Following is a list of top 10 security topics that any SAP Security Forensic Consultant must know or atleast have an understanding of the concepts. I know, It’s not easy for anyone to master all the topics but still, a conceptual understanding is required.
1. Fundamentals and objectives of system security
Authentication and Encryption
2. Awareness of Data Protection Acts, Information Security, International/National/State level Compliance Regulations etc.
3. Network basics
Communication, TCP/IP, ports
Routing, firewalls, proxies, SAProuter
4. Security in the SAP system
Authentication and passwords
Auditing as intrusion detection
RFCs, trusted RFCs, RFC destinations
Encryption, SNC
Backdoor Access protection
5. Cryptography basics, PKI, TCS, digital signatures, Tokens
6. SAP NetWeaver Application Server, ICM
Encryption, SSL, SNC
Authentication, certificates, Single Sign-On
7. Some understanding of RSA Security Solution (SAP itself use this) Logon tickets, X.509, SSL
8. Understanding of SAP GRC Access Controls Suite, Majorly Risk Analysis & Remediation and Super User Privilige Management tools.
9. Understanding of Database Security, SAP Portal, HR, BW, eCATT Security
10. Knoweledge of concepts like Keyloggers, Spoofing, SAP GUI Scripting, Macros, Application Decompilation, E-mail Security, Archieving, at least should be aware of Stealth Programs.
Hi ,
Good man could you please update the sap security(Grc & IDM) DOCS.
Regards,
jaireddy
Very clear and logic listing. Thanks for share
@secude: Thanks for your comments, I am glad that you liked the list.