RE: SAP Security

From: Maslyar, George (george.maslyarat_private)
Date: Thu Jun 14 2001 - 07:16:47 PDT

Next message: Young, Brandon: "Voice over IP"

Previous message: Chris Winter: "Re: Blind IP spoofing portscan tool?"
Maybe in reply to: Johann van Duyn: "SAP Security"
Next in thread: Spencer, Ed M. -ND: "RE: SAP Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

And I found
DCAA Guide for 6 bucks, and SAP themselves:

        1. IntelligentERP 
        Resources Books Columns Features Editor's Notes SAP Column Archive
SAP Feature
        Archive Contact Us Home Configuration Keys for Encryption The
following registry keys control the behavior of ITS (both can be found under
connects ): Type. Type of com 4/7/2001
http://www.intelligenterp.com/feature/archive/heckner.shtml


        2. DCAAI 5025.2; Index of DCAA Numbered Publications; DEC 2000
        Open this portion of the document in Word (99.5 KB) Document Type:
Discretionary - Defense Contract Management Agency (DCMA) Title: DCAAI
5025.2; Index of DCAA Numbered Publications; DEC 2000 DCAAI 5025.2 Index of
DCAA Numbered Publications
DEC 2000 2/23/2001
http://web.deskbook.osd.mil/reflib/DDCAA/0018I/0018Idoc.htm


-----Original Message-----
From: Rainer Duffner [mailto:duffner@fh-konstanz.de]
Sent: Wednesday, June 13, 2001 8:21 PM
To: Johann van Duyn
Cc: pen-testat_private
Subject: Re: SAP Security


On Wed, 13 Jun 2001, Johann van Duyn wrote:

> Hi there...
>
> I'm planning to run a lightweight internal penetration test against some
of
> our servers, and have run into a snag: security information on WinNT,
Unix,
> Oracle, etc. is quite easy to find, but I am struggling to find anything
> good on SAP R/3. Most of the stuff is very vague, or refers to securing
> network transmissions against eavesdropping.
>
> Anyone have any real information on SAP security, especially weaknesses?
> :-)

I found this some time ago, the content seems to move on and off to
different sites. A good opportunity to save it to HD...

http://www.hoelzner.de/security/sap-os.html

The text is German, but mentions a "SAP Security Guide" , which is hopefully
available in other languages.


cheers,
Rainer
-- 
========================================
 Rainer Duffner , Konstanz, Germany
 eMail:  duffner@fh-konstanz.de
       rainer.duffnerat_private
http://www-stud.fh-konstanz.de/duffner/
========================================


"This communication is intended solely for the addressee and is confidential and not for third party unauthorised distribution."

Next message: Young, Brandon: "Voice over IP"
Previous message: Chris Winter: "Re: Blind IP spoofing portscan tool?"
Maybe in reply to: Johann van Duyn: "SAP Security"
Next in thread: Spencer, Ed M. -ND: "RE: SAP Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 14 2001 - 10:52:26 PDT