Saprouter-Sap Security In-Depth Vol 06

2012 Onapsis, Inc. All Rights Reserved.
SAP
Security In-Depth
Securing the Gates to the Kingdom: Auditing the SAProuter
by Nahuel Sanchez
Vol. 06 / Sep 2012
Abstract
The SAProuter is one of the most critical components of any SAP platform. Working as an
application-level gateway, it is usually connected to untrusted networks and restricts
access to the backend SAP systems.
f not properly secured, remote attacks on an SAProuter implementation could result in
malicious parties accessing the SAP platform and other systems in the organi!ation"s
internal network.
This issue provides an introduction to the SAProuter, followed by an analysis of security
threats and obscure attack vectors on such components.
#ach of the described risks is presented with countermeasures and protection strategies,
to effectively mitigate it and increase the protection of the organi!ation"s SAP platform
against cyber-attacks.
Copyright Onapsis, Inc. 2012 - All rights reserved.
No portion of this docuent ay !e reproduced in "hole or in part "ithout the prior "ritten
perission of Onapsis, Inc.
Onapsis offers no specific guarantee regarding the accuracy or copleteness of the inforation
presented, !ut the professional staff of Onapsis a#es every reasona!le effort to present the
ost relia!le inforation availa!le to it and to eet or e$ceed any applica!le industry
standards.
%his pu!lication contains references to the products of &A' A(. &A', )*+, $Apps, $App, &A'
Net,eaver, -uet, 'artner.dge, /y-esign, &A' /usiness /y-esign, and other &A' products
and services entioned herein are tradear#s or registered tradear#s of &A' A( in (erany
and in several other countries all over the "orld.
/usiness O!0ects and the /usiness O!0ects logo, /usinessO!0ects, Crystal )eports, Crystal
-ecisions, ,e! Intelligence, 1celsius and other /usiness O!0ects products and services
entioned herein are tradear#s or registered tradear#s of /usiness O!0ects in the 2nited
&tates and*or other countries.
&A' A( is neither the author nor the pu!lisher of this pu!lication and is not responsi!le for its
content, and &A' (roup shall not !e lia!le for errors or oissions "ith respect to the aterials.
What is the SAP Security In-Depth Publication?
Until 2007, SAP security was regarded as a synonym for Segregation of Duties
SoD! by the ma"ority of the #nformation Security community$ %hile this as&ect
of security is mandatory and of absolute im&ortance, many threats which
entail much higher levels of business risks, have so far been omitte from
Auiting an Information Security practices!
'he technological com&onents of these business(critical solutions introduce
many s&ecific security concerns that, if not addressed a&&ro&riately, can be the
source of information security attac)s on the confidentiality, integrity and*or
a+ailability of the critical business information &rocessed$ 'herefore, failing to
properly protect these components can leave business information at risk
of espionage, frau an sabotage attacks!

SAP Security #n(De&th is a &ublication led by the ,na&sis -esearch .abs with
the &ur&ose of &ro+iding s&ecialized information about current and future ris)s
in this area, allowing different actors financial managers, information security
managers, SAP administrators, auditors, consultants and others! to better
unerstan the risks involve an the techni"ues an tools available to
assess an mitigate them!
