SAP System Security
Description
Stay ahead of security issues with this comprehensive guide! Get click-by-click instructions to configure the essential areas of SAP system security: application, database, platform, and infrastructure. Perform key tasks such as setting up user authentication, securing network protocols, and working with logs in your environment. Whether your system is on-premise or in the cloud, boost your security with expert advice to ensure it stays safe!
Highlights include:
1)SAP S/4HANA
2)SAP Fiori
3)Cloud applications
4)User management and authentication
5)Authorizations and role design
6)Logging and monitoring
7)Data security
8)Client security
9)Kernel security
10)Transport security
More details
Person
Content
... Preface ... 17
... Target Audience ... 17
... How This Book Is Organized ... 18
... Acknowledgments ... 22
PART I ... Application-Level Security ... 23
1 ... User Management ... 25
1.1 ... Types of SAP User IDs ... 26
1.2 ... SAP Standard Accounts ... 28
1.3 ... Transaction SU01: Managing User Account Lifecycle ... 29
1.4 ... Transaction SU10: Managing User Accounts in Bulk ... 42
1.5 ... User Groups ... 49
1.6 ... Tables Related to User Management ... 50
1.7 ... Securing Passwords ... 51
1.8 ... Transaction SUIM: The SAP User Information Management Reports ... 57
1.9 ... Change Documents for Users ... 66
1.10 ... Security Policies ... 67
1.11 ... Miscellaneous User Management Topics ... 70
1.12 ... Summary ... 72
2 ... User Authentication ... 73
2.1 ... The Single Sign-On Concept ... 75
2.2 ... Single Sign-On Technologies for SAP ... 79
2.3 ... Setting Up a Service Provider ... 90
2.4 ... SAP Solutions for Single-Sign On ... 95
2.5 ... Summary ... 99
3 ... Authorizations and Role Design ... 101
3.1 ... SAP Authorization Concept ... 102
3.2 ... The Role Concept ... 125
3.3 ... Transaction PFCG: The Profile Generator ... 140
3.4 ... Mass Change of Field Values in Roles ... 171
3.5 ... More on Transaction Codes ... 173
3.6 ... Spool-Related Authorizations ... 181
3.7 ... Checking Authorizations in ABAP Programs ... 182
3.8 ... Transaction SACF: Switchable Authorizations ... 185
3.9 ... Other Useful Authorizations ... 187
3.10 ... Summary ... 198
4 ... SAP Fiori Security ... 201
4.1 ... Core Foundations of SAP Fiori ... 202
4.2 ... Types of SAP Fiori Apps ... 207
4.3 ... Managing Access to SAP Fiori Apps ... 210
4.4 ... SAP Fiori Authorizations and Role Design ... 232
4.5 ... Summary ... 241
5 ... Client Security ... 243
5.1 ... Client Overview ... 244
5.2 ... Managing Clients ... 245
5.3 ... Securing Clients ... 253
5.4 ... Summary ... 257
6 ... Kernel Security ... 259
6.1 ... Components of SAP Kernel ... 260
6.2 ... SAP Cryptographic Library ... 267
6.3 ... Updating the SAP Kernel ... 270
6.4 ... Patch Management ... 277
6.5 ... Summary ... 285
7 ... ABAP Development Security ... 287
7.1 ... Common Threats and Vulnerabilities ... 288
7.2 ... Managing Access to the Development Environment ... 294
7.3 ... Secure Software Development Lifecycle in ABAP ... 300
7.4 ... Tools and Techniques for ABAP Security ... 304
7.5 ... Summary ... 310
PART II ... Database-Level Security ... 311
8 ... Database Security for SAP ... 313
8.1 ... Securing a Generic Database ... 314
8.2 ... Securing the SAP HANA Database ... 321
8.3 ... Securing Data at Rest: Encryption ... 346
8.4 ... Summary ... 351
9 ... Logging and Monitoring for SAP Databases ... 353
9.1 ... Internal Controls and Audit Cycle ... 354
9.2 ... Database Monitoring Tools ... 360
9.3 ... Logging Tools ... 366
9.4 ... Security-Focused Database Monitoring ... 374
9.5 ... Summary ... 384
PART III ... Platform-Level Security ... 385
10 ... System Profiles and Parameters ... 387
10.1 ... Profiles and Parameters ... 388
10.2 ... Viewing and Maintaining Parameters ... 397
10.3 ... Profile Parameter Governance ... 403
10.4 ... Password and Other Security-Related Parameters ... 405
10.5 ... Summary ... 408
11 ... Transport Security ... 411
11.1 ... SAP Transport Mechanism ... 412
11.2 ... Role Transport ... 421
11.3 ... Authorizations Related to Transport System ... 424
11.4 ... Viewing CTS from a Security Perspective ... 427
11.5 ... Transport Tools ... 429
11.6 ... Summary ... 436
12 ... Logging and Monitoring for the SAP Environment ... 437
12.1 ... Logging and Monitoring at the OS Level ... 438
12.2 ... Developing a Logging and Monitoring Strategy ... 442
12.3 ... Using Blockchain for Logging ... 446
12.4 ... Using SAP Enterprise Threat Detection to Analyze Security Audit Logs ... 451
12.5 ... Connecting SAP Logs to the Enterprise SIEM Tool ... 456
12.6 ... Summary ... 459
PART IV ... Infrastructure-Level Security ... 461
13 ... Network Security ... 463
13.1 ... Network-Level Threats and Defense Strategy ... 463
13.2 ... Network Access Control ... 465
13.3 ... SAP Perimeter and Connectivity Controls ... 479
13.4 ... Unified Connectivity ... 486
13.5 ... Summary ... 491
14 ... Securing Data in Motion ... 493
14.1 ... Decrypting Cryptography ... 494
14.2 ... SSL and TLS Protocols ... 504
14.3 ... Internet Communication Manager ... 515
14.4 ... Summary ... 526
15 ... Securing SAP Infrastructure ... 527
15.1 ... On-Premise Versus Cloud ... 528
15.2 ... Planning for Secure SAP Landscape ... 532
15.3 ... Developing Policies ... 542
15.4 ... Other Infrastructure-Related Considerations ... 548
15.5 ... Summary ... 566
16 ... Securing Cloud-Based Applications ... 567
16.1 ... Identity and Access Management ... 568
16.2 ... SAP Business Technology Platform Security ... 586
16.3 ... Integration Security ... 599
16.4 ... Best Security Practices for Cloud-Based Applications ... 602
16.5 ... Summary ... 607
... The Author ... 609
... Index ... 611