SAP Security by SAGESSE TECH : Monitoring SAP Message Server using IBM QRadar
Sükrü Ilker BIRAKO?LU
Managing Partner - CTO @ SAGESSE TECH / Securing SAP and other ERP Systems with state-of-the art products and solutions
The SAP Message Server is responsible for communication between the application servers of an SAP System. The SAP Message Server passes requests from one application server to another within the system and it also contains information about application server groups and the current load balancing within them. The SAP Message Server uses this information to choose an appropriate server when a user logs on to the system.
As the central communication component in an SAP system network, the message server should be protected against unwanted external access. You can make the following settings to increase security when the SAP message server is running:
·??????Separate Internal and External Message Server Communication
·??????Access Control List (ACL) for Application Servers
·??????Access Control List (ACL) for Network Connections
·??????Administration Using Profile Parameters
It is very important to secure the SAP Message Server to prevent the attacks. By following above recommendations we allow only limited Hosts to connect Message Server. This gives us better control and prevent from attacks.
We can secure SAP Message Server by setting the parameter ms/acl_info and creating ms_acl_info file by allowing only restricted hosts. This file can include internal application servers, DB server, cluster nodes and any other 3rd party system which you want to connect directly to MS server.
It is very important to monitor the internal and external access to the Message Server. The Access Control List File must be properly configured and the system parameters related to Message Server must have right values.
SAGESSE TECH is providing a SAP Threat Detection Solution in integration with IBM QRadar( SPLUNK and WAZUH Integration is also done ) to monitor Message Server of SAP Systems.
SAGESSE TECH, global SAP Security / Oracle Security / ERP Security Tech Company, is providing SAP Threat Detection and Monitoring Products, SAP PenTest Framework and an SAP Audit Service which control these kinds of configurations, vulnerabilities and much more in your SAP Systems. Their products and services can help you to integrate your SAP System into your central threat detection solutions and foster your NIS2 Compliance.
Additionally, you can contact SAGESSE TECH(E-mail : [email protected] or [email protected] ), if you would like to have a Vulnerability Scanning, SAP Audit or SAP PenTest on your SAP Systems.