ADM960 - SAP

ADM960 SAP NetWeaver Application Server Security.. COURSE OUTLINE. Course Version: 17 Course Duration: 5 Day...

28 downloads 1068 Views 301KB Size
ADM960 SAP NetWeaver Application Server Security

.

. COURSE OUTLINE

. Course Version: 17 Course Duration: 5 Day

SAP Copyrights and Trademarks

© 2017 SAP SE or an SAP affiliate company. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/ copyright/index.epx for additional trademark information and notices. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions.

Typographic Conventions American English is the standard used in this handbook. The following typographic conventions are also used.

This information is displayed in the instructor’s presentation

Demonstration

Procedure

Warning or Caution

Hint

Related or Additional Information

Facilitated Discussion

User interface control

Example text

Window title

Example text

© Copyright. All rights reserved.

iii

iv

© Copyright. All rights reserved.

Contents vii

Course Overview

1

Unit 1:

1 1 3

Lesson: Analyzing Security Threats Lesson: Examining the SAP System Environment Unit 2:

3 3 3 3 5

Unit 3:

Unit 4:

7 7 7

11 11 11 11

Introduction to Cryptography Lesson: Describing Cryptography for Security Lesson: Examining Authentication for Security Lesson: Applying Cryptography in SAP Systems

Unit 5:

9 9 11

Basic Security for SAP Systems Lesson: Securing the Front End Lesson: Setting Up User Security in SAP Systems Lesson: Defining Authorizations in SAP Systems Lesson: Configuring Interface Security in SAP Systems Lesson: Providing Development Protection and Applying Security Patches Lesson: Monitoring SAP Systems Lesson: Monitoring Security with SAP Solution Manager

6 6

9

Network Basics Lesson: Describing the Basics of Networks Lesson: Determining the Key Points of Network Security Lesson: Installing and Configuring SAProuter Lesson: Installing and Configuring SAP Web Dispatcher

5 5 5 5 6

7

Computer Security Overview

SAP Secure Network Communication (SNC) Lesson: Setting Up SNC for SAP NetWeaver AS ABAP Lesson: Setting Up SNC for Non-ABAP Components

Unit 6:

Secure Socket Layer (SSL) Lesson: Configuring SSL with SAP NetWeaver AS Lesson: Configuring SSL on the SAP NetWeaver AS ABAP Lesson: Configuring SSL on SAP NetWeaver AS Java Lesson: Configuring SSL on SAP Web Dispatcher and SAP Management Console

© Copyright. All rights reserved.

v

13

vi

Unit 7:

Authentication and Single Sign-On (SSO) Mechanisms in SAP Systems

13 13

Lesson: Describing SAP System Authentications Lesson: Activating Session Security

13

Lesson: Configuring SSO

© Copyright. All rights reserved.

Course Overview

TARGET AUDIENCE This course is intended for the following audiences: ●

System Administrator



Technology Consultant

© Copyright. All rights reserved.

vii

viii

© Copyright. All rights reserved.

UNIT 1

Computer Security Overview

Lesson 1: Analyzing Security Threats Lesson Objectives

After completing this lesson, you will be able to: ●

Analyze security threats and safeguards

Lesson 2: Examining the SAP System Environment Lesson Objectives

After completing this lesson, you will be able to: ●

Examine the SAP NetWeaver Application Server (AS) architecture

© Copyright. All rights reserved.

1

Unit 1: Computer Security Overview

2

© Copyright. All rights reserved.

UNIT 2

Network Basics

Lesson 1: Describing the Basics of Networks Lesson Objectives

After completing this lesson, you will be able to: ●

Describe network communication in the SAP environment

Lesson 2: Determining the Key Points of Network Security Lesson Objectives

After completing this lesson, you will be able to: ●

Identify aspects of network security in an SAP landscape

Lesson 3: Installing and Configuring SAProuter Lesson Objectives

After completing this lesson, you will be able to:



Install and configure SAProuter

Lesson 4: Installing and Configuring SAP Web Dispatcher Lesson Objectives

After completing this lesson, you will be able to:



Install and configure the SAP Web Dispatcher using a dedicated port

© Copyright. All rights reserved.

3

Unit 2: Network Basics

4

© Copyright. All rights reserved.

