SAP Encryption
An SAP system communicates via the local area network with SAP clients, browsers, applications and other SAP systems. Even between the SAP system components data exchanges occur. In all cases, data is transferred, which must be protected. This is not only the data that is used to authenticate users (e.g. user name and password, cookies, certificates, etc.), but also financial data processed in the framework of called functions.
SAP SNC
Secure Network Communications (SNC) is a technology developed by SAP software layer, that protects the data communication paths between components of a SAP system consistently using SAP protocols such as RFC or DIAG.
The Security Layers of SNC
The following security layers are used for communication in SNC:
• SAP GUI and SAP systems
• Between two SAP System servers (ABAP and Java)
• External RFC servers and SAP System server
• Between SAP Router
• SAP systems and SAP print servers
The SNC itself does not contain a safety mechanism, but introduces the “GSS-API V2” (Generic Security Services Application Programming Interface Version 2) which provides an interface for external safety products, such as smart cards.
Protection Levels of the Security Layers
1. Authentication – less protection: Only the identities of the communication partner are checked. Data sent is unencrypted.
2. Integrity – medium protection: It is possible to detect any unwanted changes to data during transmission. Data sent is unencrypted.
3. Privacy – high protection: The data is encrypted before transmission between partners via cable.
SAP Cryptographic Library
SAP provides a standard SNC security product the SAP Cryptographic Library. However, the SAP Cryptographic Library can be used only for the implementation of SNC between server components, that is, to protect connections to RFC basis. If at the same the user communications should be protected, for example, connections between the SAP GUI and the SAP system, users need an additional solution, such as our styx.SSO.
