Securing SAP Gateway with Two Factor Authentication

Enterprises across the globe require a robust level of security to protect their assets, and SAP is no alien to it. This 4^th largest software company in the world demands a superior level of security to protect its systems, applications and products in data processing.  

A number of security assessments have already been conducted in this regard and the top 5 Two Factor Authentication solutions For SAP are explained here. But, why does SAP need such a high security? For the simple reason, SAP has a landscape that incorporates a colossal range of data, all of which needs suitable protection.

1.      Security of the SAP Gateway is Critical

One of the biggest security threats to SAP gateways is to run an operating system command without a proper authentication. A company should restrict all kinds of access to the internal and external control system of the SAP getaway so that an unknown source doesn’t cause havoc. If there are business cases that exist and need arises for using the RFC communications due to applications like BEx (business explorer), then proper security application should be applied on the SAP gateway for restricting the Type E and Type R connections.

 

2.      A good SAP landscape does not have any weak passwords

A single weak or faulty password among the many users of SAP can lead to trouble for the whole system and this is the reason why User Security For SAP systems should have proper password policy. Even after ensuring that such policies exist, there should be regular password audits to single out weak passwords like “SAMUEL123”, “HALLOWEEN01”, and others like this.

 

3.      There should be no critical ICM/ITS services

RFC communications are not good for your SAP security and this is the reason why access to web services like SOAPRFC and WEBRFC should be restricted. To restrict this, the invoker servlet on SAP Java AS system should be disabled. When this system is disabled, the hackers cannot bypass the security system.

 

4.      Patching SAP system and GUI regularly helps

Security patches are released by SAP AG every month. So, proper patch management policies should be set up for both the SAP applications and the client components like SAPGUI or SAP Netweaver business client.

 

5.      Security against single sign-on attacks

The place where the sensitive information is stored is the PSE file and the attackers use these to create valid system tokens. When they create the tokens, they can access the system without any password. So, the PSE files should be protected with proper operating system controls.