on 03-06-2015 8:11 AM
Hi friends,
I'm searching a tool to help to detect vulnerabilities in a SAP PI environment. I know some good practices, like PI in MZ zone and a firewall to let the Internet communications and so on, but i need a tool to automatize the process. For example i know the HTTPS is securer than HTTP but i need a tool that tell me this problem like potential risk.
From ABAP code or NW ABAP stack, i found tools to detect problems like SQL injection in the code in this document http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/b07a908d-6d45-3110-18b0-88d3ad772...
Does Anybody know a SAP or third-party tool for this purpose?
Regards.
Hi Inaki,
You should look at addressing security at various levels. Obviously as you mentioned the placement of your PI in your network. I will provide you a few tips on multi-level security
1. Network - network firewall, close all ports except those that matter. e.g. for inbound, only allow traffic from trusted partners/sites,
2. Transmission - Only allow secure channel (e.g. VPN, HTTPS, SNC, HTTPS on VPN to be sure etc.), the higher encryption level the better.
2. Intrusion Detection and prevention - there are a number of great products out there or you can look at Snort
3. Even if you are protected by app level password, only serve resources that are needed - this is where ACL/whitelisting/permission tables, etc whatever is available on which channel comes to play
and other clever things you can do
Also follow Onapsis, they usually poke SAP on vulnerabilities
Applying latest security notes and regular patching are a must
Cheers
Donald
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi all,
With SAP Solution Manager i've seen a good set of tools for SAP Netweaver platform https://support.sap.com/content/dam/library/support/support-programs-services/support-services/SIS26...
Any other tool recommendation will be appreciated.
Regards.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Inaki,
Not sure if there is a tool available to detect vulnerbilities . However i think SAP keeps the customers updated on all vulnerailities through SAP Hot news like the below Poodle Vulnerability.
2092630 - Turning off SSLv3 on SAP
NETWEAVER AS ABAP and AS JAVA, and on SAP HANA XS
Regards,
Sriram
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
82 | |
10 | |
10 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.