Security Guide for Usage Type AS

The usage type AS provides the foundation for all of SAP NetWeaver. It comprises the application server services for both the ABAP and Java technologies. Because this usage type provides the underlying groundwork for the rest of the SAP NetWeaver usage types and scenarios, the AS security aspects to be considered are fundamental to the entire SAP NetWeaver platform and the SAP products that are built on it.

Guides are provided for the following technologies provided with the AS usage type:

·        SAP NetWeaver Application Server ABAP Security Guide

This section describes the security aspects involved with the SAP NetWeaver Application Server when using ABAP technology, to include user authentication information, authorization information, network information and information about the Change and Transport System (CTS). Security aspects for certain ABAP business objects are also included as well as special topics such as security with the Internet Graphics Server.

·        SAP NetWeaver Application Server Java Security Guide

This section describes the security aspects involved with the SAP NetWeaver Application Server when using Java technology. This also includes user authentication information, authorization information, network information, and disabling optional services. Special topics such as remote administration and Java Messaging Services (JMS) security are also included.

·        Security Settings for the SAP Message Server

This section describes the security settings for the SAP message server, for example, how to control access to the message server from external monitors, how to administer the message server from the Web browser, and how to set up an ACL for the message server.

·        Interactive Forms based on Adobe Software Security Guide

This section describes the specific security aspects involved when using the Interactive Forms based on Adobe Software solution. In particular, it lists the standard users and authorizations necessary when using the solution as well as necessary communication connections and the corresponding protocols used.

·        Internet Transaction Server Security

This section describes the security aspects involved when using the Internet Transaction Server, for example, which authentication mechanisms are available as well as our recommended network topology.

·        SAP Knowledge Warehouse Security Guide

This section describes the security aspects involved when using the SAP Knowledge Warehouse.

·        Composite Application Framework Core Security Guide

This section describes the security aspects involved when using the SAP Composite Application Framework (CAF) Core, for example, user authentication information, and communication security aspects.

·        Virus Protection and SAP GUI Integrity Checks

This section provides information on virus protection using the virus scan interface as well as information about how SAP GUI ensures its own integrity using checks.