Securing an SAP system network

Secure communications

Everyone knows a firewall between the intranet and Internet is a good idea, but did you know that barriers inside the network also serve an important function? This tip, excerpted from Dr. Jurgen Schneider's "SAP System Security for the Intranet and Internet" in the April, May, June 2001 issue of SAP Insider, covers ways that you can secure a network to protect data from internal as well as external attacks.

A well-designed network features different protection zones and only a very few well-known and protected transitions between these zones. To get from one zone to another, communication traffic has to pass through a firewall system. Nowadays, everybody expects a firewall between a company's intranet and the public Internet. Fewer people recognize the value of firewalls inside the corporate network, separating mission-critical SAP applications and database servers from the hundreds and thousands of PCs and user workstations in the client network.

How sure are you about the intentions of your internal users, and the nature and modification status of the software installed on their PCs? Just as you set up "Demilitarized Zones" (DMZs) at the border between the Internet and your intranet, and place Web servers and proxies between an external and an internal firewall, inside your corporate network you need well-configured network routers, address and port filters, and so on. A secure network can also

    Requires Free Membership to View

be complemented nicely by VPNs (Virtual Private Networks) extending your extranet to customers and partners.

With such a network setup, there are only a few doors left vulnerable to penetration by intruders. Your firewalls do have these doors (otherwise you couldn't go in yourself), so you must put guards in place. These guards include strong authentication and access control, as well as encrypted communications.

All commercial Web servers, and the SAP product components they host today, support the Internet standard protocol Secure Sockets Layer (SSL) and can run HTTP over SSL, (called HTTPS). With Https, you ensure that clients and servers can be authenticated to one another via strong cryptography, and that they exchange strong encryption key information to protect all their communications from eavesdropping and message tampering. For the classical SAP communication protocols (DIAG, RFC), the same level of protection is achieved using SAP's Secure Network Communications (SNC) option and the SAProuter software as an application-level gateway.

Rate this tip below.

This was first published in April 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.