Re: Delving into an ERP security.

["Gleb Paharenko" <gpaharenko () gmail com>]

Hi, all.

I'd like to here about SAP auditing practices as well (may be you can
cross-post to pen-test?). The only think I've were password audit with
self-written tool which were using java rfc library and have checked
sap for default passwords (google for the complete list).



2008/1/26, WALI <hkhasgiwale () gmail com>:
> We are into finalising RFP details for rolling an ERP (SAP/Oracle) for
> operations ranging from usual backend (HR, Accounts, Administration) to
> front end business largely associated with engineering and construction
> business.
>
> Now, does anyone here have any experience relating to the security needs of
> SAP or oracle implementation on the infrastructural level? I have heard that
> recently NOvell had a tie up with SAP and microsoft and guys are talking
> about SuSe linux Enterprise server as a robost alternative to windows
> underlying platform. Is this an alternative that can be explored?
>
> What other things you guys might want to be considered at the RFP level from
> technology (and not functionality/features) perspective, for we already have
> too many people on board mapping out business needs at this point in time,
> but very few, looking at the underlying infrastructure on which the whole
> initiative will run.
>
> any/all suggestions are welcome.
> Rgds


-- 
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com