Presentation is loading. Please wait.

Presentation is loading. Please wait.

Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney."— Presentation transcript:

1 Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney

2 Introduction TELUS Enterprise Solutions, a division of TELUS Second largest Telecommunications provider in Canada Approximately 20,000 employees $7 Billion in Revenues in 2002 Senior SAP Consultant specializing in SAP Authorizations Sandi.mckinney@telus.com

3  Why Audit? AIS – Audit Information System Security Audit Log RBE – Reverse Business Engineering (as applied to Security) Outline

4 Why Audit ? Risk Compliance Configuration

5 Why Audit ? Availability, Integrity and Confidentiality

6 Outline Why Audit  AIS – Audit Information System Security Audit Log RBE – Reverse Business Engineering (as applied to Security)

7 AIS – Audit Information System Review Analysis Monitor

8 Transactions SECR – Audit Information System PFCG - Role Maintenance

9 Transaction - SECR SECR is still available Possible error message: ‘AIS Structure AUDIT_ALL does not exist’ OSS Note 328019

10 Reports and Queries Import from Client 000 Different Types of Reports OSS Note 100609

11 Set-Up Roles Roles for: Security Team Internal Audit External Audit

12 Set-Up Roles Administration Work Excellent On-Line Help Defaults Queries

13 Testing Roles OSS Note 92124 OSS Note 100609

14 User Assignment Security Team Staff Employee Measurement Data setting – 01 Audit Team External Audit Employee Measurement Data setting – 02 Internal Audit Staff Employee Measurement Data setting – 02

15 Customization At your discretion Use Variants

16 Favorites Top Ten Security Reports, notably SM20 Security Audit Log Assessment SUIM User Information System RSUSR200 List of Users Per Login Date S_ALR_87101194 - Check Passwords of Special Users Documentation Flexibility in assigning roles

17 Additional Information AIS SAP Course BC940 – Security and Auditing Resource SAP Service Marketplace Quick Links – AIS

18 Additional Information AIS OSS Notes 375609 – Audit Info. System (AIS): Roles for System Auditors 451960 – Audit Information System (AIS), role concept 77503 – Audit Information System (AIS) 328019 – AIS Structure AUDIT_ALL does not exist 202504 – Audit Information System (AIS) 4.6C – collect. note 182699 – Audit Information System (AIS): Download of Query

19 Next: Security Audit Log Questions ?

20 Outline Why Audit? AIS – Audit Information System  Security Audit Log RBE – Reverse Business Engineering (as applied to Security)

21 Audit Log What is Audited?  Dialog logon  Monitor Special IDs for Log on  RFC/CPIC logon  Monitor specific logons  RFC function call  Monitor remote function calls

22 What is Audited?  Transaction start  Monitor the transactions that are being started for specific IDs  Report start  Monitor the reports that are being started for specific IDs  User master change  Monitor for User Master Changes  Other  Monitor changes to the Audit Log configuration

23 System Parameters  RSAU/MAX_DISKSPACE/LOCAL = 5000000  used to size the audit file  RSAU/ENABLE = 1  enabling the audit log

24 Configuration  RSAU/LOCAL/FILE = /usr/sap/PRD111/audit_++++++++  naming and directory location  RSAU/SELECTION_SLOTS = 10  number of audit filters (max 10)

25 Transactions  SM19 – Security Audit Configuration  SM20 – Security Audit Log Assessment  SM18 – Reorganize Security Audit Log

26 SM19 – Security Audit Configuration Define Filters

27 SM19 – Security Audit Configuration Create your profile Enter the profile name The client number Enter the user Id

28 SM19 – Security Audit Configuration Select Audit Classes Select Weight of Events Activate Filter Re-cycle the system

29 SM20 – Security Audit Log Assessment Select Audit Log Read Audit Log Refine Search By Audit Class and/or Weight of Event

30 SM20 – Security Audit Log Assessment Sample Report

31 SM20 – Security Audit Log Assessment Sample Statistics

32 SM18 – Reorganize Security Audit Log Simulate Archive Delete Cannot Delete or archive files that are less than 3 days old

33 Alert Monitor Computer Center Management System (CCMS) Events triggered in Audit Log will trigger event in CCMS Alerts are logged by Application Server No system configuration required to use CCMS

34 Computer Center Management System Transaction RZ20

35 Computer Center Management System

36 Favorites Audit Log Easy to set-up. Quicker to review results of the audit log Entries are highlighted in Red for Critical and Yellow for Important, based on your definitions in the Audit Log filter(s). Assists with tracking if an alert has been analyzed and resolved. Contains a history

37 Additonal Information Audit Log SAP Course WNA210 – R/3 for Auditors Resource SAP R/3 Audit Guide

38 Additional Information Audit Log OSS Notes 30724 – Data Protection and security in SAP Systems 486717 – SecAudit: SM20 selection documentation is missing 317883 – SecAudit: Transactions are not recorded 139418 – Logging User Actions 198646 – SecAudit: SM18 composite note 539404 – FAQ 173743 – SecAudit; Changing Parameters 139418 – Logging user actions

39 Questions ? Next: Reverse Business Engineering

40 Outline Why Audit? AIS – Audit Information System Security Audit Log  RBE – Reverse Business Engineering (as applied to Security)

41 What is RBE? RBE is a tool to support CBI (Continual Business Improvement) Data Extraction Data Analysis Reporting

42 ABAP SAP Supplied Program is in text format must download and generate into the ABAP Workbench

43 Transaction Monitor Transaction ST03 after Menu path Workload->Reorganization->Parameters_Performance Database Use a minimum of 3 months Cannot use a Time-line of days or weeks

