General Security Recommendations

Align the policies you create to secure your Siebel CRM environment with the overall security policies and principles adopted by your organization. Some of the general policies recommended to help protect your Siebel CRM deployment and infrastructure include the following:

• Restricting network access

• Following the principle of least privilege when setting up access controls

• Monitoring activity by enabling a minimum level of logging (auditing and reviewing)

• Keeping up-to-date with the latest security information

• Configuring accounts securely, including securing session management

• Setting security parameters

• Running security-maintenance reports regularly

• Enforcing secure coding practices, for example, data validation, when creating custom code and scripts

• Encrypting Web and network communications and sensitive data in the Siebel database, for example, credit card numbers and passwords

• Installing approved enterprise-wide antivirus software to protect servers and workstations, and updating virus pattern files on a periodic and emergency basis as recommended by the vendor