Security product standard guidelines

Similar Messages

• Mexico Digital invoice - SSF without an External security product

  Hi All,
  We are in the process of implementing Digital Invoice for Mexico. I have few queries regarding this.
  1. Can the digital signature be achieved with out any external security product ?
  2. If it is possible, then will it comply with the legal requirements for Mexico.
  I came across a SAP document wherein it was mentioned that "If you are using the user signature as the signature method, you require an external security product that is connected to your SAP system through SSF." Does  it mean that SAP standard SAPSECULIB supports only system signature  and not user signature ?
  Any pointers regarding the digital Signature implementation steps will be appreciated.

  Hi Sri,
  Would you pls check the installation of the security toolkit on your application server?
  Which security product do you use?
  The standard security product is SAPSECULIB (library sapsecu.dll).
  Please check the SSF initialization messages which are contained in each dev_w## developer trace (transaction ST11). When successful, the initializaion messages look like this:
  N  =================================================
  N  === SSF INITIALIZATION:
  N  ===...SSF Security Toolkit name SAPSECULIB .
  N  ===...SSF trace level is 0 .
  N  ===...SSF library is /usr/sap/<SID>/SYS/exe/run/sapsecu.dll .
  N  ===...SSF hash algorithm is SHA1 .
  N  ===...SSF symmetric encryption algorithm is DES-CBC .
  N  ===...sucessfully completed.
  N  =================================================
  General information for SAPSECULIB can be found in SAP note 354819.
  Best regards,
  Christoph
  P.S.: Please reward points for useful information.

• Digital Signature- SSF error: Unable to find external security product

  Dear Friends,
  After I enter my User ID and Password, this displays this error !!!
  SSF error: Unable to find external security product
  Would really appreciate your help.
  Thanks,
  Sri

  Hi Sri,
  Would you pls check the installation of the security toolkit on your application server?
  Which security product do you use?
  The standard security product is SAPSECULIB (library sapsecu.dll).
  Please check the SSF initialization messages which are contained in each dev_w## developer trace (transaction ST11). When successful, the initializaion messages look like this:
  N  =================================================
  N  === SSF INITIALIZATION:
  N  ===...SSF Security Toolkit name SAPSECULIB .
  N  ===...SSF trace level is 0 .
  N  ===...SSF library is /usr/sap/<SID>/SYS/exe/run/sapsecu.dll .
  N  ===...SSF hash algorithm is SHA1 .
  N  ===...SSF symmetric encryption algorithm is DES-CBC .
  N  ===...sucessfully completed.
  N  =================================================
  General information for SAPSECULIB can be found in SAP note 354819.
  Best regards,
  Christoph
  P.S.: Please reward points for useful information.

• Are some standard guidelines/steps to follow before approving Transports?

  Hi,
  can you help to with steps and procedures that needs to be followed before approving objects to be transported to Productions?
  Are some standard guidelines i.e steps to follow before approving Transports?
  Or, just the fact that a solution to a problem has been established in the Development and tested in the Test environment, it is ready to be moved to Production?
  Thanks

  <i>on your point 4:
  “. …. be sure that other requests/tasks are not locking these objects….”
  I believe if other requests are locking the objects then you probably can’t even add those objects to your transport, isn’t it?</i>
  Yes .you are correct.
  <i>also you noted that
  :… . Whenever you put objects in your task, lock them…”
  Isn’t this done automatically by the system? If so then provide how to do that (with tcodes please)</i>
  Yes added objects are locked automatically.
  To lock them manulally(if necessary), right click on TR-->Lock Objects.
  Here is an example whre you have to unlock and lock objects amnuallay..
  Leats assume your Objects are already collected in one TR1.
  Now you have acreated a new TR2 and want to transport only few objects from TR1.
  Then go to Transaction SE03>unlock Objects>Provide TR1--> execute(ignore the warning message).
  Then Collect the required objects in TR2 and release it.
  Now you have to lock the Objects on TR1. from context menu of TR1-->lock the Objects...
  makesure inbetween nobody changes the unlocked Objects otherwise it will cause in consistencies..
  you can also unlock required Objects manually but it's time consuming process...
  Message was edited by:
          Murali

