Professional Documents
Culture Documents
CONTENTS
INTRODUCTION
NETWORK SECURITY
ENCRYPTION
10
11
13
CONCLUSION
14
INTRODUCTION
organisations.
release.
(Exabytes)
30,000
20,000
2009 2010
2011 2012
2013 2014
2015
2016 2017
2018
2019
2020
10,000
Figure 1.1
This includes:
1
2
3
Database Security
PREVENTION
DETECTION
Authentication and
Authorization
Database Firewall
Privilege Analysis
Encryption
Configuration Management
Figure 1.2
PCI DSS 2.0 (2010), Requirement 2.2.1: Implement only one primary function
per server to prevent functions that require different security levels from
co-existing on the same server
NETWORK SECURITY
the rest of the network. To this end, the default setting that
port for the localhost is 3xx00. The default port range for
sites.
Inbound
PROTOCOL
SQLDBC
(ODBC/JDBC)
HTTP(S)
Internal / Proprietary
Outbound
TCP Port
CLIENTS
SOURCE
3xx15
3xx17
3xx13
5xx14
1128
1129
Application servers
SAP HANA Studio
End users
Replication systems
SAP HANA XS
External Servers
80xx
43xx
Web browsers
Mobile devices
SAP HANA Direct Extractor
Connection (DXC)
3xx09
SAP Support
SAP HANA
R environments
DESTINATION
AUTHENTICATION AND
AUTHORIZATION
Password Parameters
PARAMETER
DEFAULT RECOMMENDED
VALUE
VALUE
minimal_password_length
password_layout
Aa1
A1a_
force_first_password_change
true
true
last_used_passwords
maximum_invalid_connect_attempts
password_lock_time
1440
1440
minimum_password_lifetime
maximum_password_lifetime
182
90
maximum_unused_initial_password
_lifetime
28
maximum_unused_productive_password
_lifetime
365
30
14
14
password_expire_warning_time
Figure 3.1
case-sensitive or case-insensitive.
upgrade.
ENCRYPTION
communications.
10
enabled.
audit trail.
5.1. Note that the following fields are not applicable in the
bound to port 514 which is within the range UNIX ports that
require root privileges. Therefore, attackers can exploit
programmatic errors in syslog processes and elevate
privileges to a system-wide level.
Transmission in clear-text can lead to the disclosure of
hostnames, systems ID, ports, IP addresses, clients, users, roles
and other sensitive data that can be abused to perform
targeted attacks against SAP systems. UDP packets
containing log data can also be intercepted and modified
during transit, thereby impacting data integrity. This can also
impact authenticity since syslog does not authenticate source
systems to prevent spoofing of hostnames, IP addresses or
other identifiers. These limitations can be overcome by
implementing syslog over TLS allocated at TCP port 6514.
Alternatively, IPSEC or SSH port forwarding/ tunnelling can
Figure 5.1
11
partners.
SUSE Linux Enterprise Server 11 SP3 Security and Hardening, June 2013,
SUSE LLC, SUSE Linux Enterprise Server 11 SP3 Security Guide, July 2013,
SUSE LLC
12
synchronization hierarchy.
13
requirements.
One.
computing.
14
CONCLUSION
CONTACT US
Westbury Corporate Centre,
2275 Upper Middle Road East, Suite 101
Oakville, Ontario, L6H 0C3, Canada
Tel. (Toll Free): 1 888 995 0993
Tel. (Oce): 905 491 6950
Fax.: 905 491 6801
E-mail: info@layersevensecurity.com
www.layersevensecurity.com