SAP HANA Security, 4 operational tips

Posted by Marta Ortona on Aug 19, 2022 12:00:00 AM

Have you replaced the database with SAP HANA? There are several new Security features to activate! 

 

SAP HANA Security

 

Enable all features for SAP HANA Security! Follow the tips to protect data and ensure database compliance. 

1) Protection of communications 

It's possible to use Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protocol to protect communication between client-servers and for internal communications. During the installation Durante l'installazione is defined a PKI (Public Key Infrastructure) for the certificates management.

 

2) Protection of managed data

In the HANA database is possible to encrypt the data managed on disk, the logs and also the backups. 

  • For the data protection on disk is possible to enable "Data-at-Rest" encryption.
  • For redo log protection (Redo log Encryption)
  • For backup protection

The encryption algorithm used, is AES-256-CBC (Advanced Encryption Standard - Cipher Blocker Chaining).

 

Encryption of data in SAP HANA, what to do?

  1. Have you changed the root keys, before activating the encryption? Usually, this action is carried out by partners or consultants. It's important that the client has the keys
  2. Did you activate the data encryption? Data Volume Encryption and Redo Log Encryption are not active by default
  3. Change root keys periodically (you can also make a backup of the keys)

 

3) Password Policy

If you don't have Single Sign On (SSO) system, define your password policy in the HANA environment. It's possible to manage the complexity of passwords in SAP HANA Cockpit or through SAP HANA Studio.

 

Information is then stored in the file indexserver.ini (modifying this file, although possible, is not recommended)

 

Through the table SYS_PASSWORD_BLACKLIST similar to USR40 (of illegal password in SAP ECC) it's possible to define a list of trivial or illegal passwords. By default, this table is empty.

 

4) Audit Log SAP HANA

One of the important aspects in the audit phase of HANA environment is the verification of the activation of the logs. They aren't active by default.

 

 

Any more details on this? Sign up for the course HA240 or read here which are all the Security SAP courses.

 

Blog post originally translated from: https://www.aglea.com/blog/sap-hana-security-4-suggerimenti-operativi

 

Topics: auditing, SAP Security, sap hana

Subscribe Here!

Blog Aglea, cosa puoi trovare?

Ogni mercoledì pubblichiamo articoli, interviste e documenti relativi alla security SAP.

Cosa puoi trovare:

  • Suggerimenti su come mettere in sicurezza i sistemi SAP
  • Come fare a … (How To)
  • Checklist
  • Gli errori comuni che spesso vengono fatti in ambito Security SAP
  • Interviste con esperti del settore
  • Chi è AGLEA quale è la nostra vision security SAP

Recent Posts

Post By Topic

See all