This website is not affiliated with, sponsored by, or approved by SAP AG.

RSECNOTE

SAP Security

Moderators: Snowy, thx4allthefish, jurjen

RSECNOTE

Postby Gary Morris » Fri Jun 17, 2011 11:02 am

This may be a topic for more than one forum. I have started using the tool RSECNOTE to keep up with SAP Security Notes that have not been applied to our systems. My question is does this tool simply connect to SAPnet and bring in a list of ALL SAP Security Notes, and then you have to review each one to determine if you should apply it or not, and change the status to green if you don't need it, or does it actually analyze your systems release and patch level, and list only the SAP Security Notes that apply to the system you ran it in? I am seeing notes in the list that do not seem to apply to the system such as a BW note even though I ran the tool in an R3 system.
Gary Morris
SAP Security Consultant
garydavidmorris@gmail.com
Gary Morris
 
Posts: 399
Joined: Sun Oct 20, 2002 10:42 pm
Location: San Antonio, Texas

Re: RSECNOTE

Postby thx4allthefish » Mon Jun 27, 2011 5:13 am

That's the EWA-Tool SAP uses for their EWA-report (security section). I never used the tool personally, but know you can start it using ST13.

I would think it checks SMP versus the notes you have already implemented, not caring for release or 'utilisation', basically security is 'always' NetWeaver ... so there you go then ...

Consider this instead: that tool is likely to check on SAP-Notes on security, which means: SAP-functionality (coding etc. etc.) and implements mostly coding checks and so on. While I would still recommend reading your EWA-reports carefully, I bet you a beer, that the security-gaps in your roles by far exeed the width and amount of said SAP-notes, so running the tool regularly is ... you know, a bit of an overkill.

If you were to maintain the Basis packages on a regular basis (say every 3 months or so), you'd rid yourself of all that tedious single-note-studying.
curiousorange wrote:I give up. Humanity isn't worth saving. Why is there never a Vogon Constructor Fleet around when you really need one?
thx4allthefish
 
Posts: 5694
Joined: Sat Oct 26, 2002 6:18 pm
Location: barolo barrel


Return to SAP Security

Who is online

Users browsing this forum: No registered users and 4 guests





loading...


This website is not affiliated with, sponsored by, or approved by SAP AG.