Guidelines for Deploying Siebel Business Applications

This topic provides guidelines for minimizing security vulnerabilities when deploying Siebel CRM. Consider the following:

• Verify that the environment in which Siebel CRM is to be deployed is secure. Verify that the underlying platform (operating system, Web server, and database server) upon which Siebel CRM resides or is connected to has been secured using the respective vendor's security guides and has been checked against your organization's security policy.

• Do not configure an email relay service or other communications service on any of the computers where Siebel CRM residse. If email is needed, then permit only outgoing email to notify administrators of any critical events. With applications such as Siebel Email Marketing, configure the Siebel Server to forward the emails to an email relay service on another server in the demilitarized zone, which can forward the emails to the appropriate destination. For additional information, see Siebel Marketing Installation and Administration Guide.

• Enforce a server-management policy. For example, system administrators log in to servers using their respective personal user IDs and password (with administrative privileges) instead of the default administrator accounts.

• Delete optional learning aids. For example, delete the sample Siebel database and demo data. For information on deleting the sample Siebel database, see Siebel Installation Guide.

• Disable or uninstall optional Siebel CRM components that are not required in your environment. For information, see About Disabling Siebel Components.

• Install application-specific patches. For additional information on the patches available with Siebel CRM, see Critical Patch Updates for Siebel CRM.

• Store all application-specific files in a directory. Limit the attack surface to this directory and any subdirectories it contains.

• Add application-layer authentication.