SAP Security and Authorizations
Risk Management and Compliance with Legal Regulations in the SAP Environment
(Sprache: Englisch)
This book gives technical consultants, IT managers, and authorization administrators an in-depth look at all aspects of IT security in the SAP NetWeaver environment. An introduction to the overall subject matter helps you get up to speed quickly on topics...
Leider schon ausverkauft
versandkostenfrei
Buch
69.95 €
Produktdetails
Produktinformationen zu „SAP Security and Authorizations “
This book gives technical consultants, IT managers, and authorization administrators an in-depth look at all aspects of IT security in the SAP NetWeaver environment. An introduction to the overall subject matter helps you get up to speed quickly on topics like risk evaluation, creating control options, designing security measures - and teaches you the appropriate procedures for implementing the supporting processes. You'll also benefit from an overview of international security standards and legal regulations (e.g., Sarbanes-Oxley Act and Basel II), and you'll discover the best SAP security strategies and practices to ensure compliance.
The second part of the book is dedicated to the technical implementation of these security measures. From the authorization concept to measures concerning infrastructure in the portal environment and collaboration scenarios with SAP XI through to process planning, the authors leave no rock unturned. This book uses examples to describe the potential risks as well as specific application and system security concepts for individual SAP components and solutions.
Bonus: Includes a complete map of the Global Security Positioning System - an ideal navigation aid, not only while reading the book but also for ongoing assistance with your daily work.
Highlights Include:
- SAP security strategies and best practices
- Basic principles of technical security
- Risk and control management
- Legal and intra-enterprise requirements
- Country-specific security standards
- Application security for SAP NetWeaver and SAP solutions
- Technical implementation
- Graphical display of technology layers using the Global Security Positioning System
Klappentext zu „SAP Security and Authorizations “
This book gives technical consultants, IT managers, and authorization administrators an in-depth look at all aspects of IT security in the SAP NetWeaver environment. An introduction to the overall subject matter helps you get up to speed quickly on topics like risk evaluation, creating control options, designing security measures and teaches you the appropriate procedures for implementing the supporting processes. You ll also benefit from an overview of international security standards and legal regulations (e.g., Sarbanes-Oxley Act and Basel II), and you'll discover the best SAP security strategies and practices to ensure compliance.The second part of the book is dedicated to the technical implementation of these security measures. From the authorization concept to measures concerning infrastructure in the portal environment and collaboration scenarios with SAP XI through to process planning, the authors leave no rock unturned. This book uses examples to describe the potential risks as well as specific application and system security concepts for individual SAP components and solutions.Bonus: Includes a complete map of the Global Security Positioning System an ideal navigation aid, not only while reading the book but also for ongoing assistance with your daily work.
Inhaltsverzeichnis zu „SAP Security and Authorizations “
Foreword by Prof. Wolfgang Lassmann ... 15Foreword by Dr. Sachar Paulus ... 17
1 Introduction ... 21
1.1 Background ... 21
1.2 Contents ... 23
1.3 How to Read This Book ... 23
1.4 Acknowledgements ... 24
Part 1 Basic Principles of Risk Management and IT Security
2 Risk and Control Management ... 27
