Your network infrastructure is extremely important in protecting your system. Your network must support the communication necessary for your business and your needs without allowing unauthorized access. A well-defined network topology can eliminate many security threats based on software flaws (at both the operating system and application level) or network attacks such as eavesdropping. If users cannot log on to your application or database servers at the operating system or database layer, then there is no way for intruders to compromise the machines and gain access to the SAP System database or files. Additionally, if users are not able to connect to the server LAN, they cannot exploit well-known bugs and security holes in network services on the server machines.

Again, your strategy and your priorities are the most important factor in deciding which level of security is necessary for your network infrastructure. We do offer general recommendations when establishing your network topology, which include using a firewall and other intermediary devices, which include the SAP Web Dispatcher and the SAProuter, to protect your local network. The use of an SAP Web Dispatcher enables you to conceal the host name and ports of your application server. URLs include the host name and port of the SAP Web Dispatcher. If you configure SAP Web Dispatcher to use the standard ports (80 for HTTP and 443 for HTTPS), then the URL need not include the port.

For more information, see SAP Web Dispatcher.

To protect SAP System communications at the transport layer, the SAP NetWeaver products support the use of the Secure Sockets Layer (SSL) protocol and Secure Network Communications (SNC).