#A$%& '( )'*#&*#S
/$ #N'-,DU0'#,N$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$1
2$ '2-3A'S 4 0,UN'3-53ASU-3S$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$/6
6$ A''A07 830',-S$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$/9
:$ 0,N0.US#,NS$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$20
9$ -3;3-3N03S$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$2/
SAP Security In-Depth Vol.6
Securing the Gates to the Kingdom Auditing the SA!router
&+&),#I-& S,..A/0
%hile the &A' &ecurity In--epth pu!lication del+es into com&le< technical
security as&ects of these &latforms, we consider it im&ortant to &ro+ide an
e<ecuti+e summary, using a non(technical language, to highlight outstanding
conce&ts and ris)s &resented in this +olume$
3ey concepts analy4ed in this edition5
SAP &ro+ides different technologies to enable remote access to the
com&any=s business a&&lications$
3ach of these technologies features com&le< and different security
architectures, which must be holistically understood in order to be
&ro&erly e+aluated$
'his &ublication analyzes the current ris)s affecting these com&onents
and the necessary measures that must be ta)en in order to mitigate
them$
3ey findings and ris#s5

> 20/2 ,na&sis, #nc 9
0ertain features of the SAProuter are only su&&osed to be used by
SAP A? for remote su&&ort$ 2owe+er, if not &ro&erly secured,
attac)ers may abuse them to access systems in the organization=s
internal networ) ;ile Ser+ers, #ntranets, etc$!$
#f an attac)er is able to e<&loit security +ulnerabilities in
misconfigured SAProuters, there is a high &robability that he will
be able to access the bac)end SAP systems$
5any organizations are currently e<&osing their bac)end SAP
systems to the #nternet through SAProuters$ -emote attac)ers
can easily disco+er these bac)end SAP systems by scanning the
networ)$
1! I*#/'D,)#I'*
1.1. What is a SAProuter?
#n a ty&ical networ) en+ironment, the organization=s SAP Systems are located
behind se+eral &erimeter security de+ices such as &ro<ies or firewalls$ 'he
following diagram illustrates a ty&ical networ) infrastructure, showing the
different networ)(related com&onents and hosts@
#mage 0$ 'y&ical networ) en+ironment$
Strictly s&ea)ing, the SAProuter is an SAP &rogram that AtunnelsB or AroutesB
ingoing and outgoing connections to the organization=s SAP systems, from other
systems in the .ocal Area Networ), from &artners or from SAP A?ty&ically in
situations where the com&any reCuires su&&ort!$ #n other words, the SAProuter
acts as a Acontrolled gateB to the organization=s SAP systems$ D/E
> 20/2 ,na&sis, #nc 1
1.2. Why should you use a SAProuter?
SAProuter has the following ca&abilities, among others@
0ontrol and log connections to organization=s SAP systems$
Sol+e networ) address conflicts between networ) systems$
#m&ro+e o+erall security allowing connections only from trusted
addresses$
3nforce the use of Secure Networ) 0ommunications SN0!$
;rom a security &oint of +iew, the SAProuter is useful as it can be used to add
an e<tra layer of security by logging the connections to the SAP &latform and
enforcing SAP &rotocol(le+el controls, such as SN0 encry&tion and the use of
connection &asswords$
SAP system connections without SAProuter
'he ne<t diagram shows a networ) to&ology without the use of SAProuter$
#mage /$ 0onnections without SAProuter
#n this scenario, it is &ossible to note that the access management to the SAP
&latforms is managed at the networ) firewall$ ;or each new connection that is
reCuired, new e<ce&tions in the firewall &olicy need to be created$
> 20/2 ,na&sis, #nc 7
SAP system connections im&lementing SAProuter
'he following &icture shows the networ) to&ology when SAProuter is
im&lemented$
#mage 2$ 0onnections through SAProuter
#n this case only one e<ce&tion in the firewall is needed, client systems to the
target SAProuter$ 'he SAProuter restricts access to the bac)end SAP systems
through its /oute Permission #able! D2E
I.P'/#A*# S&),/I#0 *'#&2 SAProuter oes *'# replace firewalls or
other network security evices, but complements them!
It is critical to unerstan this concept - the SAProuter was not esigne
to stop attacks like firewalls or packet filters o! Aitionally, if the
SAP/outer is e3pose without a firewall, all the 'perating System
services an ports will be accessible from the untruste network!
