How To Keep Your Sap System Landscape Secure

By Author: Udaya
Total Articles: 29
Comment this article

Protecting sensitive business information within SAP systems is primary requirement in today’s Cybersecurity landscape. One of the fundamental aspects of safeguarding these systems is the implementation of robust password parameters. In this Learning byte, we will explore the significance of password security in SAP environments and delve into best practices for establishing effective password policies.

The Importance of Password Security in SAP
Passwords serve as the first line of defense against unauthorized access to SAP systems. A weak or compromised password can expose critical business data, jeopardize system integrity, and lead to severe consequences. Therefore, establishing and enforcing stringent password parameters is crucial to fortify SAP systems against potential security threats.
Key Password Parameters in SAP
1.Complexity Requirements:
-Mandate the use of a combination of uppercase and lowercase letters, numbers, and special characters. Use the below parameters:
login/min_password_lowercase
login/min_password_uppercase
login/min_password_specials
login/min_password_digits
...
... login/min_password_letters
-Set a minimum password length to ensure an adequate level of complexity. After ChatGPT, it is much easy for people to generate multiple passwords and take control with a Brute Force Attack. Setup the below parameter with a value greater than 12 (recommended)
login/min_password_lng (between 3 to 40)

Source – Hive systems (Link – https://www.hivesystems.io/blog/are-your-passwords-in-the-green)
2. Password Expiry:
-Implement a regular password expiration policy to reduce the risk of prolonged exposure. Use parameters – login/password_max_idle_productive, login/password_max_idle_initial and login/password_expiration_time
-Prompt users to change their passwords at defined intervals. Use parameter – login/password_expiration_time.
3. History and Reuse Restrictions:
-Enforce a password history policy to prevent users from reusing their recent passwords using the parameter – login/min_password_diff
-Specify the minimum number of unique passwords before a user can repeat one using the parameter – login/password_change_waittime
4. Account Lockout:
-Implement an account lockout policy to temporarily disable accounts after a specified number of failed login attempts. The parameter is login/fails_to_user_lock. You can also use login/fails_to_session_end to ensure the session is closed.
-Configure lockout duration and reset conditions to enhance security without causing unnecessary disruptions by using parameter-login/failed_user_auto_unlock
5. Two-Factor Authentication (2FA):
-Enhance security by incorporating two-factor authentication for an additional layer of user verification. You may use SAP SSO with SAML integration or third party applications such as Okta.
ToggleNow’s UserSentry also provides option to enable 2FA, MFA on SAP GUI where users will be promoted to enter secondary password which is sent on either Mobile or Email.
6. Implement a Security Policy for critical IDs.
-You may create security policies using transaction code SECPOL. Multiple policies can be created and assigned to users in SU01 Logon data tab.

Mere implementation of parameters and policies are not enough and it is important to emphasize the importance by aligning with the industry best practices.

Read more about the Best practices for SAP Password Security: https://togglenow.com/learnings/how-to-keep-your-sap-system-landscape-secure/

#SAPSoDAnalysis
#SegregationofDutiesinSAP
#SAPSecurityandCompliance
#SoDViolationsinSAP
#sapsegregationofdutiesmatrix
#SAPRiskAssessment
#sapsodanalysistool
#sapsodconflicts
#sapsegregationofduties
#SAPGovernanceSolutions
#SoDRiskManagementinSAP
#sapsodmatrix
#sapsodconflictmatrix
#sapsodanalyzer
#sapsodtool