on 12-10-2013 7:48 PM
Hello All
I would like to know what is the use of the below parameters . I want to ocnvey this to customer. Please help me on this.
If the parameter not set what will be the impact to the system.
Regards
S.Subramani
9.1.4 Gateway and Message Server Security
9.1.4.1 Gateway Security
Gateway Security Properties
The parameter GW/REG_NO_CONN_INFO controls the activation of certain security properties of the SAP gateway. It is defined as a bit mask with one bit per property.
SAP Note 1298433 “Bypassing security in reginfo & secinfo” is not activated in your system. The bit mask value for bit 1 is not set.
Recommendation: Enable the missing property by adding the bitmask value to the current value of GW/REG_NO_CONN_INFO. For more information about GW/REG_NO_CONN_INFO, see SAP Note 1444282.
Gateway Access Control Lists
PARAMETERS: GW/SEC_INFO GW/REG_INFO
Rating Instance Error Condition
All instances gw/reg_info and gw/sec_info are defined
REG_INFO
Rating Instance Error Condition File does not exist (default)
All instances File reg_info does not exist (delivery status)
SEC_INFO
Rating Instance Error Condition File does not exist (default)
All instances File sec_info does not exist (delivery status)
P TP=* USER=* HOST=*
Recommendation: The profile parameters gw/sec_info and gw/reg_info provide the file names of the corresponding access control lists. These access control lists are critical to controlling RFC access to your system, including connections to RFC servers. You should create and maintain both access control lists, which you can do using transaction SMGW. For more information, see SAP Note 1425765.
9.1.4.2 Message Server Security
Separation of Internal and External Message Server Communication
PARAMETERS: RDISP/MSSERV RDISP/MSSERV_INTERNAL
Rating Instance Error Condition Value of rdisp/msserv Value of rdisp/msserv_internal
skp9_PS2_00 rdisp/msserv_internal is not defined sapmsPS2
Recommendation: Communication with the message server should be separated into SAP system internal communication (TCP/IP port defined by rdisp/msserv_internal) and communication from user SAPGUIs to the system (TCP/IP port defined by rdisp/msserv), for example. Network firewalls should block access to the port specified in rdisp/msserv_internal from outside the SAP system.
Set parameter rdisp/msserv_internal to a TCP/IP port number different to the port number specified in rdisp/msserv and additionally protect access to the internal message server port by appropriate firewalls. For more information, see SAP Note 821875.
Message Server Access Control List
PARAMETER: MS/ACL_INFO
Rating Instance Error Condition
skp9_PS2_00 ms/acl_info is not defined or empty
Recommendation: The profile parameter ms/acl_info provides the file name of the message server's access control list. This list controls which application servers are allowed to log on to the message server.
SAP recommends defining and properly maintaining this list to prevent rogue application servers from accessing the system. For more information, see SAP Note 821875.
The information is letting you know that anything or everyone can access the system, items like 'ms/acl_info' is a way to authorize those things or people to access the system. If left wide open, then you are just making it easier for malicious people to brute force or DDoS the system and attempt to gain access to it.
Security is best served in layers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.