SYSTEM COPY
Tasks and activities
Job scheduling: your system needs to run various automatic background jobs that consume resources. Your administrator must carefully schedule these tasks when user demand is low so they don't impact performance.
Remove weak password hashes from the system: Only updating the profile parameter does not provide you with the necessary security. There are still many weak hash values in your database that can be used to attack your system. These must be completely removed from the database. To do this, use the report CLEANUP_PASSWORD_HASH_VALUES. To do this, call the transaction SA38 and enter the name of the report in the input field. Run or F8 executes the programme and cleans your database Report CLEANUP_PASSWORD_HASH_VALUES This programme removes the outdated hash values across all clients. Have you already experienced this attack method or any other comments on this topic? Share your experiences with us in the form of a comment under this article.
SU56 Entered authorizations in buffer
In every company with an SAP system, there is someone who is responsible for the SAP Basis. This person ensures the trouble-free operation of the SAP system. He or she accompanies maintenance work and intervenes in special situations, such as poor performance. Even for companies that hand over the operation of the basis to an external service provider, there are often still tasks from the user and authorization management environment at this point.
Many companies are struggling with the introduction and use of secinfo and reginfo files to secure SAP RFC gateways. We have developed a generator that supports the creation of the files. This blog post lists two SAP best practices for creating the secinfo and reginfo files to enhance the security of your SAP gateway and how the generator helps you do this. secinfo and reginfo Request generator Option 1: Restrictive procedure In the case of the restrictive solution approach, only in-system programmes are allowed. Therefore, external programmes cannot be used. However, since this is desired, the access control lists must be gradually expanded to include each programme required. Although this procedure is very restrictive, which speaks for safety, it has the very great disadvantage that, in the creation phase, links which are actually desired are always blocked. In addition, the permanent manual activation of individual connections represents a continuous effort. For large system landscapes, this procedure is very complex. Option 2: Logging-based approach An alternative to the restrictive procedure is the logging-based approach. To do this, all connections must be allowed first by the secinfo file containing the content USER=* HOST=* TP=* and the reginfo file contains the content TP=*. During the activation of all connections, a recording of all external programme calls and system registrations is made with the gateway logging. The generated log files can then be evaluated and the access control lists created. However, there is also a great deal of work involved here. Especially with large system landscapes, many external programmes are registered and executed, which can result in very large log files. Revising them and creating access control lists can be an unmanageable task. However, this process does not block any intentional connections during the compilation phase, which ensures the system will run non-disruptively.
Some missing SAP basic functions in the standard are supplied by the PC application "Shortcut for SAP Systems".
Widely used products in this segment are UC4 and Arvato Streamworks.
However, the tasks also include strategic and planning aspects.