Security in XI enviroment

My company is going through the implementation phase and i am responsible for providing security. Can someone provide me with some documentations regarding that.

Anwar,
Check this <a href="http://help.sap.com/saphelp_nw04/helpdata/en/f7/c2953fc405330ee10000000a114084/frameset.htm">XI Security Guide</a>.
Regards,
Rajani Kumar

Similar Messages

  • Licensing for a security research enviroment

    Hi all,
    So I have started to take up the topic information security research professionally, (by professionally I mean a system that is professional in design it won’t be used for work/profit etc.).
    So basically I want to set up bunch of VM’s with different Windows operating systems and patch levels, (and maybe some other software like word/outlook etc. in the future)
    So to my question is the licensing part, where or how can I get licenses to for environment like this, please keep in mind that this is a non-profit project so money is an issue.
    I did think of using trials, or IEtest vm’s but they require a bit of work in the long run, and I am not sure its legal.
    Thanks in advance

    Hello,
    The TechNet Wiki Forum is a place for the TechNet Wiki Community to engage, question, organize, debate, help, influence and foster the TechNet Wiki content, platform and Community.
    Please note that this forum exists to discuss TechNet Wiki as a technology/application. If you have a question about another technology (such as Windows), you can ask in another forum. If you're unsure which forum, a
    Bing search often works the fastest or ask here:
    http://social.microsoft.com/Forums/en-US/whatforum/threads
    Karl
    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
    My Blog: Unlock PowerShell
    My Book: Windows PowerShell 2.0 Bible
    My E-mail: -join ('6F6C646B61726C40686F746D61696C2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

  • Gung Ho security team vs Debug with replace in development

    Hi fellow developers. I'm trying to talk our security team off the ledge and I want to conduct an informal poll regarding the responsible use of debug with replace in a DEVELOPMENT environment.  For the newer developers.. replace is much more powerful in debugging because you can change the values of variables and some system fields like sy-subrc which makes it very powerful.
    Our development environment is setup as follows:
    Client 300, ABAP Development \config.  We promote to QA, and Prod from here but can't unit test because no data allowed.  Debug with NO replace allowed here.
    Client 320 Unit testing, debug with replace is allowed.
    both of these clients are on the same instance, same sid so they share client independent information.
    Our security team claims that it's a security risk to allow debug with replace in our Client 300 because someone could change a security profile or something like that.  Here's my question...
    Are you authorized to debug with replace in your development environment and if not, what's the reason you were given?  I'm looking for arguments one way or the other to use as precedent for a meeting.
    Your prompt response is appreciated.
    Dan

    Hi
    I think the option can be dangerous in QA or PROD system because you can skip some control and change the data normally can't be changed.
    A classicl example is trx SE16: by debug you can change directly the data of the most of tables.
    But I don't believe can be a risk in development system, in this enviroment the developer should have no limit, otherwise to work and test can belong very hard.
    Max

  • Why does apple refuse to support flash media? Is it a security issue or politics?

    Constantly I come accross websites that require a flash player and now that we are in an ios7 enviroment you'd think this issue would be resolved. I mean why does my OSX in my mac have no problems but my iphone/ipad forget it. Will Apple ever resolve this issue?

    hot_spur wrote:
    Phil, while there is some truth in what you say, it is a bit misleading.
    "Besides the fact that Flash is closed and proprietary, has major technical drawbacks, and doesn’t support touch based devices, there is an even more important reason we do not allow Flash on iPhones, iPods and iPads. We have discussed the downsides of using Flash to play video and interactive content from websites, but Adobe also wants developers to adopt Flash to create apps that run on our mobile devices." Emphasis mine.
    I guess I should have said "allow" not "support." My bad.
    Read the whole thing:
    http://www.apple.com/hotnews/thoughts-on-flash/
    And why is that bad?
    Yes Apple has said why Flash is not on their devices.  Its up to Adobe to create a version that meets Apple requiremements.  But since they've ceased all development for mobile Flash that is not going to happen.
    Its not that they did not want to allow it ever, its just that it never met their specifications to be on their devices.
    When you go to someone's house you adhere to their rules, you don't go stomping around in your muddy shoes on their couch do you?
    That's what Adobe was trying to do, stomp on their profits by injecting Flash Based Apps that apple cannot control which would be a serious security risk as well as a financial detriment to all the developers that produce high quality Apps for the App store.
    Again, Apple only wants to keep their devices secure, and profitable. Shock that a company is out to make profits