2.1 Security Objectives ... 27
2.2 Company Assets ... 29
... 2.2.1 Types of Company Assets ... 31
... 2.2.2 Classification of Company Assets ... 32
2.3 Risks ... 33
... 2.3.1 Types of Risks ... 34
... 2.3.2 Classification of Risks ... 36
2.4 Controls ... 37
... 2.4.1 Types of Controls ... 37
... 2.4.2 Classification of Controls ... 38
3 Security Strategy ... 41
3.1 Status Quo ... 41
3.2 Components ... 43
... 3.2.1 General Framework ... 44
... 3.2.2 Strategy ... 44
... 3.2.3 Methods ... 45
... 3.2.4 Best Practices ... 46
... 3.2.5 Documentation ... 47
3.3 Best Practices of an SAP Security Strategy ... 47
... 3.3.1 Procedure ... 47
... 3.3.2 Principle of Information Ownership ... 56
... 3.3.3 Identity Management ... 61
4 Requirements ... 67
4.1 Legal Requirements ... 67
... 4.1.1 Sarbanes-Oxley Act ... 68
... 4.1.2 Basel II ... 76
... 4.1.3 GoBS ... 79
4.2 Internal Requirements ... 81
4.3 Summary ... 82
5 Security Standards 83
5.1 International Security Standards ... 83
... 5.1.1 International Security Standard ISO 17799 ... 83
... 5.1.2 International Security Standard CoBIT ... 87
... 5.1.3 COSO-Integrated Framework for Company Risk Management ... 90
5.2 Country-Specific Security Standards ... 94
... 5.2.1 American Standard NIST Special Publications 800-12 ... 94
... 5.2.2 German Security Standard IT Baseline Protection of the BSI ... 96
6 Basic Principles of Technical Security ... 101
6.1 Cryptography ... 101
... 6.1.1 Symmetric Encryption Procedure ... 102
... 6.1.2 Asymmetric Encryption Procedure ... 103
... 6.1.3 Hybrid Encryption Procedure ... 104
... 6.1.4 Hash Procedures ... 106
... 6.1.5 Digital
... mehr
Signature ... 107
6.2 Public Key Infrastructure ... 109
6.3 Authentication Procedures ... 111
... 6.3.1 User Name and Password ... 111
... 6.3.2 Challenge Response ... 111
... 6.3.3 Kerberos ... 112
... 6.3.4 Secure Token ... 113
... 6.3.5 Digital Certificate ... 113
... 6.3.6 Biometrics ... 113
6.4 Basic Principles of Networks ... 114
... 6.4.1 OSI Reference Model ... 114
... 6.4.2 Important Network Protocols ... 117
... 6.4.3 Overview of Firewall Technologies ... 118
... 6.4.4 Secure Sockets Layer Encryption ... 120
Part 2 Security in SAP NetWeaver and Application Security
7 SAP Applications and Technology ... 123
7.1 Global Security Positioning System ... 123
7.2 SAP Applications ... 123
7.3 SAP NetWeaver ... 125
7.4 Security Technologies ... 127
... 7.4.1 Authorizations, Risk and Change Management, and Auditing ... 127
... 7.4.2 Identity Management ... 128
... 7.4.3 Secure Authentication and Single Sign-On (SSO) ... 129
... 7.4.4 Technical Security ... 130
... 7.4.5 Influencing Factors ... 131
8 SAP Web Application Server ... 135
8.1 Introduction and Functions ... 135
... 8.1.1 Overview ... 135
... 8.1.2 Technical Architecture ... 136
8.2 Risks and Controls ... 137
8.3 Application Security ... 145
... 8.3.1 Technical Authorization Concept for Administrators ... 145
... 8.3.2 Authorization Concept for Java Applications ... 152
... 8.3.3 Restricting Authorizations for RFC Calls ... 157
8.4 Technical Security ... 161
... 8.4.1 Introducing a Single Sign-On Authentication Mechanism ... 161
... 8.4.2 Connecting the SAP Web AS to a Central LDAP Directory ... 163
... 8.4.3 Changing the Default Passwords for Default Users ... 165
... 8.4.4 Configuring Security on the SAP Gateway ... 165
... 8.4.5 Restricting Operating System Access ... 167
... 8.4.6 Configuring Important Security System Parameters ... 168
... 8.4.7 Configuring Encrypted Communication Connections (SSL and SNC) ... 170
... 8.4.8 Restricting Superfluous Internet Services ... 174
... 8.4.9 Secure Network Architecture for Using the SAP Web AS with the Internet ... 176
... 8.4.10 Introducing an Application-Level Gateway to Make Internet Applications Secure ... 176
... 8.4.11 Introducing Hardening Measures on the Operating System Level ... 177
... 8.4.12 Introducing a Quality Assurance Process for Software Development ... 177
