common security threats include:
Computer viruses (malware)
Code injection
SQL injection
Cross-site scripting (XSS)
Denial of service attacks (DoS)
The following practices can make your applications vulnerable to malicious attacks:
Using weak passwords
Moving data between applications, computers, and sites
Allowing information leaks
Allowing nonsecure coding practices when configuring Siebel Business Applications
Monitor security sites for information on newly discovered vulnerabilities affecting third-party components or applications that are integrated with Siebel Business Applications software. Some of the well-known Web sites that contain information on security incidents with vulnerabilities and patches are as follows:
www.cert.org
www.sans.org
www.insecure.org
www.cisecurity.org
www.securityfocus.com (hosts the Bugtraq mailing list)
Perform security risk assessments regularly to identify possible security vulnerabilities in your environment, then address any issues. For information on this task, see Chapter 8, "Performing Security Testing." For general information on preventing security attacks and vulnerabilities in your environment, see "General Security Recommendations".