44 What can be extracted? Transactional Data Configuration Data Master Data

45 How to Extract Logon to your R/3 system Execute Extract Program

46 How to Extract Time Line Type of Data Output to Spool Execute

47 How to Extract Sample Spool File

48 How to Extract Select Spool File Select Drive Path Download Extract

49 Preparing for Analysis Set-Up Company Import the data that has just be exported Rename the imported file when prompted Successful completion message will be displayed

50 Preparing for Analysis My Company Name Extract File

51 Preparing for Analysis

52 Analysis

53 Sample Report

54 Analysis Select Plant Placeholder Add User(s) to Analysis

55

56

57

58 Favorites Many reports to work with Can create customized reports Well documented Easy to use

59 Additional Information RBE SAP Course VSAP50 – Reverse Business Engineering Resource RBE White Paper OSS Notes 367378 – How to get the Reverse Business Engineer

60 Questions ? Next: Summary

61 Summary Availability, Integrity and Confidentiality AIS – Audit Information System assists with the ongoing audit requirements Audit Log assists with the monitoring of system activities RBE – Reverse Business Engineering assists with the maintenance of roles

62 Thank you for attending! Please remember to complete and return your evaluation form following this session. Session Code: 805

Download ppt "Monitoring Security With Standard SAP Tools Session Code 805 Sandi McKinney."

Similar presentations

Welcome! Were Glad Youre Here!. Whats New In Version 5.1b-100 Welcome to The Annual Information & Records Associates, Inc. User Conference May 20, 2009.

Welcome! Were Glad Youre Here!. Whats New In Version 5.1b-100 Welcome to The Annual Information & Records Associates, Inc. User Conference May 20, 2009.
Micro Control Solutions Stability System II rev. 6.4

Micro Control Solutions Stability System II rev. 6.4
ValvKeep® via VK-Viewer

ValvKeep® via VK-Viewer
Take the ‘dread’ out of your XA Security Audit Belinda Daub, Senior Consultant Technical Services

Take the ‘dread’ out of your XA Security Audit Belinda Daub, Senior Consultant Technical Services
Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services 704-814-0004.

Enhanced XA Security CISTECH Security Solutions Belinda Daub, Senior Consultant Technical Services
Enhanced Security Management, Separation of Duties and Audit Support for XA Belinda Daub, Senior Consultant Technical Services

Enhanced Security Management, Separation of Duties and Audit Support for XA Belinda Daub, Senior Consultant Technical Services
Users & Authorization Users must be setup and roles assigned to user master records before you can use the SAP System. A user can only log on to the system.

Users & Authorization Users must be setup and roles assigned to user master records before you can use the SAP System. A user can only log on to the system.
Welcome to QuadraNet Systems.

Welcome to QuadraNet Systems.
1 Authority on Demand Flexible Access Control Solution.

1 Authority on Demand Flexible Access Control Solution.
Visit : Call Us: US: 001-713-900-7669, 001-630-974-1794 India: 091-779-985-5779

Visit : Call Us: US: , India:
Visit : Call Us: US: 001-713-900-7669, 001-630-974-1794 India: 091-779-985-5779

Visit : Call Us: US: , India:
0 UMN 2011 ERP Terapan SAP BASIS General Concept Session # 3.

0 UMN 2011 ERP Terapan SAP BASIS General Concept Session # 3.
OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.

OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.
Automated Payment System. Benefits There is minimal training needed No expensive equipment necessary You can maintain your existing banking relationship.

Automated Payment System. Benefits There is minimal training needed No expensive equipment necessary You can maintain your existing banking relationship.
HORIZONT 1 ProcMan ® The Handover Process Manager Product Presentation HORIZONT Software for Datacenters Garmischer Str. 8 D- 80339 München Tel ++49(0)89.

HORIZONT 1 ProcMan ® The Handover Process Manager Product Presentation HORIZONT Software for Datacenters Garmischer Str. 8 D München Tel ++49(0)89.
Get Detailed with SAP Expense Planning Wayne Kirkendall Session Code 1610 GB Enterprises.

Get Detailed with SAP Expense Planning Wayne Kirkendall Session Code 1610 GB Enterprises.
Copyright © 2003 Americas’ SAP Users’ Group Authorizations in the Finance & Controlling Modules Ranvir Singh, Sherman Wright Business Analysts, LSI LOGIC.

Copyright © 2003 Americas’ SAP Users’ Group Authorizations in the Finance & Controlling Modules Ranvir Singh, Sherman Wright Business Analysts, LSI LOGIC.
Chapter 9 Auditing Database Activities

Chapter 9 Auditing Database Activities
SAP Basics for Auditing Change Management and Security September 8, 2014 Presenter: Linda Yates Consultant, Risk Advisory Services.

SAP Basics for Auditing Change Management and Security September 8, 2014 Presenter: Linda Yates Consultant, Risk Advisory Services.
 SAP AG CSU Chico 102/14/981SAP Security Lecture MINS 298C SAP Configuration & Use: Security Copyright 1996, 1997, 1998- James R. Mensching, Gail Corbitt.

 SAP AG CSU Chico 102/14/981SAP Security Lecture MINS 298C SAP Configuration & Use: Security Copyright 1996, 1997, James R. Mensching, Gail Corbitt.

Similar presentations

Ads by Google