Have you replaced the database with SAP HANA? There are several new Security features to activate!
Enable all features for SAP HANA Security! Follow the tips to protect data and ensure database compliance.
1) Protection of communications
It's possible to use Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protocol to protect communication between client-servers and for internal communications. During the installation Durante l'installazione is defined a PKI (Public Key Infrastructure) for the certificates management.
2) Protection of managed data
In the HANA database is possible to encrypt the data managed on disk, the logs and also the backups.
- For the data protection on disk is possible to enable "Data-at-Rest" encryption.
- For redo log protection (Redo log Encryption)
- For backup protection
The encryption algorithm used, is AES-256-CBC (Advanced Encryption Standard - Cipher Blocker Chaining).
Encryption of data in SAP HANA, what to do?
- Have you changed the root keys, before activating the encryption? Usually, this action is carried out by partners or consultants. It's important that the client has the keys
- Did you activate the data encryption? Data Volume Encryption and Redo Log Encryption are not active by default
- Change root keys periodically (you can also make a backup of the keys)
3) Password Policy
If you don't have Single Sign On (SSO) system, define your password policy in the HANA environment. It's possible to manage the complexity of passwords in SAP HANA Cockpit or through SAP HANA Studio.
Information is then stored in the file indexserver.ini (modifying this file, although possible, is not recommended)
Through the table SYS_PASSWORD_BLACKLIST similar to USR40 (of illegal password in SAP ECC) it's possible to define a list of trivial or illegal passwords. By default, this table is empty.
4) Audit Log SAP HANA
One of the important aspects in the audit phase of HANA environment is the verification of the activation of the logs. They aren't active by default.
Any more details on this? Sign up for the course HA240 or read here which are all the Security SAP courses.
Blog post originally translated from: https://www.aglea.com/blog/sap-hana-security-4-suggerimenti-operativi