  • Help : java.security.UnrecoverableKeyException: excess private key

    Hi,
    I require help for the exception "java.security.UnrecoverableKeyException: excess private key"
    When i am trying to generate digital signature using PKCS7 format using bouncyCastle API, it gives the "java.security.UnrecoverableKeyException: excess private key" exception.
    The full stack trace is as follows
    ------------------------------------------------------------------------java.security.UnrecoverableKeyException: excess private key
         at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
         at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
         at java.security.KeyStore.getKey(KeyStore.java:289)
         at com.security.Security.generatePKCS7Signature(Security.java:122)
         at com.ibm._jsp._SendSecureDetail._jspService(_SendSecureDetail.java:2282)
         at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:93)
    I had tested the program under following scenarios...
    The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) I have tested this independently on Sun's JDK 1.4, 1.6
    For IBM JDK 1.4 on Windows machine for WAS(Webshere Application Server) 6.0, The Program for generating the digital signature using PKCS7 works fine, but it required IBM Policy files(local_policy.jar, US_export_policy.jar) and updation in java.security file
    But the problem occurs in Solaris 5.10, WAS 6.0 where Sun JDK 1.4.2_6 is used.
    I copied the unlimited strength policy files for JDK 1.4.2 from Sun's site(because the WAS 6.0 is running on Sun's JDK intead of IBM JDK)...
    I changed the java.security file as follows(only changed content)
    security.provider.1=sun.security.provider.Sun
    security.provider.2=com.ibm.security.jgss.IBMJGSSProvider
    security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS
    security.provider.4=com.ibm.crypto.provider.IBMJCE
    security.provider.5=com.ibm.jsse2.IBMJSSEProvider2
    security.provider.6=com.ibm.jsse.IBMJSSEProvider
    security.provider.7=com.ibm.security.cert.IBMCertPath
    security.provider.8=com.ibm.security.cmskeystore.CMSProvider
    I have used PKCS12(PFX) file for digital signature
    which is same for all environment(i have described as above)
    I copied the PFX file from windows to solaris using WinSCP in binary format so the content of certificate won't get currupted.
    I can not change the certificate because it's given by the company and which is working in other enviroments absolutely fine(just i have described above)
    I have gone though the "http://forums.sun.com/thread.jspa?threadID=408066" and other URLs too. but none of them helped...
    So what could be the problem for such exception?????
    I am on this issue since last one month...
    I know very little about security.
    Thanks in advance
    PLEASE HELP ME(URGENT)
    Edited by: user10935179 on Sep 27, 2010 2:47 AM
    Edited by: user10935179 on Sep 27, 2010 2:54 AM

    user10935179 wrote:
    The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) If the program was working fine without changing the java.security policy file, why have you changed it to put the IBM Providers ahead of the SunRsaSign provider?
    While I cannot be sure (because I don't have an IBM provider to test this), the error is more than likely related to the fact that the IBM Provider implementations for handling RSA keys internally are different from the SunRsaSign provider. Since you've now forced the IBM provider ahead of the original Sun provider, you're probably running into interpretation issues of the encoded objects inside the keystore.
    Change your java.security policy back to the default order, and put your IBM Providers at the end of the original list and run your application to see what happens.
    Arshad Noor
    StrongAuth, Inc.

  • Problem with security role

    Hello,
    I have Enterpise Portal 7.0 SP13 instance (only Java stack installed). My enviroment is AIX 5.3 and Oracle 10.
    This instance has a lot of security alerts in the default trace log, like this:
    #1.5^H#C2B30000C03D006400000039000A9084000443246AFD6467#1199723599717#com.sap.engine.services.security.roles.SecurityRoleImpl##com.sap.engine.services.security.roles.SecurityRoleImpl#j2ee_admin#1208####41667d10bd3e11dccc51c2b30000c03d#SAPEngine_Application_Thread[impl:3]_5##0#0#Error#1#/System/Security/Audit/J2EE#Java###:Authorization check for caller assignment to J2EE security role [ : ].#3#ACCESS.ERROR#SAP-J2EE-Engine#guests#
    Anyone knows what is it?
    Regards
    Rodrigo

    I found the bug : in LDAP I've got a user also called OIDGroup1 (the same as group's name).