9 SAP ERP Central Component ... 181
9.1 Introduction and Functions ... 181
9.2 Risks and Controls ... 181
9.3 Application Security ... 187
... 9.3.1 Authentication ... 187
... 9.3.2 Authorizations ... 188
... 9.3.3 Other Authorization Concepts ... 202
... 9.3.4 Best-Practice Solutions ... 213
9.4 Technical Security ... 221
10 mySAP ERP Human Capital Management ... 223
10.1 Introduction and Functions ... 223
10.2 Risks and Controls ... 223
10.3 Application Security ... 229
... 10.3.1 HCM Master Data Authorizations ... 231
... 10.3.2 HCM Applicant Authorizations ... 232
... 10.3.3 HCM Personnel Planning Authorizations ... 233
... 10.3.4 HCM Reporting Authorizations ... 233
... 10.3.5 Structural Authorizations ... 233
... 10.3.6 Authorizations for Personnel Development ... 234
... 10.3.7 Tolerated Authorizations ... 234
... 10.3.8 Authorizations for Inspection Procedures ... 234
... 10.3.9 Customized Authorization Checks ... 235
... 10.3.10 Indirect Role Assignment Through the Organizational Structure ... 235
... 10.3.11 Additional Transactions Relevant to Internal Controls ... 236
10.4 Technical Security ... 236
11 SAP Industry Solutions ... 237
11.1 Introduction and Functions ... 237
11.2 Risks and Controls ... 238
11.3 Application Security ... 240
... 11.3.1 SAP Max Secure ... 240
... 11.3.2 SAP Role Manager ... 241
11.4 Technical Security ... 244
12 SAP NetWeaver Business Intelligence ... 245
12.1 Introduction and Functions ... 245
12.2 Risks and Controls ... 247
12.3 Application Security ... 249
... 12.3.1 Authorizations ... 249
... 12.3.2 Other Concepts ... 254
12.4 Technical Security ... 258
13 SAP NetWeaver Master Data Management ... 261
13.1 Introduction and Functions ... 261
13.2 Risks and Controls ... 262
13.3 Application Security ... 266
... 13.3.1 Identity Management and Authorizations ... 267
... 13.3.2 Revision Security ... 272
13.4 Technical Security ... 273
... 13.4.1 Communications Security ... 273
... 13.4.2 Important Additional GSPS Components ... 274
14 mySAP Customer Relationship Management ... 275
14.1 Introduction and Functions ... 275
14.2 Risks and Controls ... 275
14.3 Application Security ... 277
14.4 Technical Security ... 284
... 14.4.1 Technical Protection of the Mobile Application ... 285
... 14.4.2 Additional Important GSPS Components ... 285
15 mySAP Supplier Relationship Management ... 287
15.1 Introduction and Functions ... 287
15.2 Risks and Controls ... 288
15.3 Application Security ... 289
... 15.3.1 Important Authorizations ... 289
... 15.3.2 Rules-Based Security Checks Using Business Partner Attributes ... 297
... 15.3.3 User Management ... 300
15.4 Technical Security ... 301
16 mySAP Supply Chain Management ... 303
16.1 Introduction and Functions ... 303
16.2 Risks and Controls ... 303
16.3 Application Security ... 304
... 16.3.1 Authorizations for the iPPE Workbench ... 304
... 16.3.2 Authorizations for Supply Chain Planning ... 305
... 16.3.3 Authorizations for Event Management ... 305
16.4 Technical Security ... 306
17 SAP Strategic Enterprise Management ... 307
17.1 Introduction and Functions ... 307
17.2 Risks and Controls ... 308
17.3 Application Security ... 309
17.4 Technical Security ... 309
18 SAP Solution Manager ... 311
18.1 Introduction and Functions ... 311
18.2 Risks and Controls ... 314
18.3 Application Security ... 316
18.4 Technical Security ... 318
... 18.4.1 System Monitoring Function ... 318
... 18.4.2 RFC Communication Security ... 319
... 18.4.3 Important Additional GSPS Components ... 319
19 SAP Enterprise Portal ... 321
19.1 Introduction and Functions ... 321
... 19.1.1 Technical architecture ... 322
... 19.1.2 Description of the User Management Engine ... 324
19.2 Risks and Controls ... 328
19.3 Application Security ... 335
... 19.3.1 Structure and Design of Portal Roles ... 335
... 19.3.2 Delegated User Administration for Portal Roles by Involving the Information Owners ... 341