• How to determine which of the Oracle security products have been installed

  Hello!
  I would like to determine whether or not the Oracle security products have been installed for an Oracle database.
  The Oracle security products are:
  * Oracle Database Vault
  * Oracle Audit Vault
  * Oracle Configuration Management
  * Oracle Total Recall
  * Oracle Advanced Security
  * Oracle Data Masking
  * Oracle Label Security
  * Oracle Secure Backup
  * Oracle Database Firewall
  So what I thought is to look at the "DBA_REGISTRY" table which displays information about the components loaded into the database.
  But on the other hand there also is the "V$OPTION" view which lists database options and features.
  Does anybody know, how I could correctly determine whether or not each of the product is installed?
  I guess for "Oracle Database Vault" I should query V$OPTION, but what should I do with the other ones? And in case DBA_REGISTRY would be the right table, how would the comp_ids look like for the products?
  SELECT 'Oracle Database Vault' , nvl( (SELECT VALUE FROM V$OPTION WHERE PARAMETER = 'Oracle Database Vault'),'FALSE') FROM sys.dual
  OR
  SELECT 'Oracle Database Vault' , nvl2( (SELECT 'valueFound' FROM DBA_REGISTRY WHERE comp_id = '??????' AND status NOT IN ('INVALID', 'REMOVING' , 'REMOVED')),'TRUE','FALSE') FROM sys.dual
  Thanks in advance
  Kai

  Hi kai;
  There are some script avaliable on net, first please check them and run it on test server first!
  http://www.google.com.tr/#hl=tr&biw=1259&bih=793&q=installed%2Bproducts%2Boracle&aq=f&aqi=&aql=&oq=&gs_rfai=&fp=71a534c4a5161590
  Secondly you can check oraInventory and also oratab file or you can run runInstaller and can check Installed product tab on installation screen
  Regard
  Helios

• Minimum Number of registered custom id:s/numbers to be registered for purchasing all F-secure products from network

  How many custom-id:s / custom-numbers etc. customer has to register(minimum)in order to purchase All f-secure products on ALL possible platforms?

  The list of consumer fs-profucts i'm interested in can be found here(all of them,all possible platforms),i quess
  https://www.f-secure.com/fi_FI/web/home_fi/downloads
  from my point of view,the "desired state" would be the possibility to administer these products(licences etc) with single user-id and one customer number (sso-login etc..)
  In the meantime,it's Okey,if you'll try to keep these in minimum..

• ABAP Standard & Guidelines  OO vs Procedural

  Hi all -
  In Blueprint phase of new SAP implementation and am creating ABAP Standard & Guidelines document.  I am split on whether to enforce use of object-oriented versus procedural programming (as per Blumenthal & Keller).  Seems to me that even on ECC 7.0, I am pressed to find reports using OO approach.  If I choose to enforce OO approach, there seems to be a general lack of real world examples that I can create templates from which to accelerate development.  There are plenty of "old style" reports to use as the basis of custom development however.  Development (as usual) will be on a very tight timeline and therefore I believe OO technics may be slower due to learning curve, etc.
  Any advice would be appreciated.
  Thanks,
  Pat

  Pat, I have to agree about the 15 pages vs 50 pages.  You would get a better response if the guidelines weren't so many and rigid.  I do agree, of course, that there should be some.  The reason why I say this is, because I am the only developer at my company, which means, I pretty much do what I want when it comes to design and how the programs are written.  That said, I have developed my own guidelines(not written, just in my head) as to how to write certain programs.  But if we had more developers, I would want them to adhere to certain guidelines(not all of mine, but some) so that our programs are consistant in design and more maintainable.
  Really, since I've said all of the previous, I really have no right giving you advice about guidelines and standards as I do not follow any but my own. 
  It also depends on the type of developers that you have in your shop.  If you have a bunch of old guys(no offense anyone) that are set in there ways, you may have some resistance,  if you got some new guys, that are just starting out in ABAP, they will be much easier to mold with standards and guidelines.
  Regards,
  Rich Heilman

• Production Planning Guideline

  Experts,
  In standar SAP / SCM do we have some thing similar like " Production Planning Guidelines"? For Example this guidelines page is something where user wants to enter informations like... 1. New Product Production Start Date 2. Changes to the existing model (for eg. change 150cc engine with 180cc engine for a Motor cycle) 3. Dead lines for the sales department to submit thier requirements.
  Please guide me do we have some type of transactions or reports in SAP PP / SCM?
  Thanks in advance.
  Warm Regards,
  Krishnan

  try this
  http://help.sap.com/saphelp_46c/helpdata/en/51/9550a4a1fa11d189ba0000e829fbbd/frameset.htm

• User signature with security product configuration - Reg.

