monitoring security with standard sap tools session code 805 sandi mckinney
Post on 18-Dec-2015
217 views
TRANSCRIPT
![Page 1: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/1.jpg)
Monitoring SecurityWithStandard SAP ToolsSession Code 805
Sandi McKinney
![Page 2: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/2.jpg)
Introduction
• TELUS Enterprise Solutions, a division of TELUS
• Second largest Telecommunications provider in Canada
• Approximately 20,000 employees
• $7 Billion in Revenues in 2002
• Senior SAP Consultant specializing in SAP Authorizations • [email protected]
![Page 3: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/3.jpg)
Why Audit?
AIS – Audit Information System
Security Audit Log
RBE – Reverse Business Engineering(as applied to Security)
Outline
![Page 4: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/4.jpg)
Why Audit ?
• Risk• Compliance• Configuration
![Page 5: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/5.jpg)
Why Audit ?
Availability, Integrity and Confidentiality
![Page 6: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/6.jpg)
Outline
Why Audit
AIS – Audit Information System Security Audit Log
RBE – Reverse Business Engineering(as applied to Security)
![Page 7: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/7.jpg)
AIS – Audit Information System
• Review
• Analysis • Monitor
![Page 8: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/8.jpg)
Transactions
SECR – Audit Information System
PFCG - Role Maintenance
![Page 9: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/9.jpg)
Transaction - SECR
SECR is still available
Possible error message:‘AIS Structure AUDIT_ALL does not exist’
OSS Note 328019
![Page 10: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/10.jpg)
Reports and Queries
• Import from Client 000
• Different Types of Reports
•OSS Note 100609
![Page 11: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/11.jpg)
Set-Up Roles
Roles for:
Security Team
Internal Audit
External Audit
![Page 12: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/12.jpg)
Set-Up Roles
• Administration Work
• Excellent On-Line Help
• Defaults
• Queries
![Page 13: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/13.jpg)
Testing Roles
OSS Note 92124
OSS Note 100609
![Page 14: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/14.jpg)
User Assignment
•Security Team
• Staff Employee
• Measurement Data setting – 01
•Audit Team
• External Audit Employee
• Measurement Data setting – 02
• Internal Audit
• Staff Employee
• Measurement Data setting – 02
![Page 15: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/15.jpg)
Customization
• At your discretion
• Use Variants
![Page 16: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/16.jpg)
Favorites
• Top Ten Security Reports, notably• SM20 Security Audit Log Assessment• SUIM User Information System• RSUSR200 List of Users Per Login Date
• S_ALR_87101194 - Check Passwords of Special Users
• Documentation
• Flexibility in assigning roles
![Page 17: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/17.jpg)
Additional Information
AIS
SAP Course
•BC940 – Security and Auditing
Resource
•SAP Service Marketplace
Quick Links – AIS
![Page 18: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/18.jpg)
Additional Information
AIS
OSS Notes
• 375609 – Audit Info. System (AIS): Roles for System Auditors
• 451960 – Audit Information System (AIS), role concept
• 77503 – Audit Information System (AIS)
• 328019 – AIS Structure AUDIT_ALL does not exist
• 202504 – Audit Information System (AIS) 4.6C – collect. note
• 182699 – Audit Information System (AIS): Download of Query
![Page 19: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/19.jpg)
Next: Security Audit Log
Questions ?
![Page 20: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/20.jpg)
Outline
Why Audit?
AIS – Audit Information System
Security Audit Log
RBE – Reverse Business Engineering(as applied to Security)
![Page 21: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/21.jpg)
Audit Log
What is Audited?
Dialog logon Monitor Special IDs for Log on
RFC/CPIC logon Monitor specific logons
RFC function call Monitor remote function calls
![Page 22: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/22.jpg)
What is Audited?