1.3. How does it work?
SAProuter=s beha+ior is dri+en by a configuration file called the A)oute
'erission %a!le6$
'his file com&rises a set of rules allowing or denying access to s&ecific hosts
and ser+ices$ 7%he )oute 'erission %a!le contains the host naes and port
nu!ers of the predecessor and successor points of route 8fro &A')outer9s
point of vie": as "ell as the pass"ords re;uired to set up the connection 8if
configured:.6 D2E$
> 20/2 ,na&sis, #nc F
Using this access control list, the SAProuter decides which connections should
be allowed and which shouldn=t$ Also it is &ossible to use SN0 connections with
SAP-outer for further information refer to the section ASAProuter and Secure
Networ) 0ommunicationsB!$
0lients connecting through a SAProuter must first configure a A-oute StringB,
which will be e<&lained into details at the end of this section$
0onfiguring the -oute Permission 'able
'he A-oute Permission 'ableB file, by default called sa&routtab, is a te<t(file
containing a set of lines, each ha+ing the following format@
P 4 S 4 D 5source6host7 5est6host7 5est6service7 5passwor7
'he first letter is the command$ 'here are three o&tions for the command, which
are@
8P9ermit@ SAProuter grants the connections$
#ncluding a number after the APB is also &ossible, s&ecifying the ma<imum
number of ho&s allowed for this route$
8S9ecure@ ,nly allows connections using the SAP Protocol, connections with
other &rotocols are not allowed$
#ncluding a number after the ASB is also &ossible, s&ecifying the ma<imum
number of ho&s allowed for this route$
8D9eny@ Pre+ents the connections from being set u&$ #t is a straightforward
denial of the connection$
;ollowing the command, there are three other mandatory o&tions that should be
configured for e+ery entry@
5source6host72 Source host of the connection to the SAProuter$ 'his o&tion
can be configured as a 2ost Name, an #P address or an #P Subnetwor)$
5est6host72 Destination host that the connection is connecting to$ 'his
o&tion can be configured as a 2ost Name, an #P address or an #P Subnetwor)$
5est6service72 :#)P; Service that the connection is &ointing to$ 'his is the
'0P &ort and can be configured as a single '0P &ort #3 6200!, as a ser+ice
name #3 sa&gw00! or as a &ort range, se&arated by A$B dot! #3@ 6200$62GG!$
*'#&@ 'he SAProuter follows the ;irst 5atch, Deny on No(5atch criteria$
'herefore, if there is an entry in the sa&routtab that matches for the connection,
> 20/2 ,na&sis, #nc G
then the SAProuter acts according to the entry Permit*Deny!$ #f there is no
entry matching the connection, then the connection is automatically denied$
3<am&les of regular non(SN0! entries in the )oute 'erission %a!le@
SAProuter and Secure Networ) 0ommunications
SAProuter allows its users to increase the o+erall le+el of communication
security networ) le+el! using SN0$ 'he SAP Secure Networ) 0ommunications
&rotocol &ro+ides authentication and encry&tion to data that needs to be
transferred o+er unreliable networ)s such as the #nternet$ D:E
'he following are the &rereCuisites to use SN0 with SAProuter@
SAProuter=s +ersion must be 60 or higher$
'he Source and Destination=s SAProuter need be started with the A(7B
o&tion$ to get further information, &lease refer to D/E!