  Dear Experts,
  We got a requirement in Digital signature. Requirement is whenever result recording, UD for inspection lot, system should access external security product for user signature.
  I would like to know the configurations steps required for the above said from QM point of view.
  Expecting your valuable reply. Thanks in advance.
  Regards,
  Kumar

  You should read the configuration notes in SPRO.  It explains a lot about setting this up.
  In SPRO:
  Cross-Application Components>General Application Functions>Digital Signatures
        Define Basis Settings
        Specify Signature Method for Approval Using Simple Signature
        Signature Strategy
          Define Authorization Groups
          Define Individual Signatures
          Define Signature Strategies
  Read the notes on each item.  Setting up an exteranl verification system is talk about in the section  "Specify Signature Method for Approval Using Simple Signature".
  Good luck!
  FF

• Looking for a security product

  Hi,
  I'm looking for a SINGLE security product in order to do:
  - Network Admission Control
  - Limit the bandwidth for some users or some groups of users
  - Block peer-to-peer traffic
  Can someone suggest?
  Thank you.
  Best regards.
  Massimiliano.

  Massimiliano,
  ISR routers can do the job for you. Here is the link for NAC support on ISR:
  http://www.cisco.com/en/US/docs/security/nac/appliance/support_guide/license.html#wp54131
  Zone-Based FW has the capacity to filter peer-to-peer traffic on the ISR.
  QoS functionality should provide you the ability for bw limit.
  Thanks,
  Mynul

• Will my F-Secure security product keep working when I upgrade to Windows 10?

  QuestionWill my F-Secure security product keep working when I upgrade to Windows 10?
  AnswerYes. All supported versions (12.1 or newer) of F-Secure security products are automatically migrated when you upgrade from Windows 7, Windows 8 or Windows 8.1. However, there are two conditions that may result in Windows 10 to remove your F-Secure application:
  If you are upgrading from Windows Vista or earlier to Windows 10, all applications are removed. You will then need to reinstall your F-Secure security product manually after the upgrade.
  If you are upgrading from Windows 7, 8, or 8.1, F-Secure security product might get removed depending if you do not have the supported version of F-Secure installed. You will then need to reinstall your F-Secure security product manually after the upgrade.
  Note: Make sure that you download the latest version of our product when reinstalling the product on Windows 10.

  You will likely find that drivers are not readily available for Windows 10 on HP site. When Windows 8 was released it was a slow process rolling out drivers and many early adopters were not happy. I agree with  -wait for a few months at least. Check your models support page for release of Win 10 drivers also before deciding.

• XI/PI Development Standards & Guidelines

  Hi All
  Any body have documents for XI/PI Development Standards & Guidelines.
  Regards
  Venkat

  Hi,
  first look in to naming convention document
  http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/40a66d0e-fe5e-2c10-8a85-e418b59ab36a
  Design standards refer below doc
  http://www.sdn.sap.com/irj/scn/index?rid=/library/uuid/e0715b1d-68a6-2b10-9f8f-86c5b059cb18
  Regards,
  Raj

• What do I do if my F-Secure security product is partially removed when upgrading to Windows 10?

  QuestionWhat do I do if my F-Secure security product does not work after upgrading to Windows 10?
  AnswerOnce you have completed your Windows 10 upgrade, you may experience the following with your F-Secure security product:
  Your F-Secure security product does not start up.
  On your computer, you can't find the F-Secure security product icon in the system tray at the bottom of the screen.
  Your F-Secure security product does not show up in the list of installed apps and features in Settings > Systems > Apps & features.
  If this happens, it means that the Windows 10 upgrade has unfortunately removed some of the F-Secure security software components, and the product fails to start up as it should.
  To get your F-Secure security product working normally again, the F-Secure security product needs to be removed from your computer, and the product reinstalled. To do this:
  Download and run the Uninstallation Tool for Windows. You can download the tool here. The instructions for the Uninstallation Tool for Windows are here.  
  Reinstall the F-Secure security product on your computer. You can download the product from the F-Secure website or from your My SAFE account, depending on your subscription.

