OPERATING SYSTEMS SECURITY ARCHITECTURE MODEL AND DATA HIDING METHODOLOGIES
With the advent of new technologies and broader use of internet, Information security is facing unprecedented challenges, and effective information security and integrity management is one of the major concerns for most of the organization in the business world. In this part we will discuss various tools deployed and strategies and concerns involved in securing windows server 2003 one of the highly used operating systems in various business environments. There are various features deployed and integrated within the system to achieve this like authentication, access control, auditing, Active Directory, data ...view middle of the document...
The purpose of security model is to ensure authentication, authorization, integrity and auditability. In order to achieve these, there must be an explicit and well defined security policy enforced by the system. Now we will study the various architectures defined by SAP for most of their critical applications under the umbrella, some of the models deployed by SAP are Fraud Detection Model, Global Security Positioning Model, and Business Shadow solution. The attributes defined to maintain security within an ERP structure are User Authentication which involves authentication of the users with help of creating different user accounts depending on the authority of the users, deploying complex password and session security within the organization. User authorization is also one of the important aspects that have to be considered while designing the security model of an ERP system. By default SAP R/3 does not allow any user to execute any transactions or programs unless he/she has been explicitly authorized to do so. Authority checks must be used to grant users specific authorization to carry out functions effective use of tools like PFCG should be used in order to create various user profiles within the system. Network level security is as important as securing the SAP configuration, the operating systems and the database. For securing sap network offers careful planning in order to decide placement of components and configuration of access control lists on firewalls and routers. Standard Network Configuration Security and Secure Network Communications are the two approaches followed by SAP to secure their networks. Also keeps a variety of logs for system administration, monitoring, problem solving, and auditing purposes. Logs and audits are important for monitoring the security of SAP R/3 and to track events in case of problems. SAP also enforces the logging feature which ensures security; these features include Application logging, Change document logging, Monitor changes to table data, Monitor changes to use master records, profiles and authorizations. Database security is the most important factor which is considered while defining or designing the security model.
With SAP Database Security the key measures that have been implemented by SAP for the security of its database (Oracle or SQL) are
Only R/3 tools (such as SAPDBA) must be used to access the database
The initial password for database must be changed frequently.
Access to USR tables is prohibited.
Write access to T000 table is prohibited.
Application specific tables must be protected in accordance with the authorization matrix.
Just like various other applications like Microsoft even SAP have Fraud detection Models, Risk Management Model,...