SAP HANA Security, 4 operational tips

Posted by Marta Ortona on Aug 19, 2022 8:15:00 AM
Marta Ortona

Have you replaced the database with SAP HANA? There are several new Security features to activate! 

 

SAP HANA Security

 

Enable all features for SAP HANA Security! Follow the tips to protect data and ensure database compliance. 

1) Protection of communications 

It's possible to use Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protocol to protect communication between client-servers and for internal communications. During the installation Durante l'installazione is defined a PKI (Public Key Infrastructure) for the certificates management.

 

2) Protection of managed data

In the HANA database is possible to encrypt the data managed on disk, the logs and also the backups. 

  • For the data protection on disk is possible to enable "Data-at-Rest" encryption.
  • For redo log protection (Redo log Encryption)
  • For backup protection

The encryption algorithm used, is AES-256-CBC (Advanced Encryption Standard - Cipher Blocker Chaining).

 

Encryption of data in SAP HANA, what to do?

  1. Have you changed the root keys, before activating the encryption? Usually, this action is carried out by partners or consultants. It's important that the client has the keys
  2. Did you activate the data encryption? Data Volume Encryption and Redo Log Encryption are not active by default
  3. Change root keys periodically (you can also make a backup of the keys)

 

3) Password Policy

If you don't have Single Sign On (SSO) system, define your password policy in the HANA environment. It's possible to manage the complexity of passwords in SAP HANA Cockpit or through SAP HANA Studio.

 

Information is then stored in the file indexserver.ini (modifying this file, although possible, is not recommended)

 

Through the table SYS_PASSWORD_BLACKLIST similar to USR40 (of illegal password in SAP ECC) it's possible to define a list of trivial or illegal passwords. By default, this table is empty.

 

4) Audit Log SAP HANA

One of the important aspects in the audit phase of HANA environment is the verification of the activation of the logs. They aren't active by default.

 

 

Any more details on this? Sign up for the course HA240 or read here which are all the Security SAP courses.

 

Blog post originally translated from: https://www.aglea.com/blog/sap-hana-security-4-suggerimenti-operativi

 

Topics: SAP Security, auditing, sap hana

Yes Subscribe!

Blog Aglea, what you could find out?

Every Friday a new post, interview or content related to SAP Security.

  • Tips on how to design SAP Security
  • How to
  • Checklist
  • Common error and pitfall on security SAP
  • Interview with experts
  • Who we are and Aglea vision on SAP Security

Recent Posts

Post By Topic

See all

SAP Security Blog AGLEA RSS Feed

Aglea s.r.l. - Subject to the management and coordination of Horsa S.p.A. - P. IVA: IT 03868780960 - 2024 | Privacy Policy - Cookie Policy