ADM960_Col10_2013_Title

ADM960SAP NetWeaver Application Server Security

..

COURSE OUTLINE.

Course Version: 10Course Duration: 5 Day(s)

SAP Copyrights and Trademarks

© 2013 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.

● Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.

● IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation.

● Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

● Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.

● Oracle is a registered trademark of Oracle Corporation

● UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

● Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.

● HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.

● Java is a registered trademark of Sun Microsystems, Inc.

● JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.

● SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.

● Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company.

● Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company.

All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.

These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

© Copyright . All rights reserved. iii

iv © Copyright . All rights reserved.

About This Handbook

This handbook is intended to complement the instructor-led presentation of this course, and serve as a source of reference. It is not suitable for self-study.

Typographic Conventions

American English is the standard used in this handbook.

The following typographic conventions are also used.

This information is displayed in the instructor’s presentation

Demonstration

Procedure

Warning or Caution

Hint

Related or Additional Information

Facilitated Discussion

User interface control Example text

Window title Example text

© Copyright . All rights reserved. v

vi © Copyright . All rights reserved.

Contents

ix Course Overview

1 Unit 1: Computer Security Overview

1 Lesson: Analyzing Security Threats1 Lesson: Evaluating the SAP System Environment

3 Unit 2: Network Basics

3 Lesson: Describing the Basics of Networks3 Lesson: Determining the Key Points of Network Security3 Lesson: Installing and Configuring SAProuter3 Lesson: Installing and Configuring the SAP Web Dispatcher

5 Unit 3: Basic Security for SAP Systems

5 Lesson: Securing the Front End5 Lesson: Setting Up User Security in SAP Systems5 Lesson: Defining Authorizations in SAP Systems5 Lesson: Setting Up Interface Security in SAP Systems6 Lesson: Providing Development Protection and Applying Security

Patches6 Lesson: Monitoring SAP Systems6 Lesson: Monitoring and Analyzing Security with SAP Solution

Manager

7 Unit 4: Introduction to Cryptography

7 Lesson: Evaluating Cryptography for Security7 Lesson: Evaluating Authentication and Digital Signatures for

Security7 Lesson: Applying Cryptography in SAP Systems

9 Unit 5: Secure Network Communication (SNC)

9 Lesson: Setting up Secure Network Communication (SNC)

11 Unit 6: Secure Socket Layer (SSL)

11 Lesson: Enabling Secure Socket Layer with SAP NetWeaver AS11 Lesson: Enabling Secure Socket Layer (SSL) on the SAP NetWeaver

AS ABAP11 Lesson: Enabling Secure Socket Layer (SSL) on SAP NetWeaver AS

Java11 Lesson: Enabling Secure Socket Layer (SSL) on SAP Web

Dispatcher and SAP Management Console

© Copyright . All rights reserved. vii

13 Unit 7: Authentication and Single Sign-On (SSO) Mechanisms in SAP Systems

13 Lesson: Evaluating SAP System Authentications13 Lesson: Enabling Session Security13 Lesson: Using Single Sign-On (SSO)

viii © Copyright . All rights reserved.

Course Overview

TARGET AUDIENCEThis course is intended for the following audiences:

● Technology Consultant

● Project Manager

● Systems Architect

● System Administrator

© Copyright . All rights reserved. ix

x © Copyright . All rights reserved.

UNIT 1 Computer Security Overview

Lesson 1: Analyzing Security ThreatsLesson ObjectivesAfter completing this lesson, you will be able to:

● Analyze security threats and safeguards

Lesson 2: Evaluating the SAP System EnvironmentLesson ObjectivesAfter completing this lesson, you will be able to:

● Identify the components of SAP Business Suite

● Evaluate the SAP NetWeaver Application Server (SAP NetWeaver AS) architecture

© Copyright . All rights reserved. 1

Unit 1: Computer Security Overview

2 © Copyright . All rights reserved.

