SAP NetWeaver Security Guide (SAP Library - SAP NetWeaver Security Guide)

SAP NetWeaver Security Guide

Caution

This guide does not replace the daily operations handbook that we recommend you create for specific productive operations.

Target Audience

● Technical consultants

● System administrators

This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereby the Security Guides provide information that is relevant for all time frames.

Why Is Security Necessary?

With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation on your system should not result in loss of information or processing time. These demands on security apply likewise to the SAP NetWeaver platform. To assist you in securing your SAP NetWeaver platform and products, we provide this SAP NetWeaver Security Guide.

About This Document

The SAP NetWeaver Security Guide provides an overview of the security-relevant information that applies to SAP NetWeaver. It contains an overall overview of security with SAP NetWeaver as well as links to the individual guides for each of the usage types, standalone engines, connectivity and interoperability technologies, database and operating system platforms and the various scenarios.

See the tables below:

Introduction to Security with the SAP NetWeaver Platform

Topic	More Information
Technical System Landscape	Technical System Landscape
User Administration and Authentication	User Administration and Authentication
Network and Transport Layer Security	Network and Communication Security

Security Guides for SAP NetWeaver According to Usage Types

Usage Type	More Information
Application Server (AS)	SAP NetWeaver Application Server ABAP Security Guide SAP NetWeaver Application Server Java Security Guide SAP Interactive Forms by Adobe Security Guide SAP Knowledge Warehouse Security Guide Virus Protection and SAP GUI Integrity Checks
EP Core (EPC)	Portal Security Guide Security Guide for Guided Procedures Universal Worklist
Enterprise Portal (EP)	Knowledge Management Security Guide Collaboration Security Guide SAP NetWeaver Visual Composer Security Guide PDK for .NET Security Guide
Business Information (BI)	SAP Business Information Warehouse Security Guide
Development Infrastructure (DI)	Security Aspects for Usage Type DI and Other Development Technologies
Mobile Infrastructure (MI)	SAP Mobile Infrastructure Security Guide
Process Integration (PI)	SAP NetWeaver Process Integration Security Guide

Security Guides for Standalone Engines, Clients and Tools

Engine	More Information
Search and Classification (TREX)	Search and Classification (TREX) Security Guide
SAP Content Server	SAP Content Server Security Guide
SAP Web Dispatcher	Security Information SAP Web Dispatcher
SAP NetWeaver Business Client	Business Client Security Issues (for ABAP) Business Client Security Issues (for Portal)
J2EE Adapter Engine	SAP NetWeaver Process Integration Security Guide The security aspects to consider when using the non-central version of the J2EE Adapter Engine are the same as for the central version. These aspects are described in detail in the SAP NetWeaver PI Security Guide.
J2SE Adapter Engine	SAP NetWeaver Process Integration Security Guide The Plain J2SE Adapter Engine is only supported for compatibility reasons. It hosts only a subset of the adapter functionality and does not support standard security features as security logs or integrated user management. You should only use the Plain J2SE Adapter Engine if it is a precondition in your environment.

Security Guides for Connectivity and Interoperability Technologies

Technology	More Information
Remote Function Calls (RFC) or Internet Communication Framework (ICF)	RFC/ICF Security Guide
Application Link Enabling (ALE)	Security Guide ALE (ALE Applications)
Connectivity with the J2EE Engine	Security Guide for Connectivity with the J2EE Engine
Web services	Web Services Security
Business Communication Broker (BCB), which is part of the Integrated Communication Interfaces (ICI)	Security Guide Communication Interfaces

Security Guides for Operating System and Database Platforms

OS Platform	More Information
UNIX/LINUX	SAP System Security Under UNIX/LINUX
Windows	SAP System Security on Windows
IBM i	SAP Security Guide for IBM i
DB Platform	More Information
Oracle	Oracle Under UNIX Oracle on Windows
Microsoft SQL Server	Microsoft SQL Server on Windows
IBM DB2 for Linux, UNIX, and Windows	IBM DB2 for Linux, UNIX, and Windows
MySQL Max DB	MySQL MaxDB Security Guide
IBM DB2 for i	SAP Security Guide for IBM i
IBM DB2 for z/OS	SAP Security Guide for IBM DB2 for z/OS
Informix	Informix Under UNIX Informix Under Windows

Security Aspects for System Management

Topic / Product	More Information
Solution Manager Diagnostics	Security Guide for the Solution Manager Diagnostics
SAP NetWeaver Administrator	SAP NetWeaver Administrator Security Roles
Computing Center Management System (CCMS)	Background Processing Print and Output Management Alert Management (ALM) Central Monitoring with CCMS
SAP System Landscape Directory (SLD)	Security Guide for the SAP System Landscape Directory
Software Lifecycle Manager (SLM)	SLM Security Roles
Archiving	Security Guide for ADK-Based Data Archiving Security Guide for XML-Based Data Archiving
Auditing and Logging	Auditing and Logging

Security Guides for SAP NetWeaver Scenarios

The security aspects and recommendations for the SAPNetWeaver scenarios primarily use the information provided with the above security guides. To determine which of these guides apply in particular for each scenario, see Security Guides for the SAP NetWeaver Scenarios.

Meeting Your Own Security Requirements: Security Policy

Your security requirements are not limited to the SAP NetWeaver platform, but apply to your entire system landscape. Therefore, we recommend establishing a security policy that reflects the security issues that apply at a company-wide level. Your security policy should cover aspects such as:

● User authentication

● Authorizations

● Data integrity

● Privacy

● Auditing and Logging

Once you have established your security policy, use this guide to implement and enforce security for those products that you use within the SAP NetWeaver platform.