Home > Link, SQL > Security Guide for SAP on SQL Server 2012 – Whitepaper Released

Security Guide for SAP on SQL Server 2012 – Whitepaper Released

Hi Friends,

Following white paper will help you fro SAP on SQL Server 2012 – Security recently release 

Click here or any of image for to redirect to downloading website

image

Some of screen shot from Camerons blog :

image

Document is very useful and SAP specific all security related topics are covered

Table of Contents as follows

1 Executive Summary. 6

2 Microsoft and SAP Partnership. 8

3 SAP Solution Security Implementation. 10

3.1 Security Layers. 10

3.2 Minimum Windows Release Prerequisites. 10

3.3 Security Implementation. 11

3.3.1 Step 1 – Create Dedicated SAP Management Station(s) 11

3.3.2 Step 2 – Isolate SAP backend systems in a dedicated VLAN.. 13

3.3.3 Step 3 – Close all inbound non-SAP ports. 13

3.3.4 Step 4 – Close Web outbound ports. 15

3.3.5 Step 5 –Change Windows Terminal Services Port 16

3.3.6 Step 6 –Use Terminal Services Client 6.0. 16

3.3.7 Step 7 –Create dedicated SAP Active Directory Container 16

3.3.7.1 Create Development, management station, QAS and production sub-containers. 16

3.3.7.2 Enable Policy block on SAP container 17

3.3.8 Step 8 – Create a policy for the SAP servers using SCW… 18

3.3.8.1 Windows firewall and network settings. 22

3.3.8.2 Uninstall Internet Explorer 25

3.3.8.3 Check system auditing configuration. 25

3.3.9 Step 9 – Move Management Station & SAP Servers to AD Containers. 26

3.3.10 Step 10 – Apply Policies to Management Station & SAP Containers. 26

3.3.11 Step 11 – Rename local administrator account using a function. 26

3.3.12 Step 12 – Remove Domain Admins and all other user accounts. 27

3.3.13 Step 13 – MS SQL Server Security. 27

3.3.13.1 SQL Server Security Configuration. 27

3.3.13.2 Use of scripts & direct access to the database. 28

3.3.13.3 Security Requirements for SQL Server Service Accounts. 28

3.3.13.4 Admin Connection. 29

3.3.14 Step 14 – Secure SAP Service Accounts. 29

3.3.14.1 Validate & Adjust DOMAIN\<sid>adm & DOMAIN\SAPService<SID> security. 30

3.3.15 Web Dispatcher & SAP MMC. 30

3.3.16 Step – Physical Data Centre Security. 30

3.3.17 Windows Server Core Deployments. 30

4 A Scientific Comparison of AIX, HPUX, Solaris, Linux & Windows Server Security Vulnerabilities 32

4.1 Windows Platform in Comparison to UNIX Security – Reality. 32

4.1.1 Security Threats – Internal versus External 32

4.1.1.1 External Threats. 33

4.1.1.2 Internal Threats. 33

4.1.1.3 3rd Party Threats. 34

4.1.2 Desktop versus Server – Server Patching versus Desktop Patching. 34

4.1.3 National Institute for Standards & Technology – CVE Database Comparisons. 34

4.1.4 How to Assess the Impact of a Security Vulnerability?. 37

4.1.4.1 Example: Integer overflow in cdd.dll in the Canonical Display Driver (CDD) 38

4.1.5 UNIX Patching vs. Windows Patching: Reboot Requirement 39

5 Patch Management. 42

5.1 Microsoft Windows Security Patches. 42

5.1.1 Security Patch Evaluation. 42

5.1.1.1 Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026) 43

5.1.1.2 Cumulative Security Update for Internet Explorer (2675157) 43

5.1.1.3 Vulnerability in Active Directory Could Allow Remote Code Execution (2640045) 44

5.1.1.4 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694) 44

5.2 SAP Patching Strategy. 47

5.2.1 Rolling Upgrades/Patching Reduces Downtime. 47

6 Auditing, Encryption & Additional Security Topics. 48

6.1 Secure Socket Layer. 48

6.2 Transparent Data Encryption. 48

6.2.1 Key Storage Devices. 48

6.3 Advanced SQL Server Auditing. 48

6.3.1 New Features in SQL Server 2012. 48

6.4 Anti-virus Options. 48

6.5 BitLocker to Protect Boot Disks. 49

6.6 Windows Single Sign On. 49

6.7 IPSEC. 49

6.8 Windows Auditing. 49

6.9 Windows Attack Surface Area Analyser. 49

7 Security Checklist. 50

8 Appendix I 52

9 Appendix II 54

9.1 Windows 2008 R2 Vulnerabilities 3 months to 17th April 2012. 54

9.2 AIX Vulnerabilities 3 months to April 17th 2012. 55

9.3 HP-UX Vulnerabilities 3 months to April 17th 56

10 Security Links and Online Resources. 58

10.1 Microsoft Links. 58

10.2 SAP Links. 58

10.3 General Security Links. 58

You may also interested in reading topics like

About these ads
Categories: Link, SQL

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 1,120 other followers

%d bloggers like this: