EP: The Enterprise Portal & Security Audits
The Enterprise Portal as we know serves as a central conduit channel through which we can access essential information, business applications and all associated business data. Within an organizational environment a Portal environment is built upon the NW platform which in turn is utilized by large end-users bases meaning system flow can on occasion be heavy & process-complex.
In the modern world of computing, IT Security is perhaps one of the important aspects of assured business practices and conformance to business practices. Without necessary security measures and protection mechanisms as we know the consequences can be consequential in all walks of life and the Enterprise Portal is no different.
In my experience with the Enterprise Portal I’ve dealt with many different scenarios in which customers have been performed security scans and updates in a bid to identify vulnerabilities and make correction measures were necessary.
One of the most commonly adopted approaches put forward by organizations running EP environments is to run and review Security Audit’s and address any critical findings that may be highlighted within the report. Such an approach allows any security concerns to be addressed quickly and can allow the business establishment to integrate more stringent security practices to avoid the re-occurrence of such issues in the future.
A security audit will normally result in the generation of a set listing highlighting each Security loophole noted during the analysis of the setup.
What can a Scan Reveal?
Dependent on the organizational setup Security Scan can highlight vulnerabilities across different technology areas for example:
- SQL Injection
- CSS – Cross Site Scripting
- Indirect retrieval of sensitive information
- Logon authentication issues
- Browser Caching
- Application termination
I’ve highlighted a Security vulnerability, what do I do?
From the perspective of the Enterprise Portal in general with regards to security and vulnerabilities there are some important points to highlight. Firstly you need to establish whether or not the security concerns are across an array of different Product Areas.
If the Portal remains the center of interest from a preventive standpoint and a property setup in terms of security the following comprehensive guideline documentation are of vital importance:
- Portal Security Guide: https://help.sap.com/saphelp_nw70ehp1/helpdata/en/5c/429f00a14aa54195b1c63ae1512d10/frameset.htm
- Portal Security Guide (ii): http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0a3e93c-7f16-2a10-7781-dcf70b83d1f3?overridelayout=true
- Authorizations: http://help.sap.com/saphelp_nw70ehp1/helpdata/en/6c/0f9341aa5946b79a7d163652824033/content.htm
The guides outlined above cover the EP from a security setup and these topics.
An additional point here is to ensure that you have the latest SP’s & Patch Level Releases currently maintained with your EP Setup as this is highly encouraged by SAP. Implementing and deploying the latest Patches & SP’s often provides a means of preventing easily avoidable issues.
In terms of precise Incident reporting and the report itself you can follow:
- – SAP Note: 2191528 – Third-party report showing security vulnerabilities.