... 19.3.3 Synchronization of Portal Roles with the ABAP Roles of SAP Backend Applications ... 344
... 19.3.4 Change Management Process for New Portal Content ... 350
19.4 Technical Security ... 352
... 19.4.1 Connecting SAP EP to a Central LDAP Directory or SAP System ... 352
... 19.4.2 Implementation of a Single Sign-On Mechanism Based on a One-Factor Authentication ... 354
... 19.4.3 Implementation of a Single Sign-On Mechanism Based on an Integrated Authentication ... 357
... 19.4.4 Implementation of a Single Sign-On Mechanism Based on Person-Related Certificates ... 359
... 19.4.5 Configuration for Anonymous Access ... 361
... 19.4.6 Secure Initial Configuration ... 362
... 19.4.7 Definition and Implementation of Security Zones ... 363
... 19.4.8 Secure Network Architecture ... 365
... 19.4.9 Introducing an Application-Level Gateway to Make Portal Applications Secure ... 368
... 19.4.10 Configuration of Encrypted Communication Channels ... 371
... 19.4.11 Implementation of a Virus Scan for Avoiding a Virus Infection ... 373
20 SAP Exchange Infrastructure ... 375
20.1 Introduction and Functions ... 375
20.2 Risks and Controls ... 379
20.3 Application Security ... 384
... 20.3.1 Authorizations for the Integration Builder ... 384
... 20.3.2 Passwords and Authorizations for Technical Service Users ... 385
20.4 Technical Security ... 387
... 20.4.1 Definition of Technical Service Users for Communication Channels at Runtime ... 387
... 20.4.2 Setting Up Encryption for Communication Channels ... 388
... 20.4.3 Digital Signature for XML-Based Messages ... 394
... 20.4.4 Encryption of XML-Based Messages ... 399
... 20.4.5 Network-Side Security for Integration Scenarios ... 399
... 20.4.6 Audit of the Integration Builder and the SAP XI Communication ... 401
... 20.4.7 Securing the File Adapter at Operating-System Level ... 404
21 SAP Partner Connectivity Kit ... 405
21.1 Introduction and Functions ... 405
21.2 Risks and Controls ... 406
21.3 Application Security ... 409
21.4 Technical Security ... 410
... 21.4.1 Separate Technical Service User for Every Connected Partner System ... 410
... 21.4.2 Setting Up Encryption for Communication Channels ... 410
... 21.4.3 Digital Signature for XML-Based Messages ... 410
... 21.4.4 Network-Side Security for Integration Scenarios ... 410
... 21.4.5 Audit of the Message Exchange ... 410
... 21.4.6 Securing the File Adapter at Operating-System Level ... 411
22 SAP Mobile Infrastructure ... 413
22.1 Introduction and Functionality ... 413
22.2 Risks and Controls ... 415
22.3 Application Security ... 419
... 22.3.1 Authorization Concept for SAP MI Applications ... 419
... 22.3.2 Authorization Concept for Administration ... 422
... 22.3.3 Restricting the Authorizations of the RFC User to Backend Applications ... 423
22.4 Technical Security ... 424
... 22.4.1 Setting Up Encrypted Communications Connections ... 424
... 22.4.2 Securing the Synchronization Communication ... 425
... 22.4.3 Deactivating Superfluous Services on the SAP MI Server ... 427
... 22.4.4 Secure Network Architecture ... 427
... 22.4.5 Monitoring ... 428
23 Database Server ... 431
23.1 Introduction and Functions ... 431
23.2 Risks and Controls ... 431
23.3 Application Security ... 434
23.4 Technical Security ... 435
... 23.4.1 Changing Default Passwords ... 435
... 23.4.2 Removing Unnecessary Database Users ... 438
... 23.4.3 Limiting Database Access ... 438
... 23.4.4 Design and Implementation of a Database Backup Concept ... 439
... 23.4.5 Design and Implementation of an Upgrade Concept ... 440
24 SAP Web Dispatcher ... 441
24.1 Introduction and Functions ... 441
24.2 Risks and Controls ... 441
24.3 Application Security ... 443
24.4 Technical Security ... 443
... 24.4.1 Use of SAP Web Dispatcher as a Reverse Proxy ... 443
... 24.4.2 Configuration of SAP Web Dispatcher as a URL Filter ... 445