UNIT 2 Network Basics

Lesson 1: Describing the Basics of NetworksLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe network communication in the SAP environment

Lesson 2: Determining the Key Points of Network SecurityLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe the important topics of network security in an SAP landscape

Lesson 3: Installing and Configuring SAProuterLesson ObjectivesAfter completing this lesson, you will be able to:

● Install and configure SAProuter

Lesson 4: Installing and Configuring the SAP Web DispatcherLesson ObjectivesAfter completing this lesson, you will be able to:

● Install and configure the SAP Web Dispatcher using a dedicated port


Unit 2: Network Basics


UNIT 3 Basic Security for SAP Systems

Lesson 1: Securing the Front EndLesson ObjectivesAfter completing this lesson, you will be able to:

● Configure security features of SAP GUI for Windows

Lesson 2: Setting Up User Security in SAP SystemsLesson ObjectivesAfter completing this lesson, you will be able to:

● Deal with the tools for user administration

● Name standard users

● Recognize different user types

Lesson 3: Defining Authorizations in SAP SystemsLesson ObjectivesAfter completing this lesson, you will be able to:

● Explain authorizations in SAP systems

● Manage passwords in SAP systems

● Securely store user and password information

● Configure password parameters

Lesson 4: Setting Up Interface Security in SAP SystemsLesson ObjectivesAfter completing this lesson, you will be able to:

● Secure Remote Function Call (RFC) communication

● Ensure SAP Gateway security

● Secure Internet Communication Manager (ICM)

● Ensure SAP Message Server security


● Establish interface security

Lesson 5: Providing Development Protection and Applying Security PatchesLesson ObjectivesAfter completing this lesson, you will be able to:

● Protect development

● Apply security patches

Lesson 6: Monitoring SAP SystemsLesson ObjectivesAfter completing this lesson, you will be able to:

● Explore the various options of security configuration monitoring

● Use the security audit log

● Use other monitoring tools

● Understand the security audit logs and reports

Lesson 7: Monitoring and Analyzing Security with SAP Solution ManagerLesson ObjectivesAfter completing this lesson, you will be able to:

● Obtain a landscape-wide overview of the security configuration

Unit 3: Basic Security for SAP Systems


UNIT 4 Introduction to Cryptography

Lesson 1: Evaluating Cryptography for SecurityLesson ObjectivesAfter completing this lesson, you will be able to:

● Evaluate cryptography for security

● Understand encryption

Lesson 2: Evaluating Authentication and Digital Signatures for SecurityLesson ObjectivesAfter completing this lesson, you will be able to:

● Evaluate the basic concepts of digital certificates and digital signatures

Lesson 3: Applying Cryptography in SAP SystemsLesson ObjectivesAfter completing this lesson, you will be able to:

● Apply cryptography in SAP systems


Unit 4: Introduction to Cryptography


UNIT 5 Secure Network Communication (SNC)

Lesson 1: Setting up Secure Network Communication (SNC)Lesson ObjectivesAfter completing this lesson, you will be able to:

● Secure Dynamic Information and Action Gateway (DIAG) and Remote Function Call (RFC) communication


Unit 5: Secure Network Communication (SNC)


UNIT 6 Secure Socket Layer (SSL)

Lesson 1: Enabling Secure Socket Layer with SAP NetWeaver ASLesson ObjectivesAfter completing this lesson, you will be able to:

● Use Secure Socket Layer (SSL) on SAP NetWeaver AS

Lesson 2: Enabling Secure Socket Layer (SSL) on the SAP NetWeaver AS ABAPLesson ObjectivesAfter completing this lesson, you will be able to:

● Enable Secure Socket Layer (SSL) on the SAP NetWeaver AS ABAP

Lesson 3: Enabling Secure Socket Layer (SSL) on SAP NetWeaver AS JavaLesson ObjectivesAfter completing this lesson, you will be able to:

● Enable Secure Socket Layer (SSL) on SAP NetWeaver AS Java

Lesson 4: Enabling Secure Socket Layer (SSL) on SAP Web Dispatcher and SAP Management ConsoleLesson ObjectivesAfter completing this lesson, you will be able to:

● Enable Secure Socket Layer (SSL) on the SAP Web Dispatcher

● Enable Secure Socket Layer (SSL) for SAP Management Console


Unit 6: Secure Socket Layer (SSL)


UNIT 7 Authentication and Single Sign-On (SSO) Mechanisms in SAP Systems

Lesson 1: Evaluating SAP System AuthenticationsLesson ObjectivesAfter completing this lesson, you will be able to:

● Describe authentication mechanisms

● Configure Application Server ABAP (AS ABAP) for usage of logon tickets

● Configure Application Server Java (AS Java) for usage of logon tickets

● Use X.509 client certificates

● Use Security Assertion Markup Language (SAML) for authentication

Lesson 2: Enabling Session SecurityLesson ObjectivesAfter completing this lesson, you will be able to:

● Enable session security

Lesson 3: Using Single Sign-On (SSO)Lesson ObjectivesAfter completing this lesson, you will be able to:

● Use Single Sign-On (SSO) for SAP systems


ADM960_Col10_2013_Title

Documents