'here must be a A7'B entry in the source and in the destination
SAProuter=s &ermission tables$ 'hese ty&e of entries define the use of
SN0$
'here must be a A7PB entry in the source and in the destination
SAProuter=s &ermission tables$ 'hese entries allow the SN0 connection$
3ntries in the -oute Permission 'able to use SN0
'he SN0 routes start with <=>$ 3ntries can be of two ty&es@
/$ <=#> entries@ 'hese entries define which connections are to be
encry&ted using SN0$ 0onnections can be ingoing or outgoing$
2$ <=D>, <=P> an <=S> entries2 ;ollow the synta< <=5D 4 P 4 S7
5S*)name source host7 5st host7 5st srv7 5passwor7! 'his
format is eCui+alent to the format used for normal connections, but
adding a A7B at the beginning of the entry$
> 20/2 ,na&sis, #nc /0
D 192.168.1.10 192.168.3.100 3200
P 192.168.1.5 * 5000.5010 s3cr3t
P 192.168.1.6 192.168.3.101 sapdp00
# Comment
3<am&les of SN0 entries on the )oute 'erission %a!le@
-oute String configuration
A-oute StringsB are connections strings which define the &ath that clients must
follow to reach the SAP systems through SAProuters$
'hese connections strings ha+e the following synta<@
(/H/host/S/serv/W/pass)*
%here@
4?4 H ne<t ho& host$
4S4 H ne<t ho& &ort*ser+ice$
4W4 H ne<t ho& connection &assword o&tional!$
3<am&le of a +alid -oute String@
%here@
192.168.0.150 = SAProuter=s #P address$
3299 = SAProuter=s '0P listening &ort$
192.168.3.100 = SAP system #P address$
3200 = SAP system '0P listening &ort$
Note5 &A'routers can !e chained.
> 20/2 ,na&sis, #nc //
# Connections to and from saprouter02 should be SNC
KT p:CN=saprouter02,OU=Test,O=Company,C=JM 10.20.30.40 *
# Connections to and from saprouter03 should be SNC
KT p:CN=saprouter03,OU=Test,O=Company,C=JM 10.20.30.50 *
# Allow SNC connections from saprouter02 with password
KP p:CN=saprouter02,OU=Test,O=Company,C=JM 172.16.1.1 3200 pwd321
/H/192.168.0.150/S/3299/H/192.168.3.100/S/3200/W/secret
SAP Networ) #nterface SAP N# Protocol!
'he SAProuter im&lements the Networ) #nterface &rotocol N# &rotocol!$ 'his
&rotocol has been designed to su&&ort a &latform(inde&endent interface and is
used to communicate between different com&onents and ser+ices of the SAP
systems$ D6E
N# &rotocol can wor) in three different modes@
1! *I6/AW6I'
'he N#I-A%I#, mode is used to communicate between SAP
a&&lications$ ;urthermore, this moe is use for native protocol
routing$
@! *I6.&SA6I'
Primarily used for communication between SAP a&&lications, this
mode is also )nown as ASAP ProtocolB$ 'his communication mode
su&&orts three different ty&es of s&ecial messages@ N#IP#N?,
N#IP,N? and N#I-'3-- used for )ee&ali+e, test and error
messages res&ecti+ely$
B! *I6/',#&6I'
Similar to N#I53S?I#, but )ee&ali+e res&onses are ignored$ 5ost
common message used by the SAProuter$
> 20/2 ,na&sis, #nc /2
@! #?/&A#S C )',*#&/.&AS,/&S
'his section outlines some of the most im&ortant threats affecting SAProuter
im&lementations, along with )ey conce&ts on how to mitigate them$
2.1. Vulnerable SAProuter version
As any other &rogram, the SAProuter can be &rone to software security
+ulnerabilities, such as memory corru&tion issues, that would enable an attac)er
to &erform unauthorized acti+ities o+er the SAProuter system$
2.2. Permissive Route Permission ables
'he -oute Permission 'able is &robably the most critical as&ect of the
SAProuter=s security, as it defines which connections are the allowed*denied$
#t is &ossible to configure AwildcardsB for the entry fields of the )oute 'erission
%a!le, which would match any +alue for that s&ecific &arameter$
#t is +ery common to find SAProuters configured with +ulnerable tables, ha+ing
wildcards in many fields$ A ty&ical e<am&le of misconfiguration found in real(
world assessments &erformed by ,na&sis, is shown in the following e<cer&t@
'he last rule defines a 'erit command with a wildcard in e+ery field$
'herefore, the SAProuter will allow any incoming connection and attem&t to
