ADM960 SAP NetWeaver Application Server Security . . COURSE OUTLINE . Course Version: 10 Course Duration: 5 Day(s)
ADM960SAP NetWeaver Application Server Security
..
COURSE OUTLINE.
Course Version: 10Course Duration: 5 Day(s)
SAP Copyrights and Trademarks
© 2013 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
● Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
● IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation.
● Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
● Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries.
● Oracle is a registered trademark of Oracle Corporation
● UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
● Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc.
● HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.
● Java is a registered trademark of Sun Microsystems, Inc.
● JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape.
● SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.
● Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company.
● Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase, Inc. Sybase is an SAP company.
All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.
These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty.
© Copyright . All rights reserved. iii
iv © Copyright . All rights reserved.
About This Handbook
This handbook is intended to complement the instructor-led presentation of this course, and serve as a source of reference. It is not suitable for self-study.
Typographic Conventions
American English is the standard used in this handbook.
The following typographic conventions are also used.
This information is displayed in the instructor’s presentation
Demonstration
Procedure
Warning or Caution
Hint
Related or Additional Information
Facilitated Discussion
User interface control Example text
Window title Example text
© Copyright . All rights reserved. v
vi © Copyright . All rights reserved.
Contents
ix Course Overview
1 Unit 1: Computer Security Overview
1 Lesson: Analyzing Security Threats1 Lesson: Evaluating the SAP System Environment
3 Unit 2: Network Basics
3 Lesson: Describing the Basics of Networks3 Lesson: Determining the Key Points of Network Security3 Lesson: Installing and Configuring SAProuter3 Lesson: Installing and Configuring the SAP Web Dispatcher
5 Unit 3: Basic Security for SAP Systems
5 Lesson: Securing the Front End5 Lesson: Setting Up User Security in SAP Systems5 Lesson: Defining Authorizations in SAP Systems5 Lesson: Setting Up Interface Security in SAP Systems6 Lesson: Providing Development Protection and Applying Security
Patches6 Lesson: Monitoring SAP Systems6 Lesson: Monitoring and Analyzing Security with SAP Solution
Manager
7 Unit 4: Introduction to Cryptography
7 Lesson: Evaluating Cryptography for Security7 Lesson: Evaluating Authentication and Digital Signatures for
Security7 Lesson: Applying Cryptography in SAP Systems
9 Unit 5: Secure Network Communication (SNC)
9 Lesson: Setting up Secure Network Communication (SNC)
11 Unit 6: Secure Socket Layer (SSL)
11 Lesson: Enabling Secure Socket Layer with SAP NetWeaver AS11 Lesson: Enabling Secure Socket Layer (SSL) on the SAP NetWeaver
AS ABAP11 Lesson: Enabling Secure Socket Layer (SSL) on SAP NetWeaver AS
Java11 Lesson: Enabling Secure Socket Layer (SSL) on SAP Web
Dispatcher and SAP Management Console
© Copyright . All rights reserved. vii
13 Unit 7: Authentication and Single Sign-On (SSO) Mechanisms in SAP Systems
13 Lesson: Evaluating SAP System Authentications13 Lesson: Enabling Session Security13 Lesson: Using Single Sign-On (SSO)
viii © Copyright . All rights reserved.
Course Overview
TARGET AUDIENCEThis course is intended for the following audiences:
● Technology Consultant
● Project Manager
● Systems Architect
● System Administrator
© Copyright . All rights reserved. ix
x © Copyright . All rights reserved.
UNIT 1 Computer Security Overview
Lesson 1: Analyzing Security ThreatsLesson ObjectivesAfter completing this lesson, you will be able to:
● Analyze security threats and safeguards
Lesson 2: Evaluating the SAP System EnvironmentLesson ObjectivesAfter completing this lesson, you will be able to:
● Identify the components of SAP Business Suite
● Evaluate the SAP NetWeaver Application Server (SAP NetWeaver AS) architecture
© Copyright . All rights reserved. 1
Unit 1: Computer Security Overview
2 © Copyright . All rights reserved.
UNIT 2 Network Basics
Lesson 1: Describing the Basics of NetworksLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe network communication in the SAP environment
Lesson 2: Determining the Key Points of Network SecurityLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe the important topics of network security in an SAP landscape
Lesson 3: Installing and Configuring SAProuterLesson ObjectivesAfter completing this lesson, you will be able to:
● Install and configure SAProuter
Lesson 4: Installing and Configuring the SAP Web DispatcherLesson ObjectivesAfter completing this lesson, you will be able to:
● Install and configure the SAP Web Dispatcher using a dedicated port
© Copyright . All rights reserved. 3
Unit 2: Network Basics
4 © Copyright . All rights reserved.
