Security Management Strategies for the CIO
This article can also be found in the Premium Editorial Download "Information Security magazine: How to stop data leakage."
Download it now to read this article plus other related content.
By Juergen Schneider Everyone knows a firewall between the intranet and Internet is a good idea, but did you know that barriers inside the network also serve an important function? This tip, excerpted from Dr. Juergen Schneider's "SAP System Security for the Intranet and Internet" in the Jan/Feb/Mar 2001 issue of SAP Insider, covers ways that you can secure a network to protect data from internal as well as external attacks.
A well-designed network features different protection zones and only a very few well-known and protected transitions between these zones. To get from one zone to another, communication traffic has to pass through a firewall system. Nowadays, everybody expects a firewall between a company's intranet and the public Internet. Fewer people recognize the value of firewalls inside the corporate network, separating mission- critical SAP applications and database servers from the hundreds and thousands of PCs and user workstations in the client network. How sure are you about the intentions of your internal users and the nature and modification status of the software installed on their PCs? Just as you set up "Demilitarized Zones" (DMZs) at the border between the Internet and your intranet and place Web servers and proxies between an external and an internal firewall, inside your corporate network you need well-configured network routers, address and port filters and
Requires Free Membership to View
so on. A secure network
can also be complemented nicely by virtual private networks
extending your extranet to customers and partners.
With such a network setup, there are only a few doors left
vulnerable to penetration by intruders. Your firewalls do have
these doors (otherwise you couldn't go in yourself), so you must
put guards in place. These guards include strong authentication
and access control, as well as encrypted communications.
All commercial Web servers, and the SAP product components they
host today, support the Internet standard protocol Secure Sockets
Layer (SSL) and can run HTTP over SSL, (called HTTPS). With HTTPS,
you ensure that clients and servers can be authenticated to one
another via strong cryptography and that they exchange strong
encryption key information to protect all their communications
from eavesdropping and message tampering. For the classical SAP
communication protocols (DIAG, RFC), the same level of protection
is achieved using SAP's Secure Network Communications (SNC)
option and the SAProuter software as an application-level gateway.
Related book Security Fundamentals for E-Commerce
Author : Vesna Hassler
Publisher : Artech House
ISBN/CODE : 1580531083
Cover Type : Hard Cover
Pages : 416
Published : Nov. 2000
Summary:
If you're charged with maintaining the security of e-commerce sites, you need this unique book that provides an in-depth understanding of basic security problems and relevant e-commerce solutions, while helping you implement today's most advanced security technologies. From designing secure Web, e-commerce and mobile commerce applications, to securing your internal network, to providing secure employee/user authentication, this cutting-edge book gives you a valuable security perspective you won't find in other resources.
This was first published in April 2001
Join the conversationComment
Share
Comments
Results
Contribute to the conversation