establish it with the target system s&ecified by the client$
> 20/2 ,na&sis, #nc /6
P 192.168.0.* sapserver01 3200
P * sapserver02 3201
P * * * #PERMIT ALL
3nsure that the latest a+ailable +ersion of the SAProuter &ro+ided by SAP
A? is being used$
7ee& the SAProuter binary u&dated with security &atches released by SAP$
Protection 4 )ountermeasures
> 20/2 ,na&sis, #nc /:
,nly allow the necessary connections through the SAProuter$ 'he -oute
Permission 'able entries should be as restricti+e as &ossible$
S&ecifically@
( A+oid the use of wildcards in the JdestIhostK and JdestIser+iceK fields
as much as &ossible$
( #f only SAP(&rotocol connections are being used, use ASB instead of APB to
&re+ent the routing of nati+e &rotocols$
( 3nsure that there are no rules that allow connections to the SAProuter
host and ser+ice themsel+es from unauthorized sources, as they can be
abused to &erform Inforation )e;uests$
( Set AD L L L LB as the last entry of the file$ %hile &robably redundant today,
it may be useful to &re+ent future attac)s or changes in the SAProuter
e+aluation &olicy$
B! A##A)= -&)#'/S
'his section describes &ossible attac) +ectors o+er +ulnerable SAProuters$
'he &resented techniCues that can be used to &erform security assessments
o+er SAProuters in a blac)bo< a&&roach$ 'hese +ulnerability assessment and
e<&loitation techniCues can be used to detect unsafe configurations and to
illustrate the ris)s that un&rotected SAProuters could &ose to the SAP
infrastructure, as well as to other systems of the organization$
3.1. SAProuter !onne"tion able Retrieval
#f connections from unauthorized hosts to the SAProuter itself are &ermitted, an
attac)er would be able to obtain +aluable information such as details about
connected clients, SAP ser+ers and ser+ices being used$
'o retrie+e the information &ro+ided by the SAProuter, using the SAProuter
e<ecutable itself, the following command should be e<ecuted@
sa#router $l $H %sa#router&i#&addres'
'he results of the e<ecution of the information retrie+al command are shown in
the following image$ Performing this attac), a malicious &arty would be able to
obtain the following information@
0urrently established connections
Allowed clients
#nternal networ) #P addresses
Ser+ices use
8ersion of SAProuter
8ersion of N# &rotocol
SAProuter=s ,&erating System fla+or %indows*Uni<!
> 20/2 ,na&sis, #nc /9
#mage :$ #nformation retrie+ed from a remote SAProuter$
Note5 Onapsis /i4ploit9s get&A')outerInfo odule <=>, availa!le in version 1.=,
can help you perfor this type of assessent to evaluate "hether your
&A'router is properly protected.
3.2. (nternal )etwork Port$s"annin* throu*h SAProuter
Another interesting attac) +ector that ta)es ad+antage of misconfigured -oute
Permission 'ables is the &ossibility of disco+ering systems in the organization=s
#nternal Networ) pro$ying &ortscans through a SAProuter$
Using the error messages &roduced by the SAProuter if a connection cannot be
established, an attac)er can determine if a &ort in a remote host is o&en or
closed$
'herefore, by sending sim&le connection reCuests N#I-,U'3I#, &ac)ets! to
s&ecific #P addresses and &orts, it is feasible to disco+er li+e and reacha!le!
systems behind the SAProuter$
> 20/2 ,na&sis, #nc /1
Do not allow connections from unauthorized systems to the SAProuter=s #P
address and ser+ice or any su&erset that would im&ly so!$
Please chec) Protection measures outlined in section 2$2$
;or e<am&le, ta)e the following diagram@
#mage 7$ Attac)er guessing o&en &orts in Ser+er A
'he SAProuter=s )oute 'erission %a!le is configured as following@
#n this scenario, the attac)er can identify all the o&en &orts in ASer+er AB or any
other ser+ers reachable by the SAProuter$
Note5 Onapsis /i4ploit9s saprouter&py odule <=>, availa!le in version 1.00, can
help you perfor this type of assessent to evaluate "hether your &A'router
is properly protected.
