Security Measures Overview (ICF)

Use

To guarantee the security of your ICF connections, include the following points in your setup and take the appropriate measures:

Activate only those services that you really need.
Define authentication methods and logon sequences for users of services.
Use SSL for ICF communication.
Be restrictive when assigning ICF authorizations.
Use the Virtual Host concept of the ICF to avoid HTTP requests being redirected to other servers without permission.
In productive and test systems use a port (using the virtual host SAP_ADMIN_VH) for administration services in order to protect these services especially using restricted access rights.

Note

In development systems the access rights for ALL services should be as restricted as possible.
During configuration ensure that SAP Support can also reach the administration services.
First test the configuration in a test system. Deactivate the administration services before the test in the Default Host.
SAPGUI/WebGUI (Service /sap/bc/gui/sap/its/webgui): This service allows access to SAP transactions using an internet browser. If the DEFAULT_HOST can be reached from the internet, then this service should be deactivated in the DEFAULT_HOST, if possible.

For detailed information on these measures, see the following: