Network & Application Level Security
The data center has a fully redundant network and firewall capabilities through a cluster of Cisco ASA security devices. These devices would be used to create the IPsec site to site or SSL VPN connections. They can fully integrate with Microsoft Active Directory through federation services. Secure Network Communications (SNC) integrates ERP NetWeaver Single Sign-On or an external security product with ERP systems. With SNC, you strengthen security by using additional security functions provided by a security product that is not directly available with ERP systems. SNC protects the data communication paths between the various client and server components of the ERP system that use the ERP protocols RFC or DIAG. There are well-known cryptographic algorithms that have been implemented by the various security products, and with SNC, you can apply these algorithms to your data for increased protection.
Our network-based IDS sensors monitor the network traffic between different systems searching for specific patterns in this traffic, identifying known attacks or searching for unusual usage patterns in this traffic. They run on separate hardware (network sniffer) or are integrated with certain routers or switches and will send an alert to the console, for instance, in the case of a port scan being detected.
The ERP solution provides a multi-level role-based security model. Each object in the system (i.e., screens, tables, data elements, domains) has a controlling authorization object that controls access to the object. Authorization objects define complex authorizations by grouping authorization fields, and it allows you to define a relationship to check whether a user is allowed to perform a certain action. To pass an authorization test for an object, the user must satisfy the authorization check for each field in the object. ERP solutions provide security at the following levels: organizational level, information type level, individual employee level, and reporting level. Within these levels, security can be placed on the screen, field, action to field (add/change), and application. Based on the roles assigned to the users they can either add/change/delete/inquire regarding any of the fields. This is a differentiating feature and because of this low level of security. ERP is a best practice for security and can be used to meet all SOX and Segregation of Duty (SOD) requirements.