Industry Standards for Security

Siebel Business Applications adhere to common security standards to facilitate the integration of its applications into the customer environment. Siebel Business Applications are designed so that customers can choose a security infrastructure that best suits their specific business needs.

Supported standards include:

• Lightweight Directory Access Protocol (LDAP). Siebel Business Applications provide preconfigured integration with LDAP for user authentication purposes. For more information, see "Security Adapters for LDAP Authentication" and Chapter 5, "Security Adapter Authentication".

• Communications encryption. Siebel Business Applications support the use of the following technologies for communications encryption:

  • Transport Layer Security (TLS) encryption and authentication. TLS can be used to protect communications between the following:

    • Siebel Business Applications components, that is, Siebel Servers and Web servers.

    • Siebel Web servers and Siebel Web Clients, if support for the protocol is provided by the Web server. The use of TLS for Web server and Siebel Web Client communications is transparent to Siebel Business Applications.

    • Siebel Servers and Microsoft Exchange Server email servers or Siebel Servers and Microsoft Exchange Server 2007 or 2010 email servers.

  The following table lists topics that provide information on configuring TLS.

  Information Type	Topic
  Configuring TLS for communication between Siebel Web clients and Siebel Application Interface.	"About the Siebel Web Client and Using HTTPS"
  Configuring TLS for communication between Siebel components.	"Process of Configuring Secure Communications"
  Using TLS to secure user login credentials	"Implementing Secure Login"
  Using TLS to secure communications between Siebel Servers and directory servers.	"Configuring Secure Communications for Security Adapters"

  
  

  • RSA communications encryption. RSA is only available for Siebel Mobile Web Client connections.

    For supported UNIX operating systems, Windows operating systems, or cross-operating system environments, Siebel Business Applications support RSA BSAFE. RSA BSAFE is FIPS 140-1 certified.

• RSA SHA-1 password hashing. Siebel user passwords can be hashed using the SHA-1 algorithm. For more information, see "About Password Hashing".

  
  

  Note: The SHA-1 hashing algorithm is the only algorithm supported for password hashing in Siebel Enterprise. SHA-2 must not be used for any participating node, since the enterprise supports only SHA-1. In addition, the Siebel Gateway security profile does not support SiebelHash (the Siebel proprietary algorithm) and so must not be used anywhere in the enterprise.

  
  

• AES. Siebel data can be encrypted using Advanced Encryption Standard (AES). Multiple key lengths are supported for AES. For more information, see "About Data Encryption".