UNIT 3 Basic Security for SAP Systems
Lesson 1: Securing the Front EndLesson ObjectivesAfter completing this lesson, you will be able to:
● Configure security features of SAP GUI for Windows
Lesson 2: Setting Up User Security in SAP SystemsLesson ObjectivesAfter completing this lesson, you will be able to:
● Deal with the tools for user administration
● Name standard users
● Recognize different user types
Lesson 3: Defining Authorizations in SAP SystemsLesson ObjectivesAfter completing this lesson, you will be able to:
● Explain authorizations in SAP systems
● Manage passwords in SAP systems
● Securely store user and password information
● Configure password parameters
Lesson 4: Setting Up Interface Security in SAP SystemsLesson ObjectivesAfter completing this lesson, you will be able to:
● Secure Remote Function Call (RFC) communication
● Ensure SAP Gateway security
● Secure Internet Communication Manager (ICM)
● Ensure SAP Message Server security
© Copyright . All rights reserved. 5
● Establish interface security
Lesson 5: Providing Development Protection and Applying Security PatchesLesson ObjectivesAfter completing this lesson, you will be able to:
● Protect development
● Apply security patches
Lesson 6: Monitoring SAP SystemsLesson ObjectivesAfter completing this lesson, you will be able to:
● Explore the various options of security configuration monitoring
● Use the security audit log
● Use other monitoring tools
● Understand the security audit logs and reports
Lesson 7: Monitoring and Analyzing Security with SAP Solution ManagerLesson ObjectivesAfter completing this lesson, you will be able to:
● Obtain a landscape-wide overview of the security configuration
Unit 3: Basic Security for SAP Systems
6 © Copyright . All rights reserved.
UNIT 4 Introduction to Cryptography
Lesson 1: Evaluating Cryptography for SecurityLesson ObjectivesAfter completing this lesson, you will be able to:
● Evaluate cryptography for security
● Understand encryption
Lesson 2: Evaluating Authentication and Digital Signatures for SecurityLesson ObjectivesAfter completing this lesson, you will be able to:
● Evaluate the basic concepts of digital certificates and digital signatures
Lesson 3: Applying Cryptography in SAP SystemsLesson ObjectivesAfter completing this lesson, you will be able to:
● Apply cryptography in SAP systems
© Copyright . All rights reserved. 7
Unit 4: Introduction to Cryptography
8 © Copyright . All rights reserved.
UNIT 5 Secure Network Communication (SNC)
Lesson 1: Setting up Secure Network Communication (SNC)Lesson ObjectivesAfter completing this lesson, you will be able to:
● Secure Dynamic Information and Action Gateway (DIAG) and Remote Function Call (RFC) communication
© Copyright . All rights reserved. 9
Unit 5: Secure Network Communication (SNC)
10 © Copyright . All rights reserved.
UNIT 6 Secure Socket Layer (SSL)
Lesson 1: Enabling Secure Socket Layer with SAP NetWeaver ASLesson ObjectivesAfter completing this lesson, you will be able to:
● Use Secure Socket Layer (SSL) on SAP NetWeaver AS
Lesson 2: Enabling Secure Socket Layer (SSL) on the SAP NetWeaver AS ABAPLesson ObjectivesAfter completing this lesson, you will be able to:
● Enable Secure Socket Layer (SSL) on the SAP NetWeaver AS ABAP
Lesson 3: Enabling Secure Socket Layer (SSL) on SAP NetWeaver AS JavaLesson ObjectivesAfter completing this lesson, you will be able to:
● Enable Secure Socket Layer (SSL) on SAP NetWeaver AS Java
Lesson 4: Enabling Secure Socket Layer (SSL) on SAP Web Dispatcher and SAP Management ConsoleLesson ObjectivesAfter completing this lesson, you will be able to:
● Enable Secure Socket Layer (SSL) on the SAP Web Dispatcher
● Enable Secure Socket Layer (SSL) for SAP Management Console
© Copyright . All rights reserved. 11
Unit 6: Secure Socket Layer (SSL)
12 © Copyright . All rights reserved.
UNIT 7 Authentication and Single Sign-On (SSO) Mechanisms in SAP Systems
Lesson 1: Evaluating SAP System AuthenticationsLesson ObjectivesAfter completing this lesson, you will be able to:
● Describe authentication mechanisms
● Configure Application Server ABAP (AS ABAP) for usage of logon tickets
● Configure Application Server Java (AS Java) for usage of logon tickets
● Use X.509 client certificates
● Use Security Assertion Markup Language (SAML) for authentication
Lesson 2: Enabling Session SecurityLesson ObjectivesAfter completing this lesson, you will be able to:
● Enable session security
Lesson 3: Using Single Sign-On (SSO)Lesson ObjectivesAfter completing this lesson, you will be able to:
● Use Single Sign-On (SSO) for SAP systems
© Copyright . All rights reserved. 13