3.3. SAProuter )ative Proto"ol Routin*
Somewhat an obscure feature, the SAProuter has the ability to &ro<y non(SAP
&rotocols such as SS2, '3.N3', ;'P and 2''P$ SAP refers to them as Anati+e
&rotocolsB$
'his feature can be s&otted in the e<istence of both the APB and ASB commands
to allow connections in the -oute Permission 'able$ #f an S command is used,
then nati+e &rotocols cannot be used for that connection$
> 20/2 ,na&sis, #nc /7
P * * * *
,nly allow the necessary connections through the SAProuter$ 'he -oute
Permission 'able entries should be as restricti+e as &ossible$
Please chec) Protection measures outlined in section 2$2$
'his feature uses the *I6/AW6I' communication mode, described in the SAP
Networ) #nterface section$ ;or more detailed information, refer to the
a&&ro&riate lin) in the references section$ D6E
'he APB Permit! o&tion allows users to establish connections with any &rotocol
de&ending on the entries configured for the s&ecified host and system in the
-oute Permission 'able file, as wildcards are only +alid for SAP &rotocols in
newer +ersions!$
#herefore, if the /oute Permission #able is not properly configure, an
attacker woul be able to connect to A*0 internal system an service in
the organiDationEs internal network, such as (ile Servers, Web Intranets,
SS? servers, etc!
#n the following image it is &ossible see a common networ) to&ology using
SAProuter@
#mage 9$ 0ommon networ) to&ology in 0om&any=s .AN
;or illustration &ur&oses, analyze the following -oute Permission 'able@
> 20/2 ,na&sis, #nc /F
P * sapserverA 3389
P * * 22
#n this scenario, the attac)er would be able to access the -emote Des)to&
ser+ice of the system sapserverA, tunneling the connection through a
SAProuter$
#mage 1$ Attac)er connected to SS2 ser+er through SAProuter$
;urthermore, abusing the &resented -oute Permission 'able, the attac)er
would be also ca&able of accessing an internal SS2 ser+er hosted in a different,
non(SAP system in the internal networ)$
Note5 Onapsis /i4ploit9s saprouterNative odule <=>, availa!le in version 1.=,
can help you perfor this type of assessent to evaluate "hether your
&A'router is properly protected.
> 20/2 ,na&sis, #nc /G
'he routing of nati+e &rotocols is mainly used by SAP A? in order to
access non(SAP ser+ices during remote su&&ort ser+ices$ 'herefore,
there should not be many cases where user*&artner connections of this
ty&e are reCuired$
#f this ty&e of connections is not necessary, it is recommended to use ASB
instead of APB for all the entries defining allowed connections$
Additionally, &lease chec) Protection measures outlined in section 2$2$
F! )'*)%,SI'*S
'he SAProuter is a critical com&onent of any SAP &latform$ Since it is usually
connected to untrusted networ)s such as the #nternet or e<ternal &ro+iders, the
&robability of attac)s by malicious &arties is increased$
As &resented in this document, successful attac)s on this com&onent could lead
to a full com&romise of the SAP &latform and others systems in the
organization=s internal networ)$
;ollowing the recommendations outlined, networ) administrators and security
officers can &rotect and secure their SAProuter im&lementations, effecti+ely
increasing the security le+el of the entire &latform$
.astly, it is strongly recommended to &erform &eriodic technical security
assessments of SAProuters, reducing information security ris)s and effecti+ely
&rotecting the business$
;or further information into this sub"ect or to reCuest s&ecialized assistance, feel
free to contact ,na&sis at infoMona&sis$com
> 20/2 ,na&sis, #nc 20
G! /&(&/&*)&S
D/E SAP .ibrary N SAProuter
htt&@**hel&$sa&$com*sa&hel&Inw70*hel&data*en*:f*GG2d19::1d//d/FG700000eF622d00*frames
et$htm
D2E SAProuter O0(0S'(N#!
