To guarantee the security of your RFC connections, include the following points in your setup and take the appropriate measures:
· Restrict maintenance authorizations for RFC destinations (transaction SM59)
· Store user information for system users only (not for dialog users)
· Restrict access to the table RFCDES (information on RFC destinations)
· Use authorization checks in (application) function modules if you want to call these modules using RFC.
· Use secure network communications.
· Deactivate remote monitoring of the SAP Gateways
· Prevent misuse of the RFC Software Development Kit
· Allow RFC connections from known and selected systems only
· Restrict the use of external RFC server programs
· Restrict access to the RFC server program RFCEXEC or RFCEXEC.EXE.
For a more detailed description of these measures, see the appropriate scenario.
Also read the following security information about the SAP Gateway:
You can use the Security Audit Log to monitor RFC calls: