ADM960 SAP NetWeaver Application Server Security
.
. COURSE OUTLINE
. Course Version: 17 Course Duration: 5 Day
SAP Copyrights and Trademarks
© 2017 SAP SE or an SAP affiliate company. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/ copyright/index.epx for additional trademark information and notices. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.
Typographic Conventions American English is the standard used in this handbook. The following typographic conventions are also used.
This information is displayed in the instructor’s presentation
Demonstration
Procedure
Warning or Caution
Hint
Related or Additional Information
Facilitated Discussion
User interface control
Example text
Window title
Example text
© Copyright. All rights reserved.
iii
iv
© Copyright. All rights reserved.
Contents vii
Course Overview
1
Unit 1:
1 1 3
Lesson: Analyzing Security Threats Lesson: Examining the SAP System Environment Unit 2:
3 3 3 3 5
Unit 3:
Unit 4:
7 7 7
11 11 11 11
Introduction to Cryptography Lesson: Describing Cryptography for Security Lesson: Examining Authentication for Security Lesson: Applying Cryptography in SAP Systems
Unit 5:
9 9 11
Basic Security for SAP Systems Lesson: Securing the Front End Lesson: Setting Up User Security in SAP Systems Lesson: Defining Authorizations in SAP Systems Lesson: Configuring Interface Security in SAP Systems Lesson: Providing Development Protection and Applying Security Patches Lesson: Monitoring SAP Systems Lesson: Monitoring Security with SAP Solution Manager
6 6
9
Network Basics Lesson: Describing the Basics of Networks Lesson: Determining the Key Points of Network Security Lesson: Installing and Configuring SAProuter Lesson: Installing and Configuring SAP Web Dispatcher
5 5 5 5 6
7
Computer Security Overview
SAP Secure Network Communication (SNC) Lesson: Setting Up SNC for SAP NetWeaver AS ABAP Lesson: Setting Up SNC for Non-ABAP Components
Unit 6:
Secure Socket Layer (SSL) Lesson: Configuring SSL with SAP NetWeaver AS Lesson: Configuring SSL on the SAP NetWeaver AS ABAP Lesson: Configuring SSL on SAP NetWeaver AS Java Lesson: Configuring SSL on SAP Web Dispatcher and SAP Management Console
© Copyright. All rights reserved.
v
13
vi
Unit 7:
Authentication and Single Sign-On (SSO) Mechanisms in SAP Systems
13 13
Lesson: Describing SAP System Authentications Lesson: Activating Session Security
13
Lesson: Configuring SSO
© Copyright. All rights reserved.
Course Overview
TARGET AUDIENCE This course is intended for the following audiences: ●
System Administrator
●
Technology Consultant
© Copyright. All rights reserved.
vii
viii
© Copyright. All rights reserved.
UNIT 1
Computer Security Overview
Lesson 1: Analyzing Security Threats Lesson Objectives
After completing this lesson, you will be able to: ●
Analyze security threats and safeguards
Lesson 2: Examining the SAP System Environment Lesson Objectives
After completing this lesson, you will be able to: ●
Examine the SAP NetWeaver Application Server (AS) architecture
© Copyright. All rights reserved.
1
Unit 1: Computer Security Overview
2
© Copyright. All rights reserved.
UNIT 2
Network Basics
Lesson 1: Describing the Basics of Networks Lesson Objectives
After completing this lesson, you will be able to: ●
Describe network communication in the SAP environment
Lesson 2: Determining the Key Points of Network Security Lesson Objectives
After completing this lesson, you will be able to: ●
Identify aspects of network security in an SAP landscape
Lesson 3: Installing and Configuring SAProuter Lesson Objectives
After completing this lesson, you will be able to:
●
Install and configure SAProuter
Lesson 4: Installing and Configuring SAP Web Dispatcher Lesson Objectives
After completing this lesson, you will be able to:
●
Install and configure the SAP Web Dispatcher using a dedicated port
© Copyright. All rights reserved.
3
Unit 2: Network Basics
4
© Copyright. All rights reserved.
