Show TOC Anfang des Inhaltsbereichs

Hintergrunddokumentation Introduction  Dokument im Navigationsbaum lokalisieren

Achtung

This guide does not replace the daily operations handbook that we recommend customers create for their specific productive operations.

Target Audience

·        Technology consultants

·        Security Consultants

·        System administrators

This document is not included as part of the installation guides, configuration guides, technical operation manuals, or upgrade guides. Such guides are only relevant for a certain phase of the software life cycle, whereas security guides provide information that is relevant for all life-cycle phases.

Why Is Security Necessary?

With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation on your system should not result in loss of information or processing time. These demands on security also apply to the Quality Inspection Engine (QIE) component. To assist you in securing the QIE component, we provide this security guide.

About this Document

The security guide provides an overview of the security-relevant information that applies to the QIE component.

Since the QIE component is based on the Web Application Server (Web AS), this guide only describes topics that vary from what is described in the security guide for the Web AS. Therefore we strongly recommend that you also consult the SAP Web AS Security Guide on the SAP Service Marketplace at service.sap.com/securityguide SAP NetWeaver '04 Component Security Guides SAP Web AS Security Guide ABAP and JAVA.

Overview of the Main Sections

The Security Guide comprises the following main sections:

      Before You Start

This section contains information about why security is necessary, how to use this document, and references to other security guides that are the foundation for this security guide.

      Technical System Landscape

This section provides an overview of the technical components and communication paths that are used by the QIE component.

·        Security Aspects of Data, Data Flow and Processes

This section provides an overview of security aspects involved throughout the most widely-used processes within the QIE component.

      User Administration and Authentication

This section provides an overview of the following user administration and authentication aspects:

       Recommended tools for user management.

       User types that are required by the QIE component.

       Standard users that are delivered with the QIE component.

       Overview of the user synchronization strategy, if several components or products are involved.

       Overview of how integration into Single Sign-On environments is possible.

      Authorizations

This section provides an overview of the authorization concept that applies to the QIE component.

·        Session Security Protection

This section provides information about activating secure session management, which prevents JavaScript or plug-ins from accessing the SAP logon ticket or security session cookie(s).

      Network and Communication Security

This section provides an overview of the communication paths used by the QIE component and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level.

·        Internet Communication Framework Security

This section provides an overview of the Internet Communication Framework (ICF) services that are used by the QIE component.

      Data Storage Security

This section provides an overview of any critical data that is used by the QIE component and the security mechanisms that apply.

      Security for Third-Party or Additional Applications

This section provides security information that applies to third-party or additional applications that are used with the QIE component.

      Dispensable Functions with Impacts on Security

This section provides an overview of functions that have impacts on security and can be disabled or removed from the system.

      Other Security-Relevant Information

This section contains information about using a Web browser for the user interface.

      Trace and Log Files

This section provides an overview of the trace and log files that contain security-relevant information, to enable you, for example, to reproduce activities if a security breach does occur.

·        Services for Security Lifecycle Management

This section provides an overview of services provided by Active Global Support that are available to assist you in maintaining security in your SAP systems on an ongoing basis.

      Appendix

This section provides references to further information.

Ende des Inhaltsbereichs