This guide does not replace the daily operations handbook that we recommend customers create for their specific productive operations.
· Technology consultants
· Security Consultants
· System administrators
This document is not included as part of the installation guides, configuration guides, technical operation manuals, or upgrade guides. Such guides are only relevant for a certain phase of the software life cycle, whereas security guides provide information that is relevant for all life-cycle phases.
With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation on your system should not result in loss of information or processing time. These demands on security also apply to the Quality Inspection Engine (QIE) component. To assist you in securing the QIE component, we provide this security guide.
The security guide provides an overview of the security-relevant information that applies to the QIE component.
Since the QIE component is based on the Web Application Server (Web AS), this guide only describes topics that vary from what is described in the security guide for the Web AS. Therefore we strongly recommend that you also consult the SAP Web AS Security Guide on the SAP Service Marketplace at service.sap.com/securityguide → SAP NetWeaver '04 Component Security Guides →SAP Web AS Security Guide ABAP and JAVA.
The Security Guide comprises the following main sections:
● Before You Start
This section contains information about why security is necessary, how to use this document, and references to other security guides that are the foundation for this security guide.
● Technical System Landscape
This section provides an overview of the technical components and communication paths that are used by the QIE component.
· Security Aspects of Data, Data Flow and Processes
This section provides an overview of security aspects involved throughout the most widely-used processes within the QIE component.
● User Administration and Authentication
This section provides an overview of the following user administration and authentication aspects:
○ Recommended tools for user management.
○ User types that are required by the QIE component.
○ Standard users that are delivered with the QIE component.
○ Overview of the user synchronization strategy, if several components or products are involved.
○ Overview of how integration into Single Sign-On environments is possible.
This section provides an overview of the authorization concept that applies to the QIE component.
· Session Security Protection
● Network and Communication Security
This section provides an overview of the communication paths used by the QIE component and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level.
· Internet Communication Framework Security
This section provides an overview of the Internet Communication Framework (ICF) services that are used by the QIE component.
● Data Storage Security
This section provides an overview of any critical data that is used by the QIE component and the security mechanisms that apply.
● Security for Third-Party or Additional Applications
This section provides security information that applies to third-party or additional applications that are used with the QIE component.
● Dispensable Functions with Impacts on Security
This section provides an overview of functions that have impacts on security and can be disabled or removed from the system.
● Other Security-Relevant Information
This section contains information about using a Web browser for the user interface.
● Trace and Log Files
This section provides an overview of the trace and log files that contain security-relevant information, to enable you, for example, to reproduce activities if a security breach does occur.
· Services for Security Lifecycle Management
This section provides an overview of services provided by Active Global Support that are available to assist you in maintaining security in your SAP systems on an ongoing basis.
This section provides references to further information.