... 24.4.3 SSL Configuration ... 447
... 24.4.4 Monitoring ... 449
25 SAProuter ... 451
25.1 Introduction and Functions ... 451
25.2 Risks and Controls ... 451
25.3 Application Security ... 452
25.4 Technical Security ... 452
26 SAP Internet Transaction Server ... 455
26.1 Introduction and Functions ... 455
26.2 Risks and Controls ... 457
26.3 Application Security ... 460
... 26.3.1 Defining Access Rights for Service Files ... 460
... 26.3.2 Administration Concept ... 461
26.4 Technical Security ... 462
... 26.4.1 Installing a DMZ Network Segmentation ... 462
... 26.4.2 Encrypting Communications Connections ... 463
... 26.4.3 Setting Up a Certificate-Based Authentication Process ... 466
... 26.4.4 Setting Up a Pluggable Authentication Service ... 467
27 SAP GUI ... 471
27.1 Introduction and Functions ... 471
27.2 Risks and Controls ... 471
27.3 Application Security ... 474
... 27.3.1 Types of Signatures ... 474
... 27.3.2 Supported Electronic Document Formats ... 476
... 27.3.3 Technical Implementation of the SSF Functions ... 476
... 27.3.4 Saving Digitally Signed Documents ... 479
... 27.3.5 Installing the SSF Functions ... 480
27.4 Technical Security ... 481
... 27.4.1 SSO for the WebGUI by Integration into the OS Authentication Process ... 481
... 27.4.2 SSO for the WebGUI by Using Digital Certificates ... 481
... 27.4.3 Restricting Access to an SAP Web AS Using SAProuter ... 483
28 Web Browser ... 485
28.1 Introduction and Functions ... 485
28.2 Risks and Controls ... 486
28.3 Application Security ... 487
28.4 Technical Security ... 487
... 28.4.1 Anti-Virus Software and Its Update for the Desktop PC ... 487
... 28.4.2 Using a Personal Firewall on the Desktop PC ... 488
... 28.4.3 Security Settings for the Web Browser ... 488
29 Mobile Devices ... 491
29.1 Introduction and Functions ... 491
29.2 Risks and Controls ... 491
29.3 Application Security ... 494
29.4 Technical Security ... 495
... 29.4.1 Using Mobile Devices with Authentication Mechanism ... 495
... 29.4.2 Implementing an Encryption Method for Storage Media ... 496
... 29.4.3 Implementing Anti-Virus Protection ... 496
... 29.4.4 Installing a Personal Firewall ... 496
... 29.4.5 Implementing a Backup Concept ... 497
... 29.4.6 Setting Up Access Rights for Important System Files ... 497
... 29.4.7 Fostering a User's Security Awareness ... 497
The Authors 499
Index 501
6.2 Public Key Infrastructure ... 109
6.3 Authentication Procedures ... 111
... 6.3.1 User Name and Password ... 111
... 6.3.2 Challenge Response ... 111
... 6.3.3 Kerberos ... 112
... 6.3.4 Secure Token ... 113
... 6.3.5 Digital Certificate ... 113
... 6.3.6 Biometrics ... 113
6.4 Basic Principles of Networks ... 114
... 6.4.1 OSI Reference Model ... 114
... 6.4.2 Important Network Protocols ... 117
... 6.4.3 Overview of Firewall Technologies ... 118
... 6.4.4 Secure Sockets Layer Encryption ... 120
Part 2 Security in SAP NetWeaver and Application Security
7 SAP Applications and Technology ... 123
7.1 Global Security Positioning System ... 123
7.2 SAP Applications ... 123
7.3 SAP NetWeaver ... 125
7.4 Security Technologies ... 127
... 7.4.1 Authorizations, Risk and Change Management, and Auditing ... 127
... 7.4.2 Identity Management ... 128
... 7.4.3 Secure Authentication and Single Sign-On (SSO) ... 129
... 7.4.4 Technical Security ... 130
... 7.4.5 Influencing Factors ... 131
8 SAP Web Application Server ... 135
8.1 Introduction and Functions ... 135
... 8.1.1 Overview ... 135
... 8.1.2 Technical Architecture ... 136
8.2 Risks and Controls ... 137
8.3 Application Security ... 145
... 8.3.1 Technical Authorization Concept for Administrators ... 145
... 8.3.2 Authorization Concept for Java Applications ... 152
... 8.3.3 Restricting Authorizations for RFC Calls ... 157
8.4 Technical Security ... 161
... 8.4.1 Introducing a Single Sign-On Authentication Mechanism ... 161
... 8.4.2 Connecting the SAP Web AS to a Central LDAP Directory ... 163
