SAP BASIS administrators perform numerous critical activities to ensure high availability as well as the efficient and continuous operation of SAP systems deployed in the corporate environment. They are saddled with the responsibility of making sure that the system works optimally. Luckily, a compiled list of resources can relieve the duties.
These are top SAP cybersecurity articles every SAP BASIS admin must read. If you are an SAP BASIS admin, they will support you with succeeding in SAP administration. Happy browsing!
SAP HANA is a rapidly evolving platform. As any business-critical solution, SAP HANA requires its solid understanding and deserves your attention. It’s necessary to put a lot of weight to SAP HANA fundamentals, concepts and principles, and they will take you far.
“SAP HANA for Dummies” examines the key aspects and security issues of SAP HANA and draws attention to the vulnerabilities of several modules. It explains the main principles in understandable terms and gives an idea of the SAP strategy in the development of SAP HANA.
You will see the ways this system can be used, its features, and differences in comparison with other databases and find out some curious facts in terms of SAP HANA security.
SAP S/4 HANA Security Guide describes the main security domains of SAP S/4 HANA and SAP HANA systems. 40 key security settings were identified and distributed among nine critical security areas. You will learn how to assess security of SAP S/4 HANA applications and protect the applications from the most widespread vulnerabilities, and see further steps on securing all nine areas.
This good read helps shape your SAP HANA admin skills.
Every month, SAP released security notes (or patches) to fix bugs in the system and strongly recommends customers to apply them.
ERPScan research team exemplifies HANA patch implementation process using a security note for Information disclosure in SAP HANA XS classic user self-service with CVSS 5.3, which enables an attacker to explore a system and plan further attacks.
ERPScan researchers describe the exact steps that are illustrated generously with screenshots.
SAP GUI is installed on every user workstation in companies running SAP and the new SAP S/4 HANA systems still lets you use SAP GUI. It comes as no surprise that a vulnerability dwelling in SAP GUI can wreak havoc. The SAP GUI security issue allows getting unfettered control over endpoint devices. Thus, it is considered especially critical.
It makes sense to implement important security fixes, and this text can help.
“SAP TREX Security patches” shows the patching process for one of the most severe vulnerability with CVSS 9.4 out of 10. This is a Remote Command Execution (or RCE) vulnerability in the TREXNet communication protocol. With the RCE issue, an attacker can inject code that the application executes. The vulnerable component is integrated into more than a dozen SAP products, and the flagship SAP HANA is no exception.
This entry, being clear and unambiguous, lists the steps in implementing SAP TREX security notes.
The updating process is an essential part of the security of SAP landscape. Sometimes, it can cause difficulties. When a new type of vulnerabilities such as Switchable Authorization checks is published, to patch these specific issues may seem non-trivial.
SAP patches implementation for ABAP systems requires manual activities. ERPScan research team takes an example of such note and proves that you are able to make this very process much easier.
If you’re not buzzing about strict General Data Protection Regulations (GDPR), you’re not in the know. Companies are tackling GDPR compliance that forces businesses to protect the personal data and privacy of EU citizens before time runs out (on May 25, 2018).
Although SAP provides a wide spectrum of protection mechanisms, the measures are not always apparent but correlated with spending and slowdown. Here, the key elements of GDPR are explained for your company to be more GDPR-ready.
The article and the white paper are must-reads for every SAP BASIS admin.
Securing ERP systems is extremely challenging. The majority of applications have their own specific vulnerabilities and weaknesses, and the number of security vulns grows every year.
The “Implementing SAP Vulnerability Management Process” series describes an approach to increasing ERP security by leveraging proactive vulnerability management (VM) process and ERP security control solutions. All parts do a great job of it.
The first part contains business requirements to ERP VM process and its basic structure, described the motivation for the practice.
ERP VM is a cyclic process that delivers improvements in the security of ERP system. Each of five business activities of the ERP Vulnerability Management process in depth is a menu for SAP administrative success.
The second part of the series covers two activities of the ERP Vulnerability Management process that are Identify assets, schedule vulnerability assessment and Scan for vulnerabilities. You will understand that the reliable operation of SAP systems is achievable. It’s just a matter of experience and diligence.
It pairs practice with theory, allowing you to catch the concepts behind the implementation of VM in SAP environment, as well as vulnerability analysis specifically.
Vulnerability Management has two goals: reducing attack vectors and providing assurance in SAP systems. Both of these objectives require assessing of vulnerabilities in terms of risk and remediation effort. In the third and last part, you will find the answer to the question “How to analyze vulnerability reports and develop remediation plans?”
This is a Security Bloggers Network syndicated blog post authored by Research Team. Read the original post at: Blog – ERPScan