An Approach For SAP R/3 Security In Open Networks

abdomendebonairΑσφάλεια

2 Νοε 2013 (πριν από 3 χρόνια και 8 μήνες)

71 εμφανίσεις

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
1




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive


SAP /

Higher Education & Research User Group


4
th

Meeting, Amsterdam,

the Netherlands on 20
th

-

22
th

April, 1999








An Approach For SAP R/3


Security In Open Networks

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
2




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive




Contact

Dr. Lutz Marten

IT

Management

Bayerische Julius
-
Maximilians
-
Universität Würzburg

Am Hubland

D
-

97074 Würzburg, Germany


phone:

+49 (0) 931 / 888
-

5078

fax: +49 (0) 931 / 888
-

7021

Lutz.Marten@mail.uni
-
wuerzburg.de

http://www.zv.uni
-
wuerzburg.de/muck

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
3




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive




Facts & Figures University Würzburg



first foundation: 1402, refoundation: 1582



12 faculties



70 departments



wide spectrum of disciplines



largest university in northern Bavaria



over 20.000 students



about 9.500 staff
-
members



350 professors, about 2700 academic assistants



19 university clinics



budget 400 Mio. DM

(without patient care, incl. research)

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
4




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive




User Access To Applications

Students / Staff

Application Systems SAP R/3, HISSOS

World Wide Web

up to 20.000

user

campus =

int
er
net

administration =

int
ra
net

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
5




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive




Basic Security By A Firewall

Client PC

Internal Application Systems

Firewall

campus

int
er
net

adminitration

int
ra
net

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
6




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive




Network Topology

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
7




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive




WWW Transaction Model
-

3 Tier Model

Web Browser

Presentation

representaion of

the application

Firewall

Web Server

Web
-
Adaption

homogenisation

authentification

Application System

Application

Transaction

data manipulation

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
8




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive




WWW Transaction Model
-

General Model

Web
-
Browser / Java
-
VM

Presentation

Web Server ( e.g. MS
-
IIS)

Web
-
Adaption

Application Server

Application

Transaction

Database Server

HTML/Java Transformation / User Authentication

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
9




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive




WWW Transaction Model
-

TranSON™ Model

Web
-
Browser

Presentation

TranSON Server

Web
-
Adaption

Web Server

enciphered

Firewall

Application Server

Application

Transaction

Database Server

(optionally enciphered)

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
10




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive




WWW Transaction Model
-

SAP R/3 Model

Web
-
Browser

Presentation

R/3 Application Server

Application

Transaction

R/3 Database Server

(optionally enciphered)

manufacturer
-
dependent


SAP
-
Protokoll

manufacturer
-
dependent


SAP
-
Protokoll

Web Server ( z.B. MS
-
IIS)

Web
-
Adaption

Internet Transaction Server
-

ITS

enciphered

ISAPI

HTTP

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
11




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive




WWW Transaction Model
-

HISSB

Web
-
Browser with HISSB Java
-
applet

Presentation

HISSOS/GX Informix Database

Application

Transaction

ODBC / JDBC

(optionally enciphered)

Web Server ( z.B. MS
-
IIS)

Web
-
Adaption

JDesignerPro Enterprise Server

(JAGG)

enciphered

TCP Port 4899

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
12




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive




WWW Transaction Model
-

TranSON™ + SAP R/3

Web
-
Browser / Java
-
VM

Presentation

Web Server ( z.B. MS
-
IIS)

Web
-
Adaption

Internet Transaction Server
-

ITS

enciphered

ISAPI

TCP Port 4444 and HTTP

TranSON Server

Firewall

manufacturer
-
dependent


SAP protocol

manufacturer
-
dependent


SAP protocol

Application Server

Application

Transaction

Database Server

(optionally enciphered)

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
13




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive




WWW PKI (public key) Model
-

TranSON™ + SAP R/3

Web
-
Browser / Java
-
VM


Web Server ( z.B. MS
-
IIS)

Application Server

Database Server

Internet Transaction Server
-

ITS, Agate/Wgate

running on one or two servers optionally with SNC

TranSON Server / Firewall

SAP protocol

SNC optional

Smartcard with

keys and crtificates

CA
-

Certificate

Authority

SSLv3 / TLSv1 using

private key

public key

certificate

Directory Services

LDAP

Datei: her
-
sec.ppt

Freitag,
13
-
11
-
03

Index
14




University Würzburg, Dr. L.Marten

University Würzburg

Bavarian future offensive




more information and

contacts can be found at

http://www.zv.uni
-
wuerzburg.de/muck


Thank you for your attention !