Proper authentication is the key to proper segregation of duties. Any compromised/easy to guess account can cause irrecoverable harm to companies.
Enterprises which put a lot of effort in governance and compliance know that any mistake such as one default password forgotten in an overlooked client e.g client 066 or one weak password used by a trainee can put all accounts at stake.
How ESNC can help you
We improve your password security by our SAP password strength assessment services which includes mitigation recommendations. The strength assessment checks the password related security parameters, password policies and it includes auditing your passwords according to your corporate security policy. This has two aspects:
1- Improving the SAP password security of the GUI users
We audit your passwords and their compliance based on your requirements. Based on our analysis we recommend changes for improving the SAPGUI users’ password security. This includes changes in the SAP security parameters, SAP forbidden password lists (USR40 list), and securing SAP hash versions used in the system based on SAP security best practices.
2- Securing non-human users: SAP service user cleanup
Securing non-human users are very important step for SAP security. The password policy set on SAP systems don’t apply to service/interface users and they may have insecure passwords which are set years ago.
- We analyze the non-human users on your SAP landscape such as interface users, batch users, and communication users.
- We determine the users which have weak password security such as easy to guess passwords or default passwords (Summer-2017 is a weak password although compliant)
- We analyze SAP security audit logs to determine where these users are used
- We analyze what kind of privileges are not required anymore and guide you through documentation and cleanup of these users (e.g. removing SAP_ALL profiles from service users)