Contact us today.

Subscribe me to your mailing list

SAP NetWeaver ABAP Security Configuration

SAP NetWeaver ABAP Security Configuration. Part 9: Security Events Logging

Ninth critical issue. Logging of security events. Let us remind you, ERPScan’s team core purpose is to take the definition of the SAP security one step further by providing its own guidelines to help SAP users carry out various security checks. This article is no exception. Today, we’ll turn our attention to the next critical issue, which is the last one of all but not the least important.

Read more..

SAP NetWeaver ABAP Security Configuration. Part 8: Unencrypted connections

Seventh critical issue in SAP Security landscape: Unencrypted connections. To protect connections between the SAP NetWeaver system components, especially against the man- in-the-middle (MITM) attacks, it is necessary to ensure SAP security at the transport level. While using the Transport Layer Security (TLS), the data transmission may be protected from eavesdropping not only with encryption, but also with the partner authentication.

Read more..

SAP NetWeaver ABAP Security Configuration. Part 7: Access control and SOD conflicts.

Sixth critical issue. Access control and SOD conflicts. Few would try to argue that the SAP is immune to security system attacks and sensitive business data is well protected from the actions of adversaries. But now you have a chance to get to know about some of the basic operations one can perform to rise the SAP information security to a higher level. The goal of ERPScan team is to help IT personnel make critical decisions when identifying technologies and strategies to increase cybersecurity in business. ERPScan team publishes a variety of original content, written by IT professionals as a way to increase infosec specialists’ productivity around the world. Today, we’re going to speak about the sixth critical issue (see the list of critical issues in our first article) and the steps related.

Read more..

SAP NetWeaver ABAP Security Configuration. Part 6: Insecure Settings

Each application has several security settings that do not fit into any of the critical issues groups mentioned in our series of articles.Among such settings there are both standard settings (such as password length or the number of attempts given to enter invalid password) and the specific to the system, individual settings. In this article we are going to use as an example the SAP Gateway service access settings.
Read more..

SAP NetWeaver ABAP Security Configuration. Part 5: Open remote management interfaces

Today we are going on with our series of articles where we describe the 33 steps to cybersecurity. The subject is of great significance not only to a small group of SAP infosec specialists but to all those people who work with ERP systems as recent years have witnessed an increased awareness of business data protection problems. Not to go into details, let us get right to the topic.
Read more..

SAP NetWeaver ABAP security configuration. Part 3: Default passwords for access to the application

For the two previous weeks we’ve been discussing the top-9 critical areas and the 33 steps to be taken for security assessment. Ultimately, we’ve covered patch management flaws – the first critical category in our list. As you should have probably guessed, today it’s time we take a closer look at the next item from our list of critical issues – default passwords.
Read more..

SAP NetWeaver ABAP security configuration. Part 2: Patch management

In our previous [1],[2] articles we’ve already introduced you to the list of the 9 most important business application security critical issues. We’ve also had a chance to present to you the skeleton of our guideline with its 33 security assessment steps. As you’ve seen only the skeleton of it, now it’s high time to pay attention to a more detailed explanation of each step to be taken.
Read more..

Why SAP Security guides always provide so little help?

For the first time, let us try to speak only about defense. Thus, this article will be about different SAP Security guides, which can help to secure your SAP system. But nothing to worry about – this post will nevertheless remain useful and interesting, even if it does not contain information about 0-days or have no words like “cyber” or “weapon” in title. So, let’s go.
Read more..