Re: SAP Security

[Dave Piscitello <dave () corecom com>]

Have you tried this mail forum?

Name of Forum: SAP FAQ Security Discussion
Description: The purpose of this mailing list is to provide a forum for the 
discussion of Security related topics of interest to those involved with SAP.
To Subscribe: Send this command:
SUBSCRIBE SAPFAQ-SECURITY
To this address: MD () MD FAQGCN COM


At 02:20 AM 6/14/01 +0200, Rainer Duffner wrote:
> On Wed, 13 Jun 2001, Johann van Duyn wrote:
>
> > Hi there...
> >
> > I'm planning to run a lightweight internal penetration test against some of
> > our servers, and have run into a snag: security information on WinNT, Unix,
> > Oracle, etc. is quite easy to find, but I am struggling to find anything
> > good on SAP R/3. Most of the stuff is very vague, or refers to securing
> > network transmissions against eavesdropping.
> >
> > Anyone have any real information on SAP security, especially weaknesses?
> > :-)
>
> I found this some time ago, the content seems to move on and off to
> different sites. A good opportunity to save it to HD...
>
> http://www.hoelzner.de/security/sap-os.html
>
> The text is German, but mentions a "SAP Security Guide" , which is hopefully
> available in other languages.
>
>
> cheers,
> Rainer
> --
> ========================================
>  Rainer Duffner , Konstanz, Germany
>  eMail:  duffner () fh-konstanz de
>        rainer.duffner () surf24 de
> http://www-stud.fh-konstanz.de/duffner/
> ========================================

                           David M. Piscitello
            Core Competence, Inc. (http://www.corecom.com) and
     The Internet Security Conference (http://www.tisc2001.com)
    ~~ The Internet has security problems. We have answers. ~~

3 Myrtle Bank Lane                                     dave () corecom com
Hilton Head, SC 29926                                  1.843.683-9988

PGP Fingerprint: 070A 9F01 C35C 4D41 A460 EF2C 2992 2F12 11D2 02DC