htt&@**hel&$sa&$com*&rintdocu*core*&rint:1c*en*data*&df*O00S'-,U'*O00S'-,U'$&df
D6E SAP .ibrary N N# Protocol 0ommunication modes
htt&@**hel&$sa&$com*sa&hel&Inw70*hel&data*en*fF*bbG10FGGd7:667FccbF6722/9bb717*content$
htm
D:E SAP .ibrary N SN0 0onnections
htt&@**hel&$sa&$com*sa&hel&Inw70*hel&data*en*:f*GG2d19::1d//d/FG700000eF622d00*content$
htm
D9E ,na&sis Oiz&loit
htt&@**www$ona&sis$com*biz&loit
> 20/2 ,na&sis, #nc 2/
About 'napsis +1
napsis !1
"#
is the industr$%s first comprehensive solution for the
security assessment of ERP systems& currentl$ supporting SAP

'et(ea)er
"#
and */+
,usiness solutions.
Per-orm continuous and automated IT Security & Compliance
Audits& ulnerability Assessments and Penetration Tests o)er
$our SAP plat-orm. .sing napsis !1 $ou can decrease -inancial -raud
ris/s& en-orce compliance re0uirements and reduce audit costs
signi-icantl$.
1eing the -irst2and2onl$ SAP-certified solution o- its /ind& !napsis
"# allo$s you to automatically and continuously detect:
3nsecure A1AP and 4a)a instance
con-igurations
#issing SAP Securit$ 'otes and
patches
5angerous user authori6ations
3nsecure inter-aces ,et7een $our
s$stems
8ollo7ing the product%s detailed mitigation procedures& $ou can
increase the securit$ le)el o- $our plat-orm to sta$ protected against
c$,er2attac/s.
Get more in-ormation at 777.onapsis.com/91.
> 20/2 ,na&sis, #nc 22
,na&sis P/ 3nter&rise 2 is
About 'napsis, Inc!
'napsis provies innovative security software solutions to protect
&/P systems from cyber-attacks$ 'hrough unmatched 3-P security,
com&liance and continuous monitoring &roducts, ,na&sis secures the
business(critical infrastructure of its global customers against
es&ionage, sabotage and financial fraud threats$
'napsis +1, the com&any=s flagshi& &roduct, is the industry=s first
com&rehensi+e solution for the automated security assessment of SAP
&latforms$ Oeing the first and only &A'-certified solution of its )ind,
,na&sis P/ allows customers to &erform automated 8ulnerability
Assessments, Security 4 0om&liance Audits and Penetration 'ests o+er
their entire SAP &latform$
,na&sis is bac)ed by the ,na&sis -esearch .abs, a worl-renowne
team of SAP C &/P security e3perts who are continuously in+ited to
lecture at the leading #' security conferences, such as -SA and
Olac)2at, and featured by mainstream media such as 0NN, -euters,
#D? and New Qor) 'imes$
;or further information about our solutions, &lease contact us at
infoHonapsis!com and +isit our website at www!onapsis!com$
www$ona&sis$com
> 20/2 ,na&sis, #nc$ All -ights -eser+ed$
Sub"ect to 'erms of Use a+ailable at htt&@**www$ona&sis$com*legal*terms(of(use$html
'he ,na&sis and ,na&sis Securing Ousiness 3ssentials names and logos and all other names, logos, and slogans identifying
,na&sis=s &roducts and ser+ices are trademar)s and ser+ice mar)s or registered trademar)s and ser+ice mar)s of ,na&sis, #nc$
All other trademar)s and ser+ice mar)s are the &ro&erty of their res&ecti+e owners$

Saprouter-Sap Security In-Depth Vol 06

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Saprouter-Sap Security In-Depth Vol 06

Uploaded by

Copyright:

Available Formats

2012 Onapsis, Inc. All Rights Reserved.

You might also like