SAP NetWeaver Security Guide 

This guide does not replace the daily operations handbook that we recommend you create for specific productive operations.

Target Audience

·        Technical consultants

·        System administrators

This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereby the Security Guides provide information that is relevant for all time frames.

Why Is Security Necessary?

With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation on your system should not result in loss of information or processing time. These demands on security apply likewise to the SAP NetWeaver platform. To assist you in securing your SAP NetWeaver platform and products, we provide this SAP NetWeaver Security Guide.

About This Document

The SAP NetWeaver Security Guide provides an overview of the security-relevant information that applies to SAP NetWeaver. It contains an overall overview of security with SAP NetWeaver as well as links to the individual guides for each of the usage types, standalone engines, connectivity and interoperability technologies, database and operating system platforms and the various scenarios.

See the tables below:

Introduction to Security with the SAP NetWeaver Platform

Topic	See
Technical System Landscape	Technical System Landscape
User Administration and Authentication	User Administration and Authentication
Network and Transport Layer Security	Network and Communication Security

 

Security Guides for SAP NetWeaver According to Usage Types

Usage Type	See
Application Server (AS)	SAP NetWeaver Application Server ABAP Security Guide SAP NetWeaver Application Server Java Security Guide Interactive Forms based on Adobe Software Security Guide Internet Transaction Server Security SAP Knowledge Warehouse Security Guide Virus Protection and SAP GUI Integrity Checks
Enterprise Portal (EP)	Portal Security Guide Knowledge Management Security Guide Collaboration Security Guide Security Guide for Guided Procedures
Business Information (BI)	SAP Business Information Warehouse Security Guide
Development Infrastructure (DI)	Security Aspects for Usage Type DI and Other Development Technologies
Mobile Infrastructure (MI)	SAP Mobile Infrastructure Security Guide
Process Integration (PI)	SAP NetWeaver Process Integration Security Guide

Security Guides for Standalone Engines

Engine	See
Search and Classification (TREX)	Search and Classification (TREX) Security Guide
Adobe Document Services	Interactive Forms based on Adobe Software Security Guide
SAP Content Server	SAP Content Server Security Guide

Security Guides for Connectivity and Interoperability Technologies

Technology	See
Remote Function Calls (RFC) or Internet Communication Framework (ICF)	RFC/ICF Security Guide
Application Link Enabling (ALE)	Security Guide ALE (ALE Applications)
Connectivity with the J2EE Engine	Security Guide for Connectivity with the J2EE Engine
Web services	Web Services Security
Business Communication Broker (BCB), which is part of the Integrated Communication Interfaces (ICI)	Security Guide Communication Interfaces

Security Guides for Operating System and Database Platforms

OS Platform	See
UNIX/LINUX	SAP System Security Under UNIX/LINUX
Windows	SAP System Security Under Windows
DB Platform	See
Oracle	Oracle Under UNIX Oracle Under Windows
Microsoft SQL Server	Microsoft SQL Server Under Windows
IBM DB2 Universal Database for UNIX and Windows	IBM DB2 UDB for UNIX and Windows under UNIX IBM DB2 UDB for UNIX and Windows under Windows
MySQL Max DB	MySQL MaxDB Security Guide
IBM DB2 Universal Database for iSeries	IBM DB2 Universal Database for iSeries
IBM DB2 Universal Database for z/OS	SAP Security Guide for IBM DB2 UDB for z/OS
Informix	Informix Under UNIX Informix Under Windows

Security Aspects for System Management

Topic / Product	See
Solution Manager Diagnostics	Security Guide for the Solution Manager Diagnostics
SAP NetWeaver Administrator	SAP NetWeaver Administrator Security Roles
Computing Center Management System (CCMS)	Background Processing Print and Output Management Alert Management (ALM) Central Monitoring with CCMS
SAP System Landscape Directory (SLD)	Security Guide for the SAP System Landscape Directory
Software Lifecycle Manager (SLM)	SLM Security Roles
Archiving	Security Guide for ADK-Based Data Archiving Security Guide for XML-Based Data Archiving
Auditing and Logging	Auditing and Logging

Security Guides for SAP NetWeaver Scenarios

The security aspects and recommendations for the SAP NetWeaver scenarios primarily use the information provided with the above security guides. To determine which of these guides apply in particular for each scenario, see Security Guides for the SAP NetWeaver Scenarios.

Meeting Your Own Security Requirements: Security Policy

Your security requirements are not limited to the SAP NetWeaver platform, but apply to your entire system landscape. Therefore, we recommend establishing a security policy that reflects the security issues that apply at a company-wide level. Your security policy should cover aspects such as:

·        User authentication

·        Authorizations

·        Data integrity

·        Privacy

·        Auditing and Logging

Once you have established your security policy, use this guide to implement and enforce security for those products that you use within the SAP NetWeaver platform.