Protecting sensitive business information within SAP systems is primary requirement in today’s Cybersecurity landscape. One of the fundamental aspects of safeguarding these systems is the implementation of robust password parameters. In this Learning byte, we will explore the significance of password security in SAP environments and delve into best practices for establishing effective password policies.
The Importance of Password Security in SAP
Key Password Parameters in SAP
1.Complexity Requirements:
-Mandate the use of a combination of uppercase and lowercase letters, numbers, and special characters. Use the below parameters:
login/min_password_lowercase
login/min_password_uppercase
login/min_password_specials
login/min_password_digits
login/min_password_letters
-Set a minimum password length to ensure an adequate level of complexity. After ChatGPT, it is much easy for people to generate multiple passwords and take control with a Brute Force Attack. Setup the below parameter with a value greater than 12 (recommended)
login/min_password_lng (between 3 to 40)
Source – Hive systems (Link – https://www.hivesystems.io/blog/are-your-passwords-in-the-green)
2. Password Expiry:
-Implement a regular password expiration policy to reduce the risk of prolonged exposure. Use parameters – login/password_max_idle_productive, login/password_max_idle_initial and login/password_expiration_time
-Prompt users to change their passwords at defined intervals. Use parameter – login/password_expiration_time.
3. History and Reuse Restrictions:
-Enforce a password history policy to prevent users from reusing their recent passwords using the parameter – login/min_password_diff
-Specify the minimum number of unique passwords before a user can repeat one using the parameter – login/password_change_waittime
4. Account Lockout:
-Implement an account lockout policy to temporarily disable accounts after a specified number of failed login attempts. The parameter is login/fails_to_user_lock. You can also use login/fails_to_session_end to ensure the session is closed.
-Configure lockout duration and reset conditions to enhance security without causing unnecessary disruptions by using parameter-login/failed_user_auto_unlock
5. Two-Factor Authentication (2FA):
-Enhance security by incorporating two-factor authentication for an additional layer of user verification. You may use SAP SSO with SAML integration or third party applications such as Okta.
ToggleNow’s UserSentry also provides option to enable 2FA, MFA on SAP GUI where users will be promoted to enter secondary password which is sent on either Mobile or Email.
6. Implement a Security Policy for critical IDs.
-You may create security policies using transaction code SECPOL. Multiple policies can be created and assigned to users in SU01 Logon data tab.
Best Practices for SAP Password Security
2. Regular Audits: Conduct periodic security audits to assess the effectiveness of password policies. Identify and address any non-compliance issues promptly. Also, ensure that your users are not sharing passwords and lock the ID on a specific terminal or IP. Utilize the Geo-fencing and parameter-based binding options. Refer UserSentry page for more information on implementing these capabilities.
3. Continuous Monitoring: Implement real-time monitoring to promptly detect and respond to any suspicious login activities. Monitor user behaviour to identify anomalies that may indicate a security threat.
ToggleNow difference
Customers face significant challenges in maintaining a robust cybersecurity posture within the SAP landscape. These challenges include:
- Gaining a comprehensive understanding of vulnerabilities and threats affecting SAP applications and databases, while ensuring security and compliance.
- Preventing attackers from circumventing segregation of duties (SoD) and authorization controls.
- Managing the risk associated with wide authorizations and/or configurations, and establishing continuous reporting on the cybersecurity status of SAP.
- Sustaining controls in a compliant state for the SAP landscape and enforcing security baselines for SAP ECC or S/4 Hana landscapes.
ToggleNow offers a comprehensive solution to secure your system against data breaches and potential losses through its tailored Vulnerability/Offline Assessment and Vulnerability Management solution, UserSentry for the SAP landscape.
With ToggleNow’s Vulnerability/Offline Assessment, we provide an unparalleled assurance of safety. Our solution facilitates quick and real-time insights, offering visibility into your existing SAP environment to identify system and application vulnerabilities.
Explore more about our SAP Vulnerability Assessment and Vulnerability Management solution by visiting our page.
Additional references:
Article by Priti Dhingra – Keeping SAP System Landscape Secure and Up-to-Date With SAP Notes Recommendations in Maintenance Planner. Click link here