  Thanks but the tool only works if you have one working windows installation and it's designed for mult-boot systems.  I don't have a multi-boot system and when the Windows 10 upgrade fails there is no active working Windows install to turn to. The partition gets corrupted and has a "RAW" status until you run chkdsk with gets it back to "NTFS" status but it won't boot.  My only two options at this point is to restore back to an image backup or install Windows 7 all over again. I'm just going to give up on this HP laptop, to me it's just not compatible with running this upgrade, so unless someone else has any other ideas this attempt to upgrade is over. Thanks again

• Use of planned production standards

  Hi All
  I can use 'Scheduling Standards Maintenance' activity to define planned production standards for shop floor processes.
  But I do not understand the method of comparing the plan with results well.
  Do the report etc. for the comparison exist?
  Thanks for any hints
  Regards

  Hi all,
  If I understand your questions correctly, then you are right - there is no separate report which compares scheduled standards with actual numbers. I believe that Scheduling Standards Maintenance is used just to keep that kind of information for reference. The actual numbers to measure the productivity and performance are provided by Yield reports, Cycle Time reports and Resource Utilization reports.
  BTW a while ago there was a customization requested by a customer where those values from the Maintenance were used for calculation of operators' salary in particular.
  Regards,
  Sergiy

• What security products are suggested for scrubbing rootkits from a Mac? There are good articles on similar repair for PCs and it makes me want to see if I can save this machine. It's in forensic recovery right now so I myself have not done anything yet.

  What security products are suggested for scrubbing rootkits from a Mac? There are good articles on similar repairs for other makes online. I would like to investigate whether a machine can be truly scrubbed or if it's best to retire it. I haven't done anything yet as it is a candidate for more extensive forensic recovery.
  Also, I am not sure if various malicious spoofing and cloaking tricks (making Wi-Fi appear off when it is on, hiding unauthorized sharing/remote access, falsifying System Preferences preference panes, etc.) are resolved by a thorough drive erase or are more similar to APTs?
  Finally, is there any emerging information regarding APT hiding places other than the recovery partition? I have heard mention of the EFI, for example, but it seems unproven and unlikely. Some people have also mentioned the RAM.
  This is an upsetting topic to some people, including me, so I appreciate circumspect, measured responses. Thanks! And don't try to answer all my questions if you really just want to comment or answer one. All thoughts are appreciated.

  Hi, Lincoln,
  A straightforward question. You are correct in recognizing the difference between tentative conclusion and certainty. Here are our main reasons:
  1. Incoming items noted on the console (or console sub logs) and Activity Monitor after defenses are overcome, and which are brought in by an unwelcome remote user, often have a process name and the word "kit." (Bear with me.) We soon observe the process is under attack, from terminal evidence and soon, decreased or lost functionality of the process. The terminal generally reports alteration of specific kernel behaviors. A simple example (that may or may not be accompanied by kernel changes and may simply alter permissions) is modifying Disk Utility such that key uses are unavailable. You can see how an attacker might value disabling partition views, mounting and permission repair. In retrospect, DU might not be a root alteration. I was thinking that its relation to fsck flagged it as a possible ring 0 item. I may need to know core parameters of a good example to pick strong ones.
  2. Incoming folders hidden for possible later use contained bundles of similar root kits, including some not applicable to Macs. From what I have read from reasonably credible sources, root kits are sold and traded both singly and in bundles.
  3. Root kits are a logical next choice for our attackers, as various prior techniques hindered us but did not paralyze us.
  4. One of the most authoritative articles I found was about PCs not Macs. I noted the assertion, undocumented, that an estimated one million computers are infected by root kit manipulations, and underscored that the kits can be used by people with low computer skills.
  5. MacAfee lists root kits (by description, not name) as a top pop five threat prediction in the coming year, though again, the emphasis is on PCs.
  Linc, I am trying to show a spectrum of observations and info that have shaped my thinking. To retrieve better captured evidence requires significant legwork at this time, but it is something I am willing to do if you can be patient. Understand this long attack has been like a natural disaster to us.
  I have not linked a few articles of interest because I forget if that's allowed. If so, I'd be glad to.
  After reviewing this partial answer, you may form another hypothesis. If so, please share it. I am comfortable with my position but not clinging to it.
  Thanks for your interest. Looking forward to your thoughts.
  Oh, yeah: some material is out for analysis, so we should have credible opinions pretty soon. Not positive exactly when.