Case Study #007.01

Scenario

A Java program connecting to the SAP system retrieves and processes certain data. The user created for this connection has been assigned the SAP_ALL authorization. Users who gain control of this program could exploit it to make critical RFC calls, access sensitive data, and manipulate the data through the program.

Impact

For connections made from SAP or non-SAP systems, the user types used should not be DIALOG or SERVICE, and the assigned authorizations should be limited to only the RFCs that will be called. Otherwise, malicious code could be executed, sensitive data could be stolen, or critical data could be altered through these connections.

DefenceMore OCA Capabilities

Defencemore OCA's P004 control reviews the user types used in external connections and flags any inappropriate ones as violations, listing them. The A018 control identifies and lists critical RFCs used or called from remote systems. The S010 control displays active gateway connections, enabling monitoring of such activities.

Related Checks

• P004 RFC User Types
• A018 Critical RFC Calls
• S010 Gateway Active Connections