Community
Application Development and Automation Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

NetWeaver 2004 WAS Patchlevel 15 secure?

Go to solution
Former Member

‎2006 Nov 30 10:20 AM

0 Likes
455

Hi

i want to publish on the internet an Enterprise Portal (EP 6) on a NetWeaver 2004 Patchlevel 15 application server.

I am searching the SAP site for information if this is secure or that there known bugs. I have looked at the security notes and the release notes of higher service packs but i dont see any security issues.

Still i want to be certain, so i am wondering if someone here knows if this release has known security issues in EP 6 or WAS on patchlevel 15

Regards Alexander

1 ACCEPTED SOLUTION
Read only

Go to solution
koehntopp
Product and Topic Expert
Product and Topic Expert

‎2006 Nov 30 11:11 AM

0 Likes
433

Hi Alexander,

there is no such thing as security per default. Security depends on the mode of operation.

To make a portal secure, there is a security guide that needs to be followed.

Everything else needs extra consideration:

- system architecture - how do you secure connections (firewall, encryption)

- switch off services that are not required for external users (admin etc.)

- apply all security patches

- same for operating system and other applications in the DMZ

- you may want to consider a web application firewall and/or reverse proxies

- how do you manage users?

There are lots more details to this, but this would be a bit too much to discuss here. Before you open up your portal to internet users, you definitely should do a security audit on your plan and its execution.

Let me know if you need any more help.

Kind regards,

Frank.

3 REPLIES 3
Read only

Go to solution
desiree_matas
Product and Topic Expert
Product and Topic Expert

‎2006 Nov 30 10:30 AM

0 Likes
433

Hello Alexander

Please, review SAP note 962904 which may be relevant for you, as it affects your support package level. The best solution to be safe will be to upgrade to SP19.

I hope this helps.

Regards, Désiré

Read only

Go to solution
koehntopp
Product and Topic Expert
Product and Topic Expert

‎2006 Nov 30 11:11 AM

0 Likes
434

Hi Alexander,

there is no such thing as security per default. Security depends on the mode of operation.

To make a portal secure, there is a security guide that needs to be followed.

Everything else needs extra consideration:

- system architecture - how do you secure connections (firewall, encryption)

- switch off services that are not required for external users (admin etc.)

- apply all security patches

- same for operating system and other applications in the DMZ

- you may want to consider a web application firewall and/or reverse proxies

- how do you manage users?

There are lots more details to this, but this would be a bit too much to discuss here. Before you open up your portal to internet users, you definitely should do a security audit on your plan and its execution.

Let me know if you need any more help.

Kind regards,

Frank.

Read only

Go to solution
Former Member
In response to koehntopp

‎2006 Nov 30 2:53 PM

0 Likes
433

Thanks both,

Fank, if you only concentrate on the patches part (we got the other parts covered) where or from who can i get information about what known security issues exist for that sp level ?

Regards Alexander