Manoj Jhawar, profile picture
Uploaded byManoj Jhawar
PPTX, PDF1,232 views

Security concerns in web erp

This document discusses security concerns with web-based ERP systems. It outlines several security issues including physical security, transmission security, storage security, access security, and data security. It also describes common security problems like resource protection, data confidentiality, and authentication. The document then provides an overview of ERP architecture and the typical 3-tier architecture before examining current security solutions like role-based access control. It analyzes security in SAP/R3 systems and proposes an open security model for the future.

Embed presentation

Downloaded 40 times
Security concerns in Web ERP Manoj Jhawar MBA 2nd year 12125027
Overview • ERP is experiencing the transformation that will make it much more intelligent, collaborative, web enabled, highly integrated may become wireless • ERP solutions worked upon common use of distributed application which causes security problems
Security issues • • • • • • Physical Security Transmission Security Storage Security Access Security Data Security Application Security
Several security problems are • • • • • • • Resource protection Data confidentiality Data integrity Authentication of user Non repudiation of transaction Reliability of user Anonymity of user
ERP Architecture • Integration—various components are integrated and seamless data flow occurs between components to collaborate as a single function. • Flexible—system is flexible, compatible and expandable with the old systems, changes to the business processes and strategies are easy to accomplish. • Real-time—different components works in online, real time and batch processing modes should be presented. • Componentization—different business functional requirement are designed as different components. • Tailorable—system should be simply configured according to the enterprise’s requirements.
3 tier Architecture • • • 1. Front layer of Presentation Layer: A combined Graphical User Interface (GUI) or any browser that collects data, generates requests, and proceeds the results back to the user. 2. Middle layer of Application: Application programs that collects the requirements from the Presentation layer and further routes the request based on the business function, rules or logic. 3. Database Layer (Back): Data Base Management Systems that manages the business and operational data throughout the entire enterprise.
Current security solutions in ERP • Role-Based Access Control – – – – Roles Permissions Users Constraints
Security in SAP/R3 • Authorization object- This represents the authorization concept and consists of some authorization fields. • Authorization- This is an instance of one authorization object and defines permitted value range of each authorization field of the authorization object. • Authorization profile- This contains some authorizations which are assigned to the user by an administrator. • Authorization check- This is used to protect the transactions or data we choose and is embedded in program logic. When authorization check is performed then authorization profile will be used for comparing the required values needed to run the specific transaction. • User master record- This enables the users to log on to R/3 system and grant limited entry to the transactions and data. • Profile generator- This is the component which helps the administrators create, generate, and assign authorization profiles using activity groups and user
Diagram of SAP R/3 Authorization
Open security Model • • • 1. XML encryption 2. XML signature 3. SAMLconfiguration parameters. Constructing a new security layer and connecting it into the already existing architecture, requires considering different provision of individual security needs Appropriate profile processor is able to audit all incoming messages for security fulfillments on the own security profile and also to extend all outgoing messages according to the security policy of remote peer.
Future security features • Intelligent • Knowledgebased • Heterogeneous • Collaborative • Wireless
Conclusion • Existing security solutions like RBAC or SAP R/3 are based on the features of the current ERP system and since ERP reveals more and more new features that may be supported in the future, present security mechanism needs to be retrofitted and new security issues have to be identified • In open security model proposed above we see that the division of transport data and content is the key-note area of the introduced security model • The prefixed article builds an open architecture which will not only considers the integration of existing security standards such as XML encryption or XML signature or SAML but will also aids future developments like Trusted Platforms

More Related Content

PPTX
CyberArk
byJimmy Sze
 
PDF
ERP Security. Myths, Problems, Solutions
byERPScan
 
PDF
What CISOs should know about SAP security
byERPScan
 
PPTX
Con8813 securing privileged accounts with an integrated idm solution - final
byOracleIDM
 
PDF
EPV_PCI DSS White Paper (3) Cyber Ark
byErni Susanti
 
PPT
Sap Security Assessment V3 English
byguest5bd7a1
 
PDF
Managing privileged account security
byRaleigh ISSA
 
PPTX
SIEM Primer:
byAnton Chuvakin
 
CyberArk
byJimmy Sze
 
ERP Security. Myths, Problems, Solutions
byERPScan
 
What CISOs should know about SAP security
byERPScan
 
Con8813 securing privileged accounts with an integrated idm solution - final
byOracleIDM
 