UNIT 3
Basic Security for SAP Systems
Lesson 1: Securing the Front End Lesson Objectives
After completing this lesson, you will be able to:
●
Configure security features of SAP GUI for Microsoft Windows
Lesson 2: Setting Up User Security in SAP Systems Lesson Objectives
After completing this lesson, you will be able to:
●
Define the tools for user administration
●
Identify standard users
●
Identify different user types
Lesson 3: Defining Authorizations in SAP Systems Lesson Objectives
After completing this lesson, you will be able to: ●
Explain authorizations in SAP systems
●
Store user and password information securely
●
Manage passwords in SAP systems
Lesson 4: Configuring Interface Security in SAP Systems Lesson Objectives
After completing this lesson, you will be able to: ●
Analyze secure Remote Function Call (RFC) communication
●
Verify SAP Gateway security
●
Describe secure Internet Communication Manager (ICM)
●
Describe SAP Message Server security
●
Configure trusted RFC to establish interface security
© Copyright. All rights reserved.
5
Unit 3: Basic Security for SAP Systems
Lesson 5: Providing Development Protection and Applying Security Patches Lesson Objectives
After completing this lesson, you will be able to:
●
Secure the SAP development system
●
Apply security patches
Lesson 6: Monitoring SAP Systems Lesson Objectives
After completing this lesson, you will be able to: ●
Describe the options for security configuration monitoring
●
Set up the security audit log in ABAP and Java
●
Use other monitoring tools
●
Configure the security audit log and user information system
Lesson 7: Monitoring Security with SAP Solution Manager Lesson Objectives
After completing this lesson, you will be able to: ●
6
Analyze the security monitoring capabilities of SAP Solution Manager
© Copyright. All rights reserved.
UNIT 4
Introduction to Cryptography
Lesson 1: Describing Cryptography for Security Lesson Objectives
After completing this lesson, you will be able to: ●
Evaluate cryptography for security
●
Identify the different types of encryption
Lesson 2: Examining Authentication for Security Lesson Objectives
After completing this lesson, you will be able to: ●
Evaluate the basic concepts of digital certificates and digital signatures
Lesson 3: Applying Cryptography in SAP Systems Lesson Objectives
After completing this lesson, you will be able to: ●
Apply cryptography in SAP systems
© Copyright. All rights reserved.
7
Unit 4: Introduction to Cryptography
8
© Copyright. All rights reserved.
UNIT 5
SAP Secure Network Communication (SNC)
Lesson 1: Setting Up SNC for SAP NetWeaver AS ABAP Lesson Objectives
After completing this lesson, you will be able to:
●
Secure Dynamic Information and Action Gateway (DIAG) and Remote Function Call (RFC) communication
Lesson 2: Setting Up SNC for Non-ABAP Components Lesson Objectives
After completing this lesson, you will be able to: ●
Set up SAP SNC on SAP NetWeaver AS for Java, SAProuter, and SAP GUI for Microsoft Windows
© Copyright. All rights reserved.
9
Unit 5: SAP Secure Network Communication (SNC)
10
© Copyright. All rights reserved.
UNIT 6
Secure Socket Layer (SSL)
Lesson 1: Configuring SSL with SAP NetWeaver AS Lesson Objectives
After completing this lesson, you will be able to: ●
Use SSL on the SAP NetWeaver AS
Lesson 2: Configuring SSL on the SAP NetWeaver AS ABAP Lesson Objectives
After completing this lesson, you will be able to: ●
Enable SSL on the SAP NetWeaver AS for ABAP
Lesson 3: Configuring SSL on SAP NetWeaver AS Java Lesson Objectives
After completing this lesson, you will be able to: ●
Enable Secure Socket Layer (SSL) on SAP NetWeaver AS for Java
Lesson 4: Configuring SSL on SAP Web Dispatcher and SAP Management Console Lesson Objectives
After completing this lesson, you will be able to: ●
Configure SSL on the SAP Web Dispatcher
●
Enable SSL for SAP MC
© Copyright. All rights reserved.
11
Unit 6: Secure Socket Layer (SSL)
12
© Copyright. All rights reserved.
UNIT 7
Authentication and Single SignOn (SSO) Mechanisms in SAP Systems
Lesson 1: Describing SAP System Authentications Lesson Objectives
After completing this lesson, you will be able to:
●
Describe authentication mechanisms for the SAP system
●
Configure SAP NetWeaver Application Server (AS) for ABAP for logon tickets
●
Configure SAP NetWeaver AS for Java for logon tickets
●
Use X.509 client certificates
●
Authenticate users with Security Assertion Markup Language (SAML)
Lesson 2: Activating Session Security Lesson Objectives
After completing this lesson, you will be able to: ●
Activate session security
Lesson 3: Configuring SSO Lesson Objectives
After completing this lesson, you will be able to: ●
Configure SSO with SAP Passport
© Copyright. All rights reserved.
13