The following services are available from Active Global Support to assist you in maintaining security in your SAP systems on an ongoing basis.
This service regularly monitors the Security
chapter in the EarlyWatch Alert
report of your system. It provides the following information:
Whether SAP Security Notes have been identified as missing on your system
Analyze and implement the identified SAP Notes if possible. If you cannot implement the SAP Notes, the report should be able to help you decide on how to handle the individual cases.
Whether an accumulation of critical SAP NetWeaver authorizations has been identified
Verify whether the accumulation of critical SAP NetWeaver authorizations is OK for your system. If not, correct the situation. If you consider the situation OK, check for any significant changes compared to previous EWA reports.
Whether standard users with default passwords have been identified on your system
Change the corresponding passwords to nondefault values.
Use the Security Optimization Service for a more thorough security analysis of your system, including the following:
Critical authorizations in detail
Security-relevant configuration parameters
Critical users
Missing security patches
This service is available as a self-service within SAP Solution Manager, as a remote service, or as an on-site service.
Recommendation
We recommend that you use the service regularly (for example, once a year) and in particular after significant system changes or in preparation for a system audit.
Use Security Configuration Validation to monitor a system landscape continuously for compliance with predefined settings, for example, from your company-specific SAP security policy. This service primarily covers configuration parameters, but it also covers critical security properties like the existence of a nontrivial Gateway configuration or making sure that standard users do not have default passwords.
With the E2E Solution Operations Standard Security service, a best-practice recommendation is available on how to operate SAP systems and landscapes in a secure manner. It guides you through the most important security operation areas and links to detailed security information from SAP’s knowledge base wherever appropriate.
Topic |
See |
---|---|
EarlyWatch Alert |
|
Security Optimization Service / Security Notes Report |
|
Comprehensive list of Security Notes |
|
Configuration Validation |
|
Run SAP Roadmap, including the Security and the Secure Operations Standard |
https://service.sap.com/runsap (See the Run SAP chapters 2.6.3, 3.6.3 and 5.6.3) |