UNIT 3

Basic Security for SAP Systems

Lesson 1: Securing the Front End Lesson Objectives

After completing this lesson, you will be able to:



Configure security features of SAP GUI for Microsoft Windows

Lesson 2: Setting Up User Security in SAP Systems Lesson Objectives

After completing this lesson, you will be able to:



Define the tools for user administration



Identify standard users



Identify different user types

Lesson 3: Defining Authorizations in SAP Systems Lesson Objectives

After completing this lesson, you will be able to: ●

Explain authorizations in SAP systems



Store user and password information securely



Manage passwords in SAP systems

Lesson 4: Configuring Interface Security in SAP Systems Lesson Objectives

After completing this lesson, you will be able to: ●

Analyze secure Remote Function Call (RFC) communication



Verify SAP Gateway security



Describe secure Internet Communication Manager (ICM)



Describe SAP Message Server security



Configure trusted RFC to establish interface security

© Copyright. All rights reserved.

5

Unit 3: Basic Security for SAP Systems

Lesson 5: Providing Development Protection and Applying Security Patches Lesson Objectives

After completing this lesson, you will be able to:



Secure the SAP development system



Apply security patches

Lesson 6: Monitoring SAP Systems Lesson Objectives

After completing this lesson, you will be able to: ●

Describe the options for security configuration monitoring



Set up the security audit log in ABAP and Java



Use other monitoring tools



Configure the security audit log and user information system

Lesson 7: Monitoring Security with SAP Solution Manager Lesson Objectives

After completing this lesson, you will be able to: ●

6

Analyze the security monitoring capabilities of SAP Solution Manager

© Copyright. All rights reserved.

UNIT 4

Introduction to Cryptography

Lesson 1: Describing Cryptography for Security Lesson Objectives

After completing this lesson, you will be able to: ●

Evaluate cryptography for security



Identify the different types of encryption

Lesson 2: Examining Authentication for Security Lesson Objectives

After completing this lesson, you will be able to: ●

Evaluate the basic concepts of digital certificates and digital signatures

Lesson 3: Applying Cryptography in SAP Systems Lesson Objectives

After completing this lesson, you will be able to: ●

Apply cryptography in SAP systems

© Copyright. All rights reserved.

7

Unit 4: Introduction to Cryptography

8

© Copyright. All rights reserved.

UNIT 5

SAP Secure Network Communication (SNC)

Lesson 1: Setting Up SNC for SAP NetWeaver AS ABAP Lesson Objectives

After completing this lesson, you will be able to:



Secure Dynamic Information and Action Gateway (DIAG) and Remote Function Call (RFC) communication

Lesson 2: Setting Up SNC for Non-ABAP Components Lesson Objectives

After completing this lesson, you will be able to: ●

Set up SAP SNC on SAP NetWeaver AS for Java, SAProuter, and SAP GUI for Microsoft Windows

© Copyright. All rights reserved.

9

Unit 5: SAP Secure Network Communication (SNC)

10

© Copyright. All rights reserved.

UNIT 6

Secure Socket Layer (SSL)

Lesson 1: Configuring SSL with SAP NetWeaver AS Lesson Objectives

After completing this lesson, you will be able to: ●

Use SSL on the SAP NetWeaver AS

Lesson 2: Configuring SSL on the SAP NetWeaver AS ABAP Lesson Objectives

After completing this lesson, you will be able to: ●

Enable SSL on the SAP NetWeaver AS for ABAP

Lesson 3: Configuring SSL on SAP NetWeaver AS Java Lesson Objectives

After completing this lesson, you will be able to: ●

Enable Secure Socket Layer (SSL) on SAP NetWeaver AS for Java

Lesson 4: Configuring SSL on SAP Web Dispatcher and SAP Management Console Lesson Objectives

After completing this lesson, you will be able to: ●

Configure SSL on the SAP Web Dispatcher



Enable SSL for SAP MC

© Copyright. All rights reserved.

11

Unit 6: Secure Socket Layer (SSL)

12

© Copyright. All rights reserved.

UNIT 7

Authentication and Single SignOn (SSO) Mechanisms in SAP Systems

Lesson 1: Describing SAP System Authentications Lesson Objectives

After completing this lesson, you will be able to:



Describe authentication mechanisms for the SAP system



Configure SAP NetWeaver Application Server (AS) for ABAP for logon tickets



Configure SAP NetWeaver AS for Java for logon tickets



Use X.509 client certificates



Authenticate users with Security Assertion Markup Language (SAML)

Lesson 2: Activating Session Security Lesson Objectives

After completing this lesson, you will be able to: ●

Activate session security

Lesson 3: Configuring SSO Lesson Objectives

After completing this lesson, you will be able to: ●

Configure SSO with SAP Passport

© Copyright. All rights reserved.

13