... 8.4.3 Changing the Default Passwords for Default Users ... 165
... 8.4.4 Configuring Security on the SAP Gateway ... 165
... 8.4.5 Restricting Operating System Access ... 167
... 8.4.6 Configuring Important Security System Parameters ... 168
... 8.4.7 Configuring Encrypted Communication Connections (SSL and SNC) ... 170
... 8.4.8 Restricting Superfluous Internet Services ... 174
... 8.4.9 Secure Network Architecture for Using the SAP Web AS with the Internet ... 176
... 8.4.10 Introducing an Application-Level Gateway to Make Internet Applications Secure ... 176
... 8.4.11 Introducing Hardening Measures on the Operating System Level ... 177
... 8.4.12 Introducing a Quality Assurance Process for Software Development ... 177
9 SAP ERP Central Component ... 181
9.1 Introduction and Functions ... 181
9.2 Risks and Controls ... 181
9.3 Application Security ... 187
... 9.3.1 Authentication ... 187
... 9.3.2 Authorizations ... 188
... 9.3.3 Other Authorization Concepts ... 202
... 9.3.4 Best-Practice Solutions ... 213
9.4 Technical Security ... 221
10 mySAP ERP Human Capital Management ... 223
10.1 Introduction and Functions ... 223
10.2 Risks and Controls ... 223
10.3 Application Security ... 229
... 10.3.1 HCM Master Data Authorizations ... 231
... 10.3.2 HCM Applicant Authorizations ... 232
... 10.3.3 HCM Personnel Planning Authorizations ... 233
... 10.3.4 HCM Reporting Authorizations ... 233
... 10.3.5 Structural Authorizations ... 233
... 10.3.6 Authorizations for Personnel Development ... 234
... 10.3.7 Tolerated Authorizations ... 234
... 10.3.8 Authorizations for Inspection Procedures ... 234
... 10.3.9 Customized Authorization Checks ... 235
... 10.3.10 Indirect Role Assignment Through the Organizational Structure ... 235
... 10.3.11 Additional Transactions Relevant to Internal Controls ... 236
10.4 Technical Security ... 236
11 SAP Industry Solutions ... 237
11.1 Introduction and Functions ... 237
11.2 Risks and Controls ... 238
11.3 Application Security ... 240
... 11.3.1 SAP Max Secure ... 240
... 11.3.2 SAP Role Manager ... 241
11.4 Technical Security ... 244
12 SAP NetWeaver Business Intelligence ... 245
12.1 Introduction and Functions ... 245
12.2 Risks and Controls ... 247
12.3 Application Security ... 249
... 12.3.1 Authorizations ... 249
... 12.3.2 Other Concepts ... 254
12.4 Technical Security ... 258
13 SAP NetWeaver Master Data Management ... 261
13.1 Introduction and Functions ... 261
13.2 Risks and Controls ... 262
13.3 Application Security ... 266
... 13.3.1 Identity Management and Authorizations ... 267
... 13.3.2 Revision Security ... 272
13.4 Technical Security ... 273
... 13.4.1 Communications Security ... 273
... 13.4.2 Important Additional GSPS Components ... 274
14 mySAP Customer Relationship Management ... 275
14.1 Introduction and Functions ... 275
14.2 Risks and Controls ... 275
14.3 Application Security ... 277
14.4 Technical Security ... 284
... 14.4.1 Technical Protection of the Mobile Application ... 285
... 14.4.2 Additional Important GSPS Components ... 285
15 mySAP Supplier Relationship Management ... 287
15.1 Introduction and Functions ... 287
15.2 Risks and Controls ... 288
15.3 Application Security ... 289
... 15.3.1 Important Authorizations ... 289
... 15.3.2 Rules-Based Security Checks Using Business Partner Attributes ... 297
... 15.3.3 User Management ... 300
15.4 Technical Security ... 301
16 mySAP Supply Chain Management ... 303
16.1 Introduction and Functions ... 303
16.2 Risks and Controls ... 303
16.3 Application Security ... 304
... 16.3.1 Authorizations for the iPPE Workbench ... 304
... 16.3.2 Authorizations for Supply Chain Planning ... 305
... 16.3.3 Authorizations for Event Management ... 305
16.4 Technical Security ... 306
17 SAP Strategic Enterprise Management ... 307
17.1 Introduction and Functions ... 307
17.2 Risks and Controls ... 308
