Backdrop: The topic of security is perhaps one of the most important factors when it comes to business practices for organizations. In the modern world of business operations organizational establishments will incorporate strict security standards and procedures as part of their everyday business processes and regulatory practices.
With technology being such a vital part of everyday from both a professional and personal standpoint we ourselves are fully aware of the dangers which can emerge from opening a suspicious email or accidentally providing personal details over the phone.
Some of the most common security concerns are derived from the following types of Networking Attacks
- Viruses
- Spyware
- Ransomware
- Malware
- Eavesdropping
- Identity faking
- Application attacks
- SQL Injections
- XSRF
The list outlined above in true essence is endless.
Enterprise Portal & Security
Let us in this section paint a picture in association to a sample employee working in a professional environment for an organization utilizing the Enterprise Portal. As we know the Enterprise Portal (EP) serves as a central baseline platform and singular point of access to services, applications both custom and standards and data information. For means of greater insight let us create a fictional employee named "Joe Bloggs" who is a long standing employee for a multi-national automobile company. Joe who is vastly experienced has a broad range of everyday work tasks that he must see too and uses a wide arrange of different applications and services through the Portal to do so. For example Joe manages a team and must see that all tasks are designated accordingly, he must also keep track of production stock, order placements, leave requests etc.
The diagram above is perhaps a little generic and high level but gives you an idea into how the underlying processes of work activities converge and stem off one another. In this example we are dealing with one individual called Joe but if we are taking a multi-national organization as the example baseline Joe might be 1 out of 100,000 different employees.
Portal: Security Analysis Avenues & How Secure Are We Now?
If you have incorporated the Enterprise Portal & NW AS JAVA into your setup general practice would deem any information hosted within the Portal itself as strictly confidential and meant only for employees dependent on authorization levels.
Prevention in many cases is the best means of protection. The identification of potential "weak-spots" in a Portal setup from a security standpoint gives you the means of patching up security flaws and fortifying the setup. Assuming all security practices and procedures currently being utilized are effective in preventing attacks is not enough as newer means of attacking and hacking are increasingly being created to take advantage even of the smallest of loopholes.
To perform security checks from a configuration standpoint you can follow the Enterprise Portal Security Guide outlined below:
Secondly you can view the security zones and perform direct checks on each. The purpose behind this is to ensure that only current users bases (Portal End-Users) can view, access, utilize, interact and retrieve information from Portal Services and Applications. The way to perform these checks is to run the Security Zones Checker.
- Login to the Enterprise Portal
- http://<host>:<port>/portal
- In the Portal Select > System Administration > Support > Portal Security > Security Zones Checker.
- You can from this point Select "Scan Security Zones".
- The result list will display used Security Zones & also highlight any unused Security Zones
- Unused Security Zones are usually sourced to PCD changes.
- If Unused Security Zones have been highlighted they can if desired be removed.
- It is not encouraged to do so without adequate consultation and diligent analysis beforehand
Simple Networking Security Tips:
- Antivirus Scans & Prevention
- Trusted Sites
- Network Audits
- Software Blacklists
- Spam Zone Checker
- URL Blocking
- SAP Managed Tags:
