This guide does not replace the daily operations handbook that we recommend customers to create for their specific productive operations.
? Technical consultants
? System administrators
This document is not included as part of the Installation Guides, Configuration Guides, Technical Operation Manuals, or Upgrade Guides. Such guides are only relevant for a certain phase of the software life cycle, whereby the Security Guides provide information that is relevant for all time frames.
The portal offers users a single point of access to all applications, information, and services needed to accomplish their daily tasks. Links to back-end and legacy applications, self-service applications, company intranet services, and Internet services are all readily available in the user’s portal. Because the borders between company intranets and the Internet are blurring, comprehensive security is vital to protect the company’s business.
The Security Guide comprises the following main sections:
This section contains information about why security is necessary, how to use this document, and references to other Security Guides that build the foundation for this Security Guide.
This section provides an overview of the following user administration and authentication aspects:
0 Recommended tools to use for user management.
0 Standard users that are delivered with the portal.
0 Overview of the user synchronization strategy.
0 Overview of the authentication mechanisms available and related security recommendations.
0 Overview of Single Sign-On and recommendations for securing SAP logon tickets.
This section provides an overview of the authorization concepts in the portal.
This section provides an overview of the communication paths used by the portal and the security mechanisms that apply. It also includes our recommendations for the network topology to restrict access at the network level.
This section provides an overview of any critical data that is used by the SAP NetWeaver Portal and the security mechanisms that apply.
This section provides security recommendations for operating system security.
This section provides an overview of functions that have impacts on security and can be disabled or removed from the system.
? This section contains any security-relevant information not included anywhere else in the guide.
This section provides an overview of the trace and log files that contain security-relevant information, for example, so you can reproduce activities if a security breach does occur.
This section provides references to further information.