Cybsec Security Systems
Página PrincipalSobre NosotrosServiciosCapacitaciónNoticiasArtículosInvestigaciónContáctenos Contáctenos via Email
 
 
SAP Security Workshop

Seminar objectives::

  • Show the audience SAP R/3 (ABAP) technical and operating security aspects.
  • Analyze secure configuration directives of every system component: Operating System, Database and SAP R/3.
  • Learn security best practices in the configuration of the various services and their interoperability with other Company systems.
  • Learn about the techniques and tools used by attackers to attempt to compromise SAP systems and how to protect them.
  • Understand the procedure used to carry out Information System Audits.
  • Perform practice exercises using the latest tools and techniques available to check security in SAP systems and increase there technical and operating security level (participants must attend the course with notebooks).

Developed for:

  • Computer Security Administrators, Officials and Chiefs, Auditors, SAP Consultants and BASIS Administrators.

Agenda:

1. Introduction

2. Threats to computer systems

3. Computer Information Security Fundamentals

  • Basic fundamentals.
  • Authentication.
  • Authorization.
  • Encryption.

4. Introduction to the SAP world

  • SAP solutions.
  • System, client and server concepts.
  • Description of main services.
  • Terminology and basic components

5. Environment Security

  • Secure infrastructure design.
  • SAP Application Gateways: SAProuter and SAP Web Dispatcher.
  • Security of internal and remote accesses.

6. Operating System Security (Windows / UNIX)

  • Users and Groups.
  • Services.
  • Protecting SAP resources.
  • Demonstrations of attacks against Operating Systems.

7. Database Security (MS SQL Server / Oracle )

  • Users and Groups. Passwords.
  • Secure Authentication mechanisms.
  • Encryption.
  • Access privileges.
  • Demonstration of default attacks against Databases

8. SAP Security Concepts

  • System architecture.
  • Security according to SAP.
  • Roles, profiles and authorizations.

9. SAP: User Security

  • Authentication mechanisms.
  • Transactions.
  • User types.
  • Special users.
  • Password policy.

10. SAP: Authorizations

  • Basic concepts.
  • Authorization roles, profiles and objects.
  • Critical authorizations.
  • SAP_ALL profile.
  • Profile Generator.

11. SAP: Interface Security

  • RFC Interface:
  • -- Concepts.
  • -- Connection to remote systems.
  • -- Trusted Systems.
  • -- Attacks against the interface.
  • Interface with the Operating System.

12. SAP: Landscape Security

  • Transport system security.
  • Transports and System Changeability.
  • TMS Trusted Systems.

13. SAP: Component Security

  • ITS Security.
  • CM Security.
  • Security in communications: SNC.
  • Security in communications: SSL.

14. SAP: System Audit

  • System Audit vs. Functional Audit.
  • Tools and procedures.
  • Analyzing reports.

15. Penetration Testing SAP: sapyto

  • Description of the tool.
  • Practical Lab demonstration.

Registration:

Contact Claudia Macri (cmacri@cybsec.com) Tel/Fax: (+54-11) 4371-4444.
  ©2009 Cybsec S.A. Todos los derechos reservados
Sobre Nosotros | Gestión Estratégica | Gestión Operativa | Gestión de Control | Auditorías PCI | Capacitación | Noticias | Artículos | Investigación | Contáctenos Diseño y Desarrollo Alfadesign
©2009 Cybsec S.A. Todos los derechos reservados