Transaction start Monitor the transactions that are being started for specific IDs
Report start Monitor the reports that are being started for specific IDs
User master change Monitor for User Master Changes
Other Monitor changes to the Audit Log configuration
![Page 23: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/23.jpg)
System Parameters
RSAU/MAX_DISKSPACE/LOCAL = 5000000 used to size the audit file
RSAU/ENABLE = 1 enabling the audit log
![Page 24: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/24.jpg)
Configuration
RSAU/LOCAL/FILE = /usr/sap/PRD111/audit_++++++++
naming and directory location
RSAU/SELECTION_SLOTS = 10 number of audit filters (max 10)
![Page 25: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/25.jpg)
Transactions
SM19 – Security Audit Configuration
SM20 – Security Audit Log Assessment
SM18 – Reorganize Security Audit Log
![Page 26: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/26.jpg)
SM19 – Security Audit Configuration
Define Filters
![Page 27: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/27.jpg)
SM19 – Security Audit Configuration
Create your profile
Enter the profile name
The client number
Enter the user Id
![Page 28: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/28.jpg)
SM19 – Security Audit Configuration
Select Audit Classes
Select Weight of Events
Activate Filter
Re-cycle the system
![Page 29: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/29.jpg)
SM20 – Security Audit Log Assessment
Select Audit Log
Read Audit Log
Refine SearchBy Audit Class and/orWeight of Event
![Page 30: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/30.jpg)
SM20 – Security Audit Log Assessment
Sample
Report
![Page 31: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/31.jpg)
SM20 – Security Audit Log Assessment
Sample
Statistics
![Page 32: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/32.jpg)
SM18 – Reorganize Security Audit Log
•Simulate
•Archive
•Delete
•Cannot Delete or archive files that are less than 3 days old
![Page 33: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/33.jpg)
Alert Monitor
• Computer Center Management System (CCMS)
• Events triggered in Audit Log will trigger event in CCMS
• Alerts are logged by Application Server
• No system configuration required to use CCMS
![Page 34: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/34.jpg)
Computer Center Management System
Transaction RZ20
![Page 35: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/35.jpg)
Computer Center Management System
![Page 36: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/36.jpg)
Favorites
Audit Log
• Easy to set-up.
• Quicker to review results of the audit log
• Entries are highlighted in Red for Critical and Yellow for Important, based on your definitions in the Audit Log filter(s).
• Assists with tracking if an alert has been analyzed and resolved.
• Contains a history
![Page 37: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/37.jpg)
Additonal Information
Audit Log
SAP Course • WNA210 – R/3 for Auditors
ResourceSAP R/3 Audit Guide
![Page 38: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/38.jpg)
Additional Information
Audit LogOSS Notes
30724 – Data Protection and security in SAP Systems486717 – SecAudit: SM20 selection documentation is missing317883 – SecAudit: Transactions are not recorded139418 – Logging User Actions198646 – SecAudit: SM18 composite note539404 – FAQ173743 – SecAudit; Changing Parameters139418 – Logging user actions
![Page 39: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/39.jpg)
Questions ?
Next: Reverse Business Engineering
![Page 40: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/40.jpg)
Outline
Why Audit?
AIS – Audit Information System
Security Audit Log
RBE – Reverse Business Engineering (as applied to Security)
![Page 41: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/41.jpg)
What is RBE?
RBE is a tool to support CBI (Continual Business Improvement) • Data Extraction
• Data Analysis
• Reporting
![Page 42: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/42.jpg)
ABAP
SAP Supplied Program
• is in text format
• must download and generate into the ABAP Workbench
![Page 43: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/43.jpg)
Transaction Monitor
Transaction ST03 after Menu pathWorkload->Reorganization->Parameters_Performance Database
Use a minimumof 3 months
Cannot use aTime-line ofdays or weeks
![Page 44: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/44.jpg)
What can be extracted?
• Transactional Data
• Configuration Data
• Master Data
![Page 45: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/45.jpg)
How to Extract
Logon to your R/3 system
Execute Extract Program
![Page 46: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/46.jpg)
How to Extract
Time Line
Type of Data
Output to Spool
Execute
![Page 47: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/47.jpg)
How to Extract
Sample
Spool File
![Page 48: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/48.jpg)
How to Extract
Select Spool File
Select Drive Path
Download Extract
![Page 49: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/49.jpg)
Preparing for Analysis
• Set-Up Company
• Import the data that has just be exported
• Rename the imported file when prompted
• Successful completion message will be displayed
![Page 50: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/50.jpg)
Preparing for Analysis
My Company Name
Extract File
![Page 51: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/51.jpg)
Preparing for Analysis
![Page 52: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/52.jpg)
Analysis
![Page 53: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/53.jpg)
Analysis
Sample
Report
![Page 54: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/54.jpg)
Analysis
Select Plant Placeholder
Add User(s) toAnalysis
![Page 55: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/55.jpg)
Analysis
![Page 56: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/56.jpg)
Analysis
![Page 57: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/57.jpg)
Analysis
![Page 58: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/58.jpg)
Favorites
• Many reports to work with
• Can create customized reports
• Well documented
• Easy to use
![Page 59: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/59.jpg)
Additional Information
RBE
SAP Course • VSAP50 – Reverse Business Engineering
Resource• RBE White Paper
OSS Notes• 367378 – How to get the Reverse Business Engineer
![Page 60: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/60.jpg)
Questions ?
Next: Summary
![Page 61: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/61.jpg)
Summary
Availability, Integrity and Confidentiality
AIS – Audit Information Systemassists with the ongoing audit requirements
Audit Logassists with the monitoring of system activities
RBE – Reverse Business Engineeringassists with the maintenance of roles
![Page 62: Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney](https://reader035.vdocuments.us/reader035/viewer/2022062515/56649d255503460f949fbc29/html5/thumbnails/62.jpg)
Thank you for attending!Please remember to complete and return your evaluation form following this session.
Session Code: 805