https://community.sap.com/t5/application-development-and-automation-discussions/netweaver-2004-was-patchlevel-15-secure/m-p/1787453#M339035 <HTML><HEAD></HEAD><BODY><P>Hello Alexander</P><P></P><P>Please, review SAP note 962904 which may be relevant for you, as it affects your support package level. The best solution to be safe will be to upgrade to SP19.</P><P>I hope this helps.</P><P>Regards, Désiré</P><P></P></BODY></HTML> Thu, 30 Nov 2006 10:30:31 GMT desiree_matas 2006-11-30T10:30:31Z https://community.sap.com/t5/application-development-and-automation-discussions/netweaver-2004-was-patchlevel-15-secure/m-p/1787452#M339034 <HTML><HEAD></HEAD><BODY><P>Hi</P><P></P><P>i want to publish on the internet an Enterprise Portal (EP 6) on a NetWeaver 2004 Patchlevel 15 application server.</P><P>I am searching the SAP site for information if this is secure or that there known bugs. I have looked at the security notes and the release notes of higher service packs but i dont see any security issues.</P><P>Still i want to be certain, so i am wondering if someone here knows if this release has known security issues in EP 6 or WAS on patchlevel 15</P><P></P><P>Regards Alexander</P></BODY></HTML> Thu, 30 Nov 2006 10:20:58 GMT https://community.sap.com/t5/application-development-and-automation-discussions/netweaver-2004-was-patchlevel-15-secure/m-p/1787452#M339034 Former Member 2006-11-30T10:20:58Z https://community.sap.com/t5/application-development-and-automation-discussions/netweaver-2004-was-patchlevel-15-secure/m-p/1787453#M339035 <HTML><HEAD></HEAD><BODY><P>Hello Alexander</P><P></P><P>Please, review SAP note 962904 which may be relevant for you, as it affects your support package level. The best solution to be safe will be to upgrade to SP19.</P><P>I hope this helps.</P><P>Regards, Désiré</P><P></P></BODY></HTML> Thu, 30 Nov 2006 10:30:31 GMT https://community.sap.com/t5/application-development-and-automation-discussions/netweaver-2004-was-patchlevel-15-secure/m-p/1787453#M339035 desiree_matas 2006-11-30T10:30:31Z https://community.sap.com/t5/application-development-and-automation-discussions/netweaver-2004-was-patchlevel-15-secure/m-p/1787454#M339036 <HTML><HEAD></HEAD><BODY><P>Hi Alexander,</P><P></P><P>there is no such thing as security per default. Security depends on the mode of operation.</P><P></P><P>To make a portal secure, there is a security guide that needs to be followed. </P><P></P><P>Everything else needs extra consideration:</P><P></P><P>- system architecture - how do you secure connections (firewall, encryption)</P><P>- switch off services that are not required for external users (admin etc.)</P><P>- apply all security patches</P><P>- same for operating system and other applications in the DMZ</P><P>- you may want to consider a web application firewall and/or reverse proxies</P><P>- how do you manage users?</P><P></P><P>There are lots more details to this, but this would be a bit too much to discuss here. Before you open up your portal to internet users, you definitely should do a security audit on your plan and its execution. </P><P></P><P>Let me know if you need any more help.</P><P></P><P>Kind regards,</P><P>Frank.</P></BODY></HTML> Thu, 30 Nov 2006 11:11:05 GMT https://community.sap.com/t5/application-development-and-automation-discussions/netweaver-2004-was-patchlevel-15-secure/m-p/1787454#M339036 koehntopp 2006-11-30T11:11:05Z https://community.sap.com/t5/application-development-and-automation-discussions/netweaver-2004-was-patchlevel-15-secure/m-p/1787455#M339037 <HTML><HEAD></HEAD><BODY><P>Thanks both,</P><P></P><P>Fank, if you only concentrate on the patches part (we got the other parts covered) where or from who can i get information about what known security issues exist for that sp level ?</P><P></P><P>Regards Alexander</P></BODY></HTML> Thu, 30 Nov 2006 14:53:42 GMT https://community.sap.com/t5/application-development-and-automation-discussions/netweaver-2004-was-patchlevel-15-secure/m-p/1787455#M339037 Former Member 2006-11-30T14:53:42Z