  • Flash Player security Pop up when using camera and microphone.

    Hello Friends
    Can any body suggest me how to remove flash player security pop up for camera and microphone through coding.
    Thanks in advance.

    The security pop-up was first introduced with FP7. If you want to bypass it I can name two ways off the top of my head:
    1. Regardless of ActionScript version (2.0/3.0) in the Flash authoring enviroment, in the Publish Settings dialogue box, the Flash tab, near the bottom choose Access Network Only from Local Playback Security.
    2. Publish your movie as a projector. Both of these techniques will allow to "play" your swf file locally.

  • AD Security Group name change not showing in Sharepoint 2010

    Hi!
    We have a Sharepoint 2010 Standard enviroment and are heading for a role-based identity-managment in our company. That's why we find it better to use AD Groups instead of Sharepoint Groups.
    So we have over 1000 AD Security Groups groups that have been added to our Sharepoint Sites and our goal is to control every permission in Sharepoint from AD.
    I have done all this with the combination of Excel and Powershell and it have worked great.
    The problem i see in the long run is the name change of AD Security Groups. Sharepoint 2010 isn't showing the new name of the group.
    Does anyone know of any workaround that can solve this problem. It's a bit of a disappointment that Microsoft haven't fixed this. The only information i think they should store in Sharepoint is the SID of the groups.
    I was thinking of designing a powershell script that runs every night and updates the display name of the groups that do not match the AD display name.
    Is there any other way?

    As far as I know, and I'm not sure where to go from here without testing on my own...and I'm not sure when I'll be able to do that.  Perhaps a configuration issue.
    Have you tried removing the incorrectly named group and adding in the correctly named one?
    Read through this related post: 
    http://social.msdn.microsoft.com/Forums/en-US/sharepoint2010general/thread/49dc833f-4127-45ac-bd21-98b04d3632ef
    Looks like that can help you.  Let us know how things go.
    Colorless Green Ideas Sleep Furiously http://www.sharepointnerd.com

  • Direct security migration from 9.3.3 to 11.1.2.3

    Gurus,
    My environment has HFR reports, FDM and HFM applications.
    Source: 9.3.3
    Target: 11.1.2.3
    Is there a way to migrate security directly from the source to target??
    Let me know if there are any ways possible

    Hi
    We have done the same exact migration between these versions. For HFM we used HFM Copy app utility and hssmigrate.bat , we did direction migration of HFR and for FDM applications we migrated directly the RDMBs and connected to it.
    We faced below issues
    1. All Intercompany transacations were not visible (Date format between the two enviroments differed , in 11.1.2.3 more stringent format was expected but in 933 format did not matter)
    2. Post all/unpost all options were not posting all the entries together (There was a patch for this 11.1.2.3.500)
    3. SOAP error when opening HFM application (We were not able to fix this but workaround was found)
    4 FDM locations had some minor issue , I don't remember exactly.
    Thanks
    Anjum

  • Critical Q:Moving whole portal from UAT enviroment to PRODUCTION enviroment

    Greeting all,
    after few months of upgrade implementation from DEV > TRN > UAT
    now, we are planning to move everything to PROduction enviroment.
    But i have a serious concern. This is not a fresh implementation but an upgrade project (which mean there are lots of production data, settings in production environment)
    What i did so far,all the clean up, configuration of Content references, permission list, role tied with employee in UAT enviroment (it took me weeks).
    And i am very sure that, there are
    - few NEW roles should be tie to certain user moving forward,
    - content references are created and deleted.
    - certain permission list are dropped an created and tie to roles
    - user will hold some new roles
    So far, the changes above are done in UAT enviroment, question is, how can i move ALL mentioned above to Production enviroment?
    I couldn't spend another weeks to do this dirty job manually.
    but if i am using app designer to dump ALL content references, menus, permission list, roles, will it create any issue? coz it's production enviroment (not a fresh implementation), overwrite of the production data is secure enough? coz i cant afford to lost the production data
    anyone here did this procedure before? or any helpful resource available?
    Thanks for clarify me

