In many SAP systems, there are RFC connections which address strange hostnames or even point to Amazon servers. This is due to the fact that SAP transports “RFC data garbage” from its own development computers to the customer during new installations.
Read our practical tip to discover the connections which this affects.
You might already know that, as of Release 7.40 Sp8, you can use SAP security policies to define user-specific security parameters, contrary to the system profile values. But did you also know that you can inadvertently weaken secure values such as login restrictions and password complexity as a result?
Our practical tip will show you how to effectively prevent such a weakening.
GRC tools, IT vulnerability analysis, authorization management, SIEM management – these are four of the top five topics cited by IT decision-makers when asked which current and future technologies are of vital importance to them. *
This means that the new release of GRC Suite from AKQUINET – couldn’t have arrived at a better time to offer answers on some of the subjects that are on the minds of these managers right now. In this interview, Lars Henning (product manager for the SAST Suite) presents the highlights of the latest version, along with some helpful tips.
Linde prioritized transparent and, in particular, timely success to guarantee a completely ensuring the security of their global SAP landscape.
At Linde, the sheer complexity of the SAP Systems meant that a Project of this scale would not be possible with internal resources and security knowhow alone.
The topic of IT security is ranked # 1 in market trends *. However, securing complex IT landscapes effectively is a big challenge for many companies: there is often a lack of trained IT staff and even more of the necessary security know-how.
Gunar Funke, Head of Services SAP Security at AKQUINET, describes his experiences and presents possible solutions.
Checklist to secure your SAP systems.
Do you know at any time who accesses the sensitive data of your SAP archive servers? In our penetration tests we experiencing it again and again: attacks on SAP archive systems are mostly successful, not recognized and therefore not logged and reported.
Analyze the RFC interfaces of your SAP Systems.
SAP interfaces are often not considered when SAP systems are protected. Therefore, they remain unprotected and provide attractive targets for attackers.
Experience from numerous SAP security audits and penetration tests for SAP systems shows repeatedly that, in almost every SAP system checked, unprotected interfaces exist that could allow attackers direct access to your SAP Systems.