17.3 Application Security ... 309
17.4 Technical Security ... 309
18 SAP Solution Manager ... 311
18.1 Introduction and Functions ... 311
18.2 Risks and Controls ... 314
18.3 Application Security ... 316
18.4 Technical Security ... 318
... 18.4.1 System Monitoring Function ... 318
... 18.4.2 RFC Communication Security ... 319
... 18.4.3 Important Additional GSPS Components ... 319
19 SAP Enterprise Portal ... 321
19.1 Introduction and Functions ... 321
... 19.1.1 Technical architecture ... 322
... 19.1.2 Description of the User Management Engine ... 324
19.2 Risks and Controls ... 328
19.3 Application Security ... 335
... 19.3.1 Structure and Design of Portal Roles ... 335
... 19.3.2 Delegated User Administration for Portal Roles by Involving the Information Owners ... 341
... 19.3.3 Synchronization of Portal Roles with the ABAP Roles of SAP Backend Applications ... 344
... 19.3.4 Change Management Process for New Portal Content ... 350
19.4 Technical Security ... 352
... 19.4.1 Connecting SAP EP to a Central LDAP Directory or SAP System ... 352
... 19.4.2 Implementation of a Single Sign-On Mechanism Based on a One-Factor Authentication ... 354
... 19.4.3 Implementation of a Single Sign-On Mechanism Based on an Integrated Authentication ... 357
... 19.4.4 Implementation of a Single Sign-On Mechanism Based on Person-Related Certificates ... 359
... 19.4.5 Configuration for Anonymous Access ... 361
... 19.4.6 Secure Initial Configuration ... 362
... 19.4.7 Definition and Implementation of Security Zones ... 363
... 19.4.8 Secure Network Architecture ... 365
... 19.4.9 Introducing an Application-Level Gateway to Make Portal Applications Secure ... 368
... 19.4.10 Configuration of Encrypted Communication Channels ... 371
... 19.4.11 Implementation of a Virus Scan for Avoiding a Virus Infection ... 373
20 SAP Exchange Infrastructure ... 375
20.1 Introduction and Functions ... 375
20.2 Risks and Controls ... 379
20.3 Application Security ... 384
... 20.3.1 Authorizations for the Integration Builder ... 384
... 20.3.2 Passwords and Authorizations for Technical Service Users ... 385
20.4 Technical Security ... 387
... 20.4.1 Definition of Technical Service Users for Communication Channels at Runtime ... 387
... 20.4.2 Setting Up Encryption for Communication Channels ... 388
... 20.4.3 Digital Signature for XML-Based Messages ... 394
... 20.4.4 Encryption of XML-Based Messages ... 399
... 20.4.5 Network-Side Security for Integration Scenarios ... 399
... 20.4.6 Audit of the Integration Builder and the SAP XI Communication ... 401
... 20.4.7 Securing the File Adapter at Operating-System Level ... 404
21 SAP Partner Connectivity Kit ... 405
21.1 Introduction and Functions ... 405
21.2 Risks and Controls ... 406
21.3 Application Security ... 409
21.4 Technical Security ... 410
... 21.4.1 Separate Technical Service User for Every Connected Partner System ... 410
... 21.4.2 Setting Up Encryption for Communication Channels ... 410
... 21.4.3 Digital Signature for XML-Based Messages ... 410
... 21.4.4 Network-Side Security for Integration Scenarios ... 410
... 21.4.5 Audit of the Message Exchange ... 410
... 21.4.6 Securing the File Adapter at Operating-System Level ... 411
22 SAP Mobile Infrastructure ... 413
22.1 Introduction and Functionality ... 413
22.2 Risks and Controls ... 415
22.3 Application Security ... 419
... 22.3.1 Authorization Concept for SAP MI Applications ... 419
... 22.3.2 Authorization Concept for Administration ... 422
... 22.3.3 Restricting the Authorizations of the RFC User to Backend Applications ... 423
22.4 Technical Security ... 424
... 22.4.1 Setting Up Encrypted Communications Connections ... 424
... 22.4.2 Securing the Synchronization Communication ... 425
... 22.4.3 Deactivating Superfluous Services on the SAP MI Server ... 427
... 22.4.4 Secure Network Architecture ... 427
... 22.4.5 Monitoring ... 428
23 Database Server ... 431
