ADM960 SAP NetWeaver Application Server Security. COURSE OUTLINE Course Version: 15 Course Duration: 5 Day
SAP Copyrights and Trademarks 2015 SAP SE. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE. The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iseries, pseries, xseries, zseries, eserver, z/vm, z/os, i5/os, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE in Germany and other countries. Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company. Sybase and Adaptive Server, ianywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company.
All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP SE and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. Copyright. All rights reserved. iii
iv Copyright. All rights reserved.
Typographic Conventions American English is the standard used in this handbook. The following typographic conventions are also used. This information is displayed in the instructor s presentation Demonstration Procedure Warning or Caution Hint Related or Additional Information Facilitated Discussion User interface control Example text Window title Example text Copyright. All rights reserved. v
vi Copyright. All rights reserved.
Contents ix Course Overview 1 Unit 1: Computer Security Overview 1 Lesson: Analyzing Security Threats 1 Lesson: Examining the SAP System Environment 3 Unit 2: Network Basics 3 Lesson: Describing the Basics of Networks 3 Lesson: Determining the Key Points of Network Security 3 Lesson: Installing and Configuring SAProuter 3 Lesson: Installing and Configuring SAP Web Dispatcher 5 Unit 3: Basic Security for SAP Systems 5 Lesson: Securing the Front End 5 Lesson: Setting Up User Security in SAP Systems 5 Lesson: Defining Authorizations in SAP Systems 5 Lesson: Configuring Interface Security in SAP Systems 6 Lesson: Providing Development Protection and Applying Security Patches 6 Lesson: Monitoring SAP Systems 6 Lesson: Monitoring Security with SAP Solution Manager 7 Unit 4: Introduction to Cryptography 7 Lesson: Describing Cryptography for Security 7 Lesson: Examining Authentication for Security 7 Lesson: Applying Cryptography in SAP Systems 9 Unit 5: Secure Network Communication (SNC) 9 Lesson: Setting Up SNC for SAP NetWeaver AS ABAP 9 Lesson: Setting Up SNC for Non-ABAP Components 11 Unit 6: Secure Socket Layer (SSL) 11 Lesson: Configuring SSL with SAP NetWeaver AS 11 Lesson: Configuring SSL on the SAP NetWeaver AS ABAP 11 Lesson: Configuring SSL on SAP NetWeaver AS Java 11 Lesson: Configuring SSL on SAP Web Dispatcher and SAP Management Console Copyright. All rights reserved. vii
13 Unit 7: Authentication and Single Sign-On (SSO) Mechanisms in SAP Systems 13 Lesson: Describing SAP System Authentications 13 Lesson: Activating Session Security 13 Lesson: Configuring SSO viii Copyright. All rights reserved.
Course Overview TARGET AUDIENCE This course is intended for the following audiences: System Administrator Technology Consultant Copyright. All rights reserved. ix
x Copyright. All rights reserved.
UNIT 1 Computer Security Overview Lesson 1: Analyzing Security Threats Analyze security threats and safeguards Lesson 2: Examining the SAP System Environment Identify the components of SAP Business Suite Examine the SAP NetWeaver Application Server (SAP NetWeaver AS) architecture Copyright. All rights reserved. 1
Unit 1: Computer Security Overview 2 Copyright. All rights reserved.
UNIT 2 Network Basics Lesson 1: Describing the Basics of Networks Describe network communication in the SAP environment Lesson 2: Determining the Key Points of Network Security Identify aspects of network security in an SAP landscape Lesson 3: Installing and Configuring SAProuter Install and configure SAProuter Lesson 4: Installing and Configuring SAP Web Dispatcher Install and configure the SAP Web Dispatcher using a dedicated port Copyright. All rights reserved. 3
Unit 2: Network Basics 4 Copyright. All rights reserved.
UNIT 3 Basic Security for SAP Systems Lesson 1: Securing the Front End Configure security features of SAP GUI for Windows Lesson 2: Setting Up User Security in SAP Systems Define the tools for user administration Identify standard users Identify different user types Lesson 3: Defining Authorizations in SAP Systems Explain authorizations in SAP systems Securely store user and password information Manage passwords in SAP systems Lesson 4: Configuring Interface Security in SAP Systems Analyze secure Remote Function Call (RFC) communication Verify SAP Gateway security Describe secure Internet Communication Manager (ICM) Describe SAP Message Server security Configure trusted RFC to establish interface security Copyright. All rights reserved. 5
Unit 3: Basic Security for SAP Systems Lesson 5: Providing Development Protection and Applying Security Patches Secure the SAP development system Apply security patches Lesson 6: Monitoring SAP Systems Describe the options for security configuration monitoring Set up the security audit log in ABAP and Java Use other monitoring tools Configure the security audit log and User Information System Lesson 7: Monitoring Security with SAP Solution Manager Analyze the security monitoring capabilities of SAP Solution Manager 6 Copyright. All rights reserved.
UNIT 4 Introduction to Cryptography Lesson 1: Describing Cryptography for Security Evaluate cryptography for security Identify the different types of encryption Lesson 2: Examining Authentication for Security Evaluate the basic concepts of digital certificates and digital signatures Lesson 3: Applying Cryptography in SAP Systems Apply cryptography in SAP systems Copyright. All rights reserved. 7
Unit 4: Introduction to Cryptography 8 Copyright. All rights reserved.
UNIT 5 Secure Network Communication (SNC) Lesson 1: Setting Up SNC for SAP NetWeaver AS ABAP Secure Dynamic Information and Action Gateway (DIAG) and Remote Function Call (RFC) communication Lesson 2: Setting Up SNC for Non-ABAP Components Set up SNC on SAP NetWeaver AS Java, SAProuter, and SAP GUI for Windows Copyright. All rights reserved. 9
Unit 5: Secure Network Communication (SNC) 10 Copyright. All rights reserved.
UNIT 6 Secure Socket Layer (SSL) Lesson 1: Configuring SSL with SAP NetWeaver AS Use Secure Socket Layer (SSL) on the SAP NetWeaver AS Lesson 2: Configuring SSL on the SAP NetWeaver AS ABAP Enable Secure Socket Layer (SSL) on the SAP NetWeaver AS ABAP Lesson 3: Configuring SSL on SAP NetWeaver AS Java Enable Secure Socket Layer (SSL) on SAP NetWeaver AS Java Lesson 4: Configuring SSL on SAP Web Dispatcher and SAP Management Console Configure SSL on the SAP Web Dispatcher Enable Secure Socket Layer (SSL) for SAP Management Console Copyright. All rights reserved. 11
Unit 6: Secure Socket Layer (SSL) 12 Copyright. All rights reserved.
UNIT 7 Authentication and Single Sign- On (SSO) Mechanisms in SAP Systems Lesson 1: Describing SAP System Authentications Describe authentication mechanisms for the SAP system Configure AS ABAP for logon tickets Configure AS Java for logon tickets Use X.509 client certificates Authenticate users with Security Assertion Markup Language (SAML) Lesson 2: Activating Session Security Activate session security Lesson 3: Configuring SSO Configure SSO with SAP Passport Copyright. All rights reserved. 13