SQL Server Mentalist

Hi Friends,

Following white paper will help you fro SAP on SQL Server 2012 – Security recently release 

Click here or any of image for to redirect to downloading website

Some of screen shot from Camerons blog :

Document is very useful and SAP specific all security related topics are covered

Table of Contents as follows

1 Executive Summary. 6

2 Microsoft and SAP Partnership. 8

3 SAP Solution Security Implementation. 10

3.1 Security Layers. 10

3.2 Minimum Windows Release Prerequisites. 10

3.3 Security Implementation. 11

3.3.1 Step 1 – Create Dedicated SAP Management Station(s) 11

3.3.2 Step 2 – Isolate SAP backend systems in a dedicated VLAN.. 13

3.3.3 Step 3 – Close all inbound non-SAP ports. 13

3.3.4 Step 4 – Close Web outbound ports. 15

3.3.5 Step 5 –Change Windows Terminal Services Port 16

3.3.6 Step 6 –Use Terminal Services Client 6.0. 16

3.3.7 Step 7 –Create dedicated SAP Active Directory Container 16

3.3.7.1 Create Development, management station, QAS and production sub-containers. 16

3.3.7.2 Enable Policy block on SAP container 17

3.3.8 Step 8 – Create a policy for the SAP servers using SCW… 18

3.3.8.1 Windows firewall and network settings. 22

3.3.8.2 Uninstall Internet Explorer 25

3.3.8.3 Check system auditing configuration. 25

3.3.9 Step 9 – Move Management Station & SAP Servers to AD Containers. 26

3.3.10 Step 10 – Apply Policies to Management Station & SAP Containers. 26

3.3.11 Step 11 – Rename local administrator account using a function. 26

3.3.12 Step 12 – Remove Domain Admins and all other user accounts. 27

3.3.13 Step 13 – MS SQL Server Security. 27

3.3.13.1 SQL Server Security Configuration. 27

3.3.13.2 Use of scripts & direct access to the database. 28

3.3.13.3 Security Requirements for SQL Server Service Accounts. 28

3.3.13.4 Admin Connection. 29

3.3.14 Step 14 – Secure SAP Service Accounts. 29

3.3.14.1 Validate & Adjust DOMAIN\<sid>adm & DOMAIN\SAPService<SID> security. 30

3.3.15 Web Dispatcher & SAP MMC. 30

3.3.16 Step – Physical Data Centre Security. 30

3.3.17 Windows Server Core Deployments. 30

4 A Scientific Comparison of AIX, HPUX, Solaris, Linux & Windows Server Security Vulnerabilities 32

4.1 Windows Platform in Comparison to UNIX Security – Reality. 32

4.1.1 Security Threats – Internal versus External 32

4.1.1.1 External Threats. 33

4.1.1.2 Internal Threats. 33

4.1.1.3 3^rd Party Threats. 34

4.1.2 Desktop versus Server – Server Patching versus Desktop Patching. 34

4.1.3 National Institute for Standards & Technology – CVE Database Comparisons. 34

4.1.4 How to Assess the Impact of a Security Vulnerability?. 37

4.1.4.1 Example: Integer overflow in cdd.dll in the Canonical Display Driver (CDD) 38

4.1.5 UNIX Patching vs. Windows Patching: Reboot Requirement 39

5 Patch Management. 42

5.1 Microsoft Windows Security Patches. 42

5.1.1 Security Patch Evaluation. 42

5.1.1.1 Vulnerabilities in .NET Framework and Microsoft Silverlight Could Allow Remote Code Execution (2651026) 43

5.1.1.2 Cumulative Security Update for Internet Explorer (2675157) 43

5.1.1.3 Vulnerability in Active Directory Could Allow Remote Code Execution (2640045) 44

5.1.1.4 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2525694) 44

5.2 SAP Patching Strategy. 47

5.2.1 Rolling Upgrades/Patching Reduces Downtime. 47

6 Auditing, Encryption & Additional Security Topics. 48

6.1 Secure Socket Layer. 48

6.2 Transparent Data Encryption. 48

6.2.1 Key Storage Devices. 48

6.3 Advanced SQL Server Auditing. 48

6.3.1 New Features in SQL Server 2012. 48

6.4 Anti-virus Options. 48

6.5 BitLocker to Protect Boot Disks. 49

6.6 Windows Single Sign On. 49

6.7 IPSEC. 49

6.8 Windows Auditing. 49

6.9 Windows Attack Surface Area Analyser. 49

7 Security Checklist. 50

8 Appendix I 52

9 Appendix II 54

9.1 Windows 2008 R2 Vulnerabilities 3 months to 17^th April 2012. 54

9.2 AIX Vulnerabilities 3 months to April 17^th 2012. 55

9.3 HP-UX Vulnerabilities 3 months to April 17^th 56

10 Security Links and Online Resources. 58

10.1 Microsoft Links. 58

10.2 SAP Links. 58

10.3 General Security Links. 58

You may also interested in reading topics like

• BISQL #96 – SQL Server 2012 – Restore Database Features and Simplicity
• MSBI #45 – SQL Server 2012 #1 – Now SQL Server ‘Denali’ is 2012 !
• BISQL # 51 : SQL Server Denali Feature # 2 – Sequence number –All Explanation !!
• BISQL # 53 : SQL Server Denali Feature # 3 – Always On (Concept ,Architecture)
• BISQL # 50 : SQL Server Denali Feature # 1- File Tables # 2 – Demo and Scripting
• BISQL # 49 : SQL Server Denali Feature # 1–File Tables #1 – Introduction & Theory

Hope this helps !

If you really like reading my blog and understood at least few thing then please don’t forget to subscribe my blog.

If you want daily link and analysis or interesting link go to following website which will give @ your inbox please subscribe our following link resource blog :

Link Resource Website

For More information related to BI World visit my Mentalist Blog

Link Resource Blog >> Daily Interesting links

SQL Server Mentalist >> SQL Learning Blog

Business Intelligence Mentalist >> BI World

Connect With me on

| Facebook |Twitter | LinkedIn| Google+ | Word Press | RSS |