SAP NetWeaver Security Guide

Caution Caution

This guide does not replace the administration or operation guides that are available for productive operations.

End of the caution.

Target Audience

Technical consultants
System administrators

This document is not included as part of the installation guides, configuration guides, technical operation manuals, or upgrade guides. Such guides are only relevant for a certain phase of the software life cycle, whereby the security guides provide information that is relevant for all time frames.

Why Is Security Necessary?

With the increasing use of distributed systems and the Internet for managing business data, the demands on security are also on the rise. When using a distributed system, you need to be sure that your data and processes support your business needs without allowing unauthorized access to critical information. User errors, negligence, or attempted manipulation on your system should not result in loss of information or processing time. These demands on security apply likewise to SAP NetWeaver platform. To assist you in securing your SAP NetWeaver platform and products, we provide this SAP NetWeaver Security Guide.

About This Document

The SAP NetWeaver Security Guide provides an overview of the security-relevant information that applies to SAP NetWeaver. It contains an overall overview of security with SAP NetWeaver as well as links to the individual guides for each of the functional areas. See the tables below:

Introduction to Security with SAP NetWeaver Platform
Topic	See
Technical system landscape	Technical System Landscape
User administration and authentication	User Management User Authentication and Single Sign-On
Network and Communication Security	Network and Communication Security

Security Guides for the SAP NetWeaver Functional Units
Functional Unit	See
Application server	Security Aspects for AS Infrastructure Functional Units Security Guides for the AS ABAP Security Guides for the AS Java Security Guides for Business Services
Composition Environment	Business Process Management Security Guide Security Aspects of Web Dynpro for Java Business Rules Management Security Guide Visual Composer Security Guide Security Guide for SAP NetWeaver Voice Security Guide for Guided Procedures Composite Application Framework Security Guide
SAP NetWeaver Process Integration	SAP NetWeaver Process Integration Security Guide
Enterprise Portal (EP) and EP Core	Portal Security Guide PDK for .NET Security Guide Knowledge Management Security Guide Collaboration Security Guide Universal Worklist
SAP NetWeaver BW	Security Guide for SAP NetWeaver BI
Search and Classification (TREX)	Search and Classification (TREX) Security Guide
SAP NetWeaver Mobile	Security Guide for SAP NetWeaver Mobile

Security Guides for Connectivity and Interoperability Technologies
Technology	See
Remote Function Calls (RFC) or Internet Communication Framework (ICF)	RFC/ICF Security Guide Security Settings in the SAP Gateway
Application Link Enabling (ALE)	Security Guide ALE (ALE Applications)
Connectivity with the AS Java	Security Guide for Connectivity with the AS Java
Web services	ABAP: Security Guide Web Services Java: Security Aspects for Web Services

Security Guides for Lifecycle Management
Topic / Functional Unit	See
System Landscape Directory (SLD)	System Landscape Directory Security Guide
ABAP Software Maintenance	Security Issues in ABAP Software Maintenance
Archiving	Security Guide for ADK-Based Data Archiving Security Guide for XML DAS Archiving
SAP NetWeaver Development Infrastructure	SAP NetWeaver Development Infrastructure Security Guide
Auditing and logging	Auditing and Logging (AS ABAP) Logging and Tracing (in the SAP NetWeaver AS Java Security Guide)
Virus protection and SAP GUI integrity checks	Virus Protection and SAP GUI Integrity Checks

Security Guides for Operating System Platforms
OS Platform	See
UNIX/Linux	SAP System Security Under UNIX/LINUX
Microsoft Windows	SAP System Security on Windows
IBM i	SAP Security Guide for IBM i

Security Guides for Database Platforms
Topic / DB Platform	See
General Recommendations	General Recommendations
Oracle	Oracle Under UNIX Oracle on Windows
Microsoft SQL Server	Microsoft SQL Server on Windows
IBM DB2 for Linux, UNIX, and Windows	IBM DB2 for Linux, UNIX, and Windows
SAP MaxDB	SAP MaxDB Security Guide
SAP Sybase Adaptive Server Enterprise	SAP Sybase Adaptive Server Enterprise
IBM DB2 for i	SAP Security Guide for IBM i
IBM DB2 for z/OS	IBM DB2 for z/OS

Meeting Your Own Security Requirements: Security Policy

Your security requirements are not limited to SAP NetWeaver platform, but apply to your entire system landscape. Therefore, we recommend establishing a security policy that reflects the security issues that apply at a company-wide level. Your security policy should cover aspects such as:

User authentication
Authorizations
Data integrity
Privacy
Auditing and Logging

Once you have established your security policy, use this guide to implement and enforce security for those products that you use within SAP NetWeaver platform.