    yea, thanks for the reply
    But one thing bugging me is, to move the user roles
    i would like to simulate the senario
    UAT env:
    number of emp : 1000
    emplid : "123" is holding role "roleA", "roleB", "roleC"
    But in PROduction env:
    number of emp : 1200 (200 new emp)
    emplid : "123" is holding role "roleA", "roleB", "roleX"
    how am i going to move this from UAT > PRO?
    almost 2 weeks spent in cleaning up user's permission list, role in UAT env.
    So my question is, how can i move the senario above from UAT > PRO?
    another senario
    i have remove, create, move many content references in UAT, lots of remodeling of content references, and permission lists are create, drop
    how can i handle that?
    Thanks
    P.S. For moving pages, component, fields i am ok with it

  • WRT600N Security Log

    Is anyone else having this prob?
    When I view my logs , my security log keeps saying incorect username-password=admin and gives my laptop pc address.
    Starnge even though i can lod in with no probs with my password. I am hoping this is just a bug that will be fixed in the next patch.

    It's a domain enviroment. Printers are all through a Print Server.
    Below is the log of 1 such event.
    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          2014-04-04 03:04:24 PM
    Event ID:      4634
    Task Category: Logoff
    Level:         Information
    Keywords:      Audit Success
    User:          N/A
    Computer:      (computer name.domain)
    Description:
    An account was logged off.
    Subject:
    Security ID:
    S-1-5-21-213254720-224688177-246369
    Account Name:
    (username)
    Account Domain:
    (domain)
    Logon ID:
    0x197EC67
    Logon Type: 3
    This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
        <EventID>4634</EventID>
        <Version>0</Version>
        <Level>0</Level>
        <Task>12545</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8020000000000000</Keywords>
        <TimeCreated SystemTime="2014-04-04T13:04:24.783747600Z" />
        <EventRecordID>108300</EventRecordID>
        <Correlation />
        <Execution ProcessID="724" ThreadID="756" />
        <Channel>Security</Channel>
        <Computer>(computer name.domain)</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="TargetUserSid">S-1-5-21-213254720-224688177-246369</Data>
        <Data Name="TargetUserName">(username)</Data>
        <Data Name="TargetDomainName">(domain)</Data>
        <Data Name="TargetLogonId">0x197ec67</Data>
        <Data Name="LogonType">3</Data>
      </EventData>
    </Event>

  • Internet Explorer 11 'You are about to leave a secure connection'

    Hi there,
    I work in an IT Dept and we are testing Internet Explorer 11 for our latest build. It seems that when we switch the 'Warn if changing betwen secure and nonsecure mode' off, then webpages are stuggling to load.
    When the setting is turned on then a message is displayed tell me 'You are about to leave a secure connection. It will be possible for others to view information you send. Do you want to continue?'
    It then gives me an option to 'Do not display this again' which basically just turned the aforementioned setting to off - then webpages stop loading again. The webpage is just blank white space, no error, nothing.
    Is this a bug with Internet Explorer 11?

    Hi,
    I made a test in our testing enviroment, found that if I enable "Enable Enhanced Protected Mode" in IE Advanced settings. This problem is gone.
    Please make a test in your enviroment. Hope this is helpful.
    Roger Lu
    TechNet Community Support

  • Test Stand Report Security

    I am looking for ways to incorporate some level of security for Test Reports produced by Test Stand, such as making the text files read-only for example.  From what I can determine there is no in-built security options for Test Reports.  How would Test Stand then be used in a Part 11 compliant enviroment?

    In order to change the ReadOnly attribute from TestStand, the file must be completed (closed). 
    We do some similar post processing of the Report File (HTML) by renaming it to prepend the number of errors in the file, but this does require that the Report File be completed and closed.  In order to accomplish this we use a "Main Test" sequence that lists all of the test subsequences to be run.  The Main Subsequence call step uses the "Run Sequence in a new execution" (created as a custom step).  Each test therefore generates it's own HTML report file.  Post Processing for that sequence from the "Main Test" then calls a step that renames the file.  You could do the same thing only to change the Attributes to Read Only. 