23.1 Introduction and Functions ... 431
23.2 Risks and Controls ... 431
23.3 Application Security ... 434
23.4 Technical Security ... 435
... 23.4.1 Changing Default Passwords ... 435
... 23.4.2 Removing Unnecessary Database Users ... 438
... 23.4.3 Limiting Database Access ... 438
... 23.4.4 Design and Implementation of a Database Backup Concept ... 439
... 23.4.5 Design and Implementation of an Upgrade Concept ... 440
24 SAP Web Dispatcher ... 441
24.1 Introduction and Functions ... 441
24.2 Risks and Controls ... 441
24.3 Application Security ... 443
24.4 Technical Security ... 443
... 24.4.1 Use of SAP Web Dispatcher as a Reverse Proxy ... 443
... 24.4.2 Configuration of SAP Web Dispatcher as a URL Filter ... 445
... 24.4.3 SSL Configuration ... 447
... 24.4.4 Monitoring ... 449
25 SAProuter ... 451
25.1 Introduction and Functions ... 451
25.2 Risks and Controls ... 451
25.3 Application Security ... 452
25.4 Technical Security ... 452
26 SAP Internet Transaction Server ... 455
26.1 Introduction and Functions ... 455
26.2 Risks and Controls ... 457
26.3 Application Security ... 460
... 26.3.1 Defining Access Rights for Service Files ... 460
... 26.3.2 Administration Concept ... 461
26.4 Technical Security ... 462
... 26.4.1 Installing a DMZ Network Segmentation ... 462
... 26.4.2 Encrypting Communications Connections ... 463
... 26.4.3 Setting Up a Certificate-Based Authentication Process ... 466
... 26.4.4 Setting Up a Pluggable Authentication Service ... 467
27 SAP GUI ... 471
27.1 Introduction and Functions ... 471
27.2 Risks and Controls ... 471
27.3 Application Security ... 474
... 27.3.1 Types of Signatures ... 474
... 27.3.2 Supported Electronic Document Formats ... 476
... 27.3.3 Technical Implementation of the SSF Functions ... 476
... 27.3.4 Saving Digitally Signed Documents ... 479
... 27.3.5 Installing the SSF Functions ... 480
27.4 Technical Security ... 481
... 27.4.1 SSO for the WebGUI by Integration into the OS Authentication Process ... 481
... 27.4.2 SSO for the WebGUI by Using Digital Certificates ... 481
... 27.4.3 Restricting Access to an SAP Web AS Using SAProuter ... 483
28 Web Browser ... 485
28.1 Introduction and Functions ... 485
28.2 Risks and Controls ... 486
28.3 Application Security ... 487
28.4 Technical Security ... 487
... 28.4.1 Anti-Virus Software and Its Update for the Desktop PC ... 487
... 28.4.2 Using a Personal Firewall on the Desktop PC ... 488
... 28.4.3 Security Settings for the Web Browser ... 488
29 Mobile Devices ... 491
29.1 Introduction and Functions ... 491
29.2 Risks and Controls ... 491
29.3 Application Security ... 494
29.4 Technical Security ... 495
... 29.4.1 Using Mobile Devices with Authentication Mechanism ... 495
... 29.4.2 Implementing an Encryption Method for Storage Media ... 496
... 29.4.3 Implementing Anti-Virus Protection ... 496
... 29.4.4 Installing a Personal Firewall ... 496
... 29.4.5 Implementing a Backup Concept ... 497
... 29.4.6 Setting Up Access Rights for Important System Files ... 497
... 29.4.7 Fostering a User's Security Awareness ... 497
The Authors 499
Index 501
... weniger
Autoren-Porträt von Mario Linkies, Frank Off
Dr. Frank Off arbeitet als Berater bei der SAP SI AG im Bereich IT Security. Er ist dort zuständig für die Erarbeitung und Einführung von Sicherheitskonzepten sowie die Ausarbeitung von Strategien inkl. der Einführung von Prozessen und Sicherheitsorganisationen.
Bibliographische Angaben
- Autoren: Mario Linkies , Frank Off
- 2006, 509 Seiten, mit Schwarz-Weiß-Abbildungen, Maße: 17,9 x 24,5 cm, Gebunden, Englisch
- Verlag: Galileo Press
- ISBN-10: 1592290620
- ISBN-13: 9781592290628
Sprache:
Englisch
Kommentar zu "SAP Security and Authorizations"
0 Gebrauchte Artikel zu „SAP Security and Authorizations“
Zustand | Preis | Porto | Zahlung | Verkäufer | Rating |
---|
Schreiben Sie einen Kommentar zu "SAP Security and Authorizations".
Kommentar verfassen