Contents

List of Figures

List of Tables

Title and Copyright Information

Preface

• Audience
• Documentation Accessibility
• Related Documents
• Conventions

1 What's New in This Release

• What's New in Siebel Security Hardening Guide, Siebel Innovation Pack 2015
• What's New in Siebel Security Hardening Guide, Siebel Innovation Pack 2014

2 Overview of Security Threats, Recommendations, and Standards

• About This Guide
• Security Threats and Vulnerabilities
• General Security Recommendations
  • Patch Management
  • Critical Patch Updates for Siebel Business Applications
• Security Standards and Programs
• About the Oracle Software Security Assurance Program
• About Using Transport Layer Security with Siebel CRM

3 Securing the Network and Infrastructure

• About Securing the Network Infrastructure
  • Network Zones and Firewalls
  • Guidelines for Assigning Ports on Firewalls
  • Guidelines for Deploying Siebel Business Applications Across a Firewall
  • Routers
  • Network Address Translation
  • Load Balancers
  • Proxy Servers
  • Forward Proxy Servers
  • Reverse Proxy Servers
  • Virtual Private Networks
  • About Using Internet Protocol Security
  • Preventing Denial of Service Attacks
• Recommended Network Topologies
  • Network Configuration for Medium-Scale Deployments of Siebel Business Applications
  • Network Configuration for Large-Scale Siebel Deployments
• Network Authentication and Monitoring
• Enabling Encryption of Network Traffic
  • Enabling Encryption Between the Web Client Browser and Web Server
  • Enabling Encryption Between the Web Server and Siebel Server
  • Enabling Encryption Between the Siebel Server and Siebel Database
  • Enabling Encryption for Security Adapters
  • About Using TLS with Siebel Enterprise Application Integration (EAI)
• Securing the Siebel Web Server
  • Implementing a Proxy Server
  • Monitoring Disk Space
  • Removing Unnecessary Subdirectories (Windows)
  • Assigning Web Server File Permissions (Windows)
  • Encrypting Communications to the Web Server
  • Encrypting Passwords in the eapps.cfg File
  • Securing User Session IDs
  • Setting Security Features of the Siebel Web Server Extension
• Securing the Siebel Server
  • Encrypting Communications to the Siebel Server
  • Restricting Siebel Server Access
  • Encrypting the jndi.properties File
• Securing the Siebel Client
  • Deploying Siebel Open UI
  • Enabling ActiveX Controls for High Interactivity Clients
  • Encrypting Communications for Web Clients
  • Providing Physical Security for the Client Device
  • Defining a Policy for Unattended Personal Computer Sessions
  • Keeping Browser Software Updated
  • Updating Security Patches
• Securing Mobile Clients
• Securing Siebel Remote
  • Securing the Synchronization Framework
  • Authenticating the Mobile Web Client
  • Encrypting Communications
  • Encrypting DX Transaction Files
  • Using a VPN When Synchronizing Through the Internet
  • Encrypting Data in the Local Database and File System
  • Local Database
  • Local Siebel File System
  • Defining Password Management Procedures
• Securing Siebel Wireless
• Securing Handheld Devices Running Siebel Business Applications
• Securing the Siebel Document Server
• Securing Email Communications
  • Securing the Email Server
  • Encrypting Communications Between the Siebel Server and the Email Server
  • Deleting Processed Email Messages
• Securing the Siebel Reports Environment
  • Guidelines for Providing Additional Security for Oracle BI Publisher

4 Securing the Operating System

• About Securing Operating Systems
• Protecting Files and Resources
• Securing the Siebel File System
  • Assigning Rights to the Siebel File System
  • Assigning Rights to the Siebel File System on Windows
  • Assigning Rights to the Siebel File System on UNIX
  • Excluding Unsafe File Types from the Siebel File System
  • About Potentially Unsafe File Types
  • Enabling File Extension Checking
  • About File Extension Checking on the Siebel Mobile Web Client
• Assigning Rights to the Siebel Service Owner Account
  • Assigning Rights to the Siebel Service Owner Account on Windows
  • Assigning Rights to the Siebel Service Owner Account on UNIX
• Applying Patches and Updates

5 Securing the Siebel Database

• Restricting Access to the Siebel Database
• Reviewing Authorization Policies
• Protecting Sensitive Data in the Siebel Database
• Maintaining Database Backups

6 Securing Siebel Business Applications

• About Securing Applications
• Guidelines for Deploying Siebel Business Applications
• About Disabling Siebel Components
• About User Authentication
• Implementing Password Management Policies
  • General Password Policies
  • Defining Rules for Password Syntax
  • About Configuring Password Hashing for Users
• Reviewing Special User Privileges
• About Implementing Authorization and Access Control
  • View-Level Access Control
  • Record-Level Access Control
• Implementing Personal Visibility for the User Profile View
• About Securing Application Data During Configuration
  • About Using Web Services
  • About Defending Data from HTML Injection
  • Displaying HTML Content
  • Specifying Trusted Server Names
  • About Using External Business Components
  • About Using HTTP Methods
• About Message Broadcasting
• About Securing Third-Party Applications

7 Implementing Auditing

• Operating System Auditing
• Database Auditing
• Siebel Business Applications Event Logging
• About Siebel Audit Trail

8 Performing Security Testing

• About Performing Security Assessments
• About the Common Vulnerability Scoring System
• Using Masked Data for Testing
  • Methods of Masking Data

A Supported Security Standards

• Payment Card Industry Data Security Standard
• Common Criteria for Information Technology Security Evaluation
• Federal Information Processing Standard (FIPS) 140

B Default Port Allocations

• Port Allocations for Siebel CRM Release 8.x

Index