EPV_PCI DSS White Paper (3) Cyber Ark
byErni Susanti
 
Sap Security Assessment V3 English
byguest5bd7a1
 
Managing privileged account security
byRaleigh ISSA
 
SIEM Primer:
byAnton Chuvakin
 

What's hot

PDF
Effective Cyber Security – the difference between “point in time” and “period...
byakquinet enterprise solutions GmbH
 
PDF
Implementing SAP security in 5 steps
byERPScan
 
PDF
Incident Response and SAP Systems
byOnapsis Inc.
 
PPTX
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
byLance Peterman
 
PPTX
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
byAnton Chuvakin
 
PPTX
Implementing and Running SIEM: Approaches and Lessons
byAnton Chuvakin
 
PDF
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
byRisk Analysis Consultants, s.r.o.
 
PDF
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
byRyan Gallavin
 
PPTX
Privileged Access Management (PAM)
bydanb02
 
PPTX
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
byakquinet enterprise solutions GmbH
 
PDF
SIEM vs Log Management - Data Security Solutions 2011
byAndris Soroka
 
PDF
Secure Management of Privileged Passwords
byHitachi ID Systems, Inc.
 
PDF
Privileged identity management
byNis
 
PDF
SIEM enabled risk management , SOC and GRC v1.0
byRasmi Swain
 
PPTX
QRadar, ArcSight and Splunk
byM sharifi
 
PDF
Why your works council has nothing to fear from SAP security. [Webinar]
byakquinet enterprise solutions GmbH
 
PDF
SAP security landscape. How to protect(hack) your(their) big business
byERPScan
 
PDF
SAST Authorization Management: How to integrate your SoD analysis into the SA...
byakquinet enterprise solutions GmbH
 
PPTX
Information Security: Advanced SIEM Techniques
byReliaQuest
 
PPTX
Owasp Proactive Controls for Web developer
bySameer Paradia
 
Effective Cyber Security – the difference between “point in time” and “period...
byakquinet enterprise solutions GmbH
 
Implementing SAP security in 5 steps
byERPScan
 
Incident Response and SAP Systems
byOnapsis Inc.
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
byLance Peterman
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
byAnton Chuvakin
 
Implementing and Running SIEM: Approaches and Lessons
byAnton Chuvakin
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
byRisk Analysis Consultants, s.r.o.
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
byRyan Gallavin
 
Privileged Access Management (PAM)
bydanb02
 
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
byakquinet enterprise solutions GmbH
 
SIEM vs Log Management - Data Security Solutions 2011
byAndris Soroka
 
Secure Management of Privileged Passwords
byHitachi ID Systems, Inc.
 
Privileged identity management
byNis
 
SIEM enabled risk management , SOC and GRC v1.0
byRasmi Swain
 
QRadar, ArcSight and Splunk
byM sharifi
 
Why your works council has nothing to fear from SAP security. [Webinar]
byakquinet enterprise solutions GmbH
 
SAP security landscape. How to protect(hack) your(their) big business
byERPScan
 
SAST Authorization Management: How to integrate your SoD analysis into the SA...
byakquinet enterprise solutions GmbH
 
Information Security: Advanced SIEM Techniques
byReliaQuest
 
Owasp Proactive Controls for Web developer
bySameer Paradia
 

Similar to Security concerns in web erp

PDF
Sap basis and_security_administration
byAnil Kumar Reddy Cheppalli
 
PDF
Iia los angeles sap security presentation
byhkodali
 
PDF
Sap
byabhishek sharma
 
DOCX
SAP Security important Questions
byRagu M
 
PPTX
Week Topic Code Access vs Event Based.pptx
byArjayBalberan1
 
PPT
ERP MARKET presentation based on enterprise.ppt
byShivaniSharma335055
 
DOCX
brief history of SAP and ERP.docx
byAhmedSeid38
 
PPTX
SAP Overview and Architecture
byAnkit Sharma
 
PPT
Study of SAP R3 architecture
bySapFico Training
 
PDF
Practical SAP pentesting (B-Sides San Paulo)
byERPScan
 
PDF
How vulnerable are you to insider attacks?.pdf
byudayamosol9
 
PPTX
SