Troubleshooting
SUM - the Software Update Manager, the relatively new tool for "remote control" of the known update transactions from outside the system, for ABAP and JAVA
Following the recommendation of dividing the SAP basis into an application-orientated and infrastructure-related SAP basis [A4], Figure 3 shows a possible presentation form. The SAP-Basis interface function is structured into a SAP basis, which is close to the application and is responsible for coordination and communication with vertical and higher IT specialist and business areas, and a SAP basis close to the infrastructure. The infrastructure-related SAP basis in turn serves as the link between the application-orientated SAP basis and the infrastructure levels. Subject Matter Experts will perform the link task again. In the application-orientated SAP basis, in turn, technology architects are more likely to be placed. The innovation activity or innovation team aspect of the SAP basis is placed at the level of the SAP basis, which is close to the application, because the existing capabilities allow it to assume a leading, also coordinating role and acquire expertise both by adding the SAP basis near the infrastructure and the downstream IT departments. Figure 3: SAP basis as a cross-sectional function SAP basis (near application) SAP basis (near infrastructure) SAP basis (innovation / test laboratory) Application development Databases Virtualisation ....
What do RFC interfaces and RFC security have to do with the play "Hauptmann von Köpenick" and the science fiction film "Minority Report"? Probably more than you like! RFC security and theatre?! Germany, Berlin, 1906: The 46-year-old cobbler Wilhelm Voigt dreams of returning to a normal life. After various convictions and many prison stays, he lives on the margins of society. It's not just the money he lacks. Above all, the lack of access to his social system makes him. In view of his impasse, he opts for a drastic measure. The excluded shoemaker pulls off and grates off several junk dealers to assemble a military uniform gradually. A few days later, he slips into the same disguise, successfully changes his identity and then swings through Berlin as Captain von Köpenick. He commandeers soldiers, storms the town hall and even detains the mayor. There is no doubt about the commands and their execution, because their true identity is veiled: Because of a simple disguise. A disguise that gives him all the necessary permissions he needs for his scam. At the end of the day, Wilhelm Voigt successfully compromised the Berlin government. RFC Security and Science Fiction?! USA, Washington, DC, 2054: The Washington police have long since stopped investigating murders: It prevents the killings right in advance. For this purpose, so-called "precogs" are used, which use precognition to predict and report murders in visions before they happen. At the same time, the government uses a system of public scanners that can identify all citizens clearly at any time by iris detection. One day, when policeman John Anderton himself appears as the culprit in a vision of the "Precogs," he flees the police building and decides to find out why.
The website www.sap-corner.de offers many useful information about SAP basis.
TUNING
Either temporary programme calls are blocked that are actually desired or enormously large gateway logs must be analysed. If, due to the heavy workload, one were to decide to forgo the use of the access control lists permanently, this would be a major security vulnerability. The unprotected system does not have any limitations on the external services that may register, and there are no rules for running programmes. One possible consequence would be, for example, the registration of an external system on which malicious programmes exist. At the moment when foreign programmes are running on your system without any control, you can expect that great damage will be done. For example, it ranges from an unnoticed reading of purchase and sales figures, a diversion of funds, to a paralysis or manipulation of the entire system. In addition, this scenario is also possible for poorly maintained access control lists. Our solution: secinfo and reginfo Generator for SAP RFC Gateway To solve the problem, we have developed a generator that can automatically create secinfo and reginfo files based on gateway logs. The basic idea is based on the logging-based approach. It performs the task of time-consuming analysis of log files and also ensures maximum reliability through automation. Nevertheless, the entries of the generated files should be checked by one person. Since the log files used as input are sensitive data, of course none of the inserted data leave your system. More information about the generator can be found here.
Another way to secure your gateway using the SAP standard is to encrypt communication using Secure Network Communication (SNC). In the case of unprotected data communication paths between different client and server components of the SAP system that use the SAP protocol RFC or DIAG, the data exchange takes place in plain text and there is a risk that this can be read. With the help of SNC, you can create end-to-end encryption (E2EE), which can be used to secure communication between two components, such as between the application server and SAP GUI. In addition, SNC encryption provides the basis for using SAP Single Sign-On (SSO) as a security solution, which significantly reduces the internal effort of password management.
"Shortcut for SAP Systems" is a PC application that simplifies or even facilitates many activities in the SAP basis.
Analysis: Our security experts analyse the data, evaluate the results and prepare your report.
So much information... how can you keep it so that you can find it again when you need it? That's what Scribble Papers is great for.
There must also be a person in charge of the role who adapts or adapts the role as required or acts as a point of contact when required.