SAP Cyber Security Risk-S RFC Parameter

preview_player
Показать описание
Surviving an SAP Audit: A Practical Guide to SAP Audit

Security, Audit and Control Features SAP ERP, 4th EditioN

SAP License Management Step by Step Guide

Auditing and GRC Automation in SAP

RFC calls from an external system should trigger the target system to check authorization object S_RFC to ensure the user initiating the call has the appropriate permissions for the function group containing the relevant function module. This should be specified in the field RFC_NAME of the object. However, the check is only performed if the profile parameter auth/rfc_authority_check is set to 1. The Authorization checks are rarely performed for the SRFC function group which includes functions such as RFC_GET_LOCAL_DESTINATIONS, RFC_GET_LOCAL_SERVERS, RFC_SYSTEM_INFO, and SYSTEM_INVISIBLE_GUI. RFC Functions within these groups can be called remotely and anonymously by external attackers to probe SAP systems prior to launching a targeted attack.

[ Free Webinar] See how Automating Detecting and implementing SAP Notes can help you improve your operations, and secure your SAP Landscape

Click Here to Register

#ExpressGRC #SAPGRC #SAPSECURITY #GRC #SAPCYBERSECURITY
Рекомендации по теме