  • Securing with NAT - Best Practice ?

    Hi,
    It is forbidden to do NAT Exempt from Internal to DMZ ?
    I hear there is a compliance in banking that 2 server who needs to communicate but its forbidden to know each other ip address ?
    How about NAT as second layer or firewall ?
    What is best practice to secure enterprise network from NAT point of view ?
    Thx

    Hello Ibrahim,
    No, not at all, that is not a restriction at all. You can do it if needed.
    Now looks like in your enviroment is a requirement that this 2 servers communicate with each other but they will not know each other IP address.
    Then NAT is your friend as will satisfy the requirement you are looking for.
    Well I do not consider NAT to be a security measure as for me it does not perform any inspection, any rule set any policy ,etc but I can ensure you there are a lot of people that think about it as a security measure.
    I see it as an IP service that allows us to preserve the IP address space.
    For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com
    Any question contact me at [email protected]
    Cheers,
    Julio Carvajal Segura

  • Security log 4634 shows another user logging off

    Security log shows users logoff that weren't even using the machine. There are no 4642 logon logs, just the 4643 logoff logs.
    These user aren't even accessing another machine via the network. All machines also have no malware or virus on them.
    Logon Type: 3
    This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
    What could be causing this?

    It's a domain enviroment. Printers are all through a Print Server.
    Below is the log of 1 such event.
    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          2014-04-04 03:04:24 PM
    Event ID:      4634
    Task Category: Logoff
    Level:         Information
    Keywords:      Audit Success
    User:          N/A
    Computer:      (computer name.domain)
    Description:
    An account was logged off.
    Subject:
    Security ID:
    S-1-5-21-213254720-224688177-246369
    Account Name:
    (username)
    Account Domain:
    (domain)
    Logon ID:
    0x197EC67
    Logon Type: 3
    This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
        <EventID>4634</EventID>
        <Version>0</Version>
        <Level>0</Level>
        <Task>12545</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8020000000000000</Keywords>
        <TimeCreated SystemTime="2014-04-04T13:04:24.783747600Z" />
        <EventRecordID>108300</EventRecordID>
        <Correlation />
        <Execution ProcessID="724" ThreadID="756" />
        <Channel>Security</Channel>
        <Computer>(computer name.domain)</Computer>
        <Security />
      </System>
      <EventData>
        <Data Name="TargetUserSid">S-1-5-21-213254720-224688177-246369</Data>
        <Data Name="TargetUserName">(username)</Data>
        <Data Name="TargetDomainName">(domain)</Data>
        <Data Name="TargetLogonId">0x197ec67</Data>
        <Data Name="LogonType">3</Data>
      </EventData>
    </Event>

Maybe you are looking for

  • Possible to do quintuplets in garage band?

    Hi there, i'm trying use garage band to create audio of a piece of music i have, but i'm having a little trouble. You see, in one bar, I need to use a crotchet, then and eight note quintuplet (five semi quavers) followed by a quarter note triplet, an

  • An error occurred while trying to access the audit log

    Hi I have run Set-Mailbox ian.shapton -AuditOwner Update, Move, MoveToDeletedItems, SoftDelete, HardDelete I then created and deleted an email and ran Search-MailboxAuditLog -Identity "ian shapton" -LogonTypes Owner -StartDate "12/21/2014 12:00" -End

  • $1 Charged for Free Trail

    Dear Azure users, I'm trying to register for Azure Free Trail. I was asked for credit card info and it mentioned as its for identification purpose only. But, still I was charged by 1 USD. Its something weird service from Microsoft. They should have m

  • Simplify ?

    Is there some way that iTunes will scan through My Music folder (i.e. source folder) every time I open iTunes to see if there is some new music file that I have added and then automatically add it to iTunes? At the moment, if I get a few music files,

  • Exporting an album to desktop and screen saver

    I have a MacBook Pro running on 10.10.2 and iPhoto 9.6.1.  I would like to use my own albums for desktop and screen saver.  Was not able to find instructions listing the steps to follow to move albums.  Can you help?