If you're a Basis administrator looking to keep your SAP system under lock and key, this is the book for you! Discover information on security-relevant issues, from identity and access management to network and backend security. Get the technical know-how to identify vulnerabilities, defend your system from internal and external threats, and pass audits. Secure your SAP system from the ground up!Highlights include:Password securityCommonCryptoLibSingle sign-on (SSO)AuthorizationsTransport securityAudit loggingPatchingClient lockingRFC securityOperating system and database security Highlights: Password securityCommonCryptoLibSingle sign-on (SSO)AuthorizationsTransport securityAudit loggingPatchingClient lockingRFC securityOperating system and database security

Joe Markgraf is a senior cloud architect and advisor for SAP HANA Enterprice Cloud at SAP America. Before joining SAP he worked as an SAP Basis and security administrator, contributing to large-scale SAP system implementations. He holds a degree in information system management and computer science from Oregon State University.

... Target Audience ... 19 ... System Administration: A Vast Field of Options ... 20 ... What Is Basis? ... 21 ... Structure of This Book ... 23 1.1 ... Potential Threats ... 26 1.2 ... The Onion Concept ... 34 1.3 ... Risk and True Cost of Security ... 37 1.4 ... The Administrator's Role in Security ... 40 1.5 ... Summary ... 43 2.1 ... Understanding System Parameters ... 46 2.2 ... System Profiles ... 47 2.3 ... Profile and Parameter Structure ... 49 2.4 ... Static and Dynamic Parameters ... 53 2.5 ... Viewing and Setting Parameters ... 55 2.6 ... Key Security-Related Parameters ... 64 2.7 ... Controlling Access to Change Parameters ... 66 2.8 ... Summary ... 67 3.1 ... Clients ... 71 3.2 ... Who Should Be Able to Lock and Unlock Transactions? ... 71 3.3 ... Which Transactions to Lock ... 71 3.4 ... Locking Transactions ... 73 3.5 ... Viewing Locked Transactions ... 76 3.6 ... Summary ... 78 4.1 ... Client Settings ... 81 4.2 ... Client Logon Locking ... 89 4.3 ... Summary ... 92 5.1 ... Understanding the Kernel ... 94 5.2 ... Common Cryptographic Library ... 102 5.3 ... Kernel Update ... 104 5.4 ... Summary ... 114 6.1 ... What Is a User ID in SAP? ... 115 6.2 ... Different User Types ... 115 6.3 ... The User Buffer ... 117 6.4 ... Creating and Maintaining a User ... 118 6.5 ... Copy a User ... 128 6.6 ... Change Documents for Users ... 129 6.7 ... Mass User Changes with Transaction SU10 ... 131 6.8 ... User Naming Convention ... 139 6.9 ... Security Policies ... 140 6.10 ... Maintain User Groups ... 145 6.11 ... Central User Administration ... 147 6.12 ... User Lock Status ... 151 6.13 ... User Classification ... 152 6.14 ... User-Related Tables ... 153 6.15 ... Securing Default Accounts ... 154 6.16 ... User Access Reviews ... 156 6.17 ... Inactive Users ... 157 6.18 ... Password and Logon Security ... 158 6.19 ... Segregation of Duties ... 163 6.20 ... Summary ... 165 7.1 ... Authorization Fundamentals ... 168 7.2 ... SAP Role Design Concepts ... 180 7.3 ... The Profile Generator ... 192 7.4 ... Assign and Remove Roles ... 219 7.5 ... Lock and Unlock Transactions ... 221 7.6 ... Transaction SUIM: User Information System ... 221 7.7 ... Role Transport ... 226 7.8 ... Common Standard Profiles ... 228 7.9 ... Types of Transactions ... 229 7.10 ... Table Authorizations ... 239 7.11 ... Printer Authorizations ... 249 7.12 ... Other Important Authorization Objects ... 249 7.13 ... Transaction SACF: Switchable Authorizations ... 253 7.14 ... Customizing Entries in Tables PRGN_CUST and SSM_CUST ... 255 7.15 ... Mass Maintenance of Values within Roles ... 257 7.16 ... Upgrading to a New Release ... 260 7.17 ... ABAP Debugger ... 267 7.18 ... Authorization Redesign and Cleanup ... 269 7.19 ... Introduction to SAP GRC Access Control ... 273 7.20 ... Summary ... 277 8.1 ... What Is Single Sign-On? ... 279 8.2 ... Single Sign-On Technologies ... 284 8.3 ... SAP GUI Single Sign-On Setup ... 286 8.4 ... SAML ... 309 8.5 ... Summary ... 339 9.1 ... Patching Concepts: SAP’s Approach to Patching ... 341 9.2 ... Application of Security SAP Notes ... 347 9.3 ... Implications of Upgrades and Support Packages ... 354 9.4 ... Evaluating Security with SAP Solution Manager ... 354 9.5 ... Summary ... 358 10.1 ... Transport System Concepts ... 360 10.2 ... Transport Authorizations ... 373 10.3 ... Operating System–Level Considerations ... 376 10.4 ... Landscape Considerations ... 377 10.5 ... Summary ... 378 11.1 ... External Audits ... 380 11.2 ... Internal Audits ... 381 11.3 ... Auditing Tools ... 382 11.4 ... Summary ... 409 12.1 ... Choosing a Network Security Strategy ... 411 12.2 ... Securing Using Access Controls ... 412 12.3 ... Securing the Transport Layer ... 422 12.4 ... Connecting to the Internet and Other Networks ... 424 12.5 ... Summary ... 431 13.1 ... Introduction to Cryptography ... 433 13.2 ... Enabling SSL/TLS ... 451 13.3 ... The Internet Connection Manager ... 468 13.4 ... SAP Web Dispatcher ... 481 13.5 ... Summary ... 487 14.1 ... Platform-Independent Database Considerations ... 490 14.2 ... Securing the Database Connection ... 495 14.3 ... Logging and Encrypting Your Database ... 507 14.4 ... Summary ... 511 15.1 ... Business Secure Cell Concept ... 514 15.2 ... Secure Landscape ... 515 15.3 ... Policy ... 519 15.4 ... Operating System Considerations ... 527 15.5 ... Monitoring ... 540 15.6 ... Virtualization Security Considerations ... 553 15.7 ... Network Security Considerations ... 555 15.8 ... Physical Security ... 560 15.9 ... Summary ... 561