Solved: Security Issues for Remote Login to ECC Server

Former Member · ‎02-11-2008

Hi,

I have configured the saprouter so that people can remotely access the SAP ECC Servers outside the local area network. The saprouttab file contains the following entry:

P * * *

The parameter login/no_automatic_user_sapstar has also been set to a value 1.

The user DDIC and SAP* can only be accessed using the master password, which is provided at installation time.

Is my network secure enough? Or do I need to take into account some more steps / measures?

Regards.

former_member185954 · ‎02-12-2008

Hello,

Generally its not recommended to open up your network in the manner you have mentioned, however if its a requirement you cannot deny here is what first comes to my mind:

Use the 'S * * *' instead of 'P * * *' (unless you are using ITS/J2EE and letting people access using HTTP(S)) , this will ensure that people are able to access only SAP protocol and not any other protocol

Use the following link to understand options of saprouter table.

http://help.sap.com/saphelp_47x200/helpdata/en/4f/992dfe446d11d189700000e8322d00/frameset.htm

Also,

It will be a good idea to allow access only to a particular IP Address i.e. the SAP Application Server instead of the entire IP range.

instead of

S * * *

something like:

S * <sap server ip address> *

Regards,

Siddhesh

Security Issues for Remote Login to ECC Server

Accepted Solutions (1)

Accepted Solutions (1)

Answers (0)

What is the difference between OMS and OMM, while ...

Re: Incorporate international clients into VAR Chi...

Incorporate international clients into VAR Chile

Re: reading external (OData) API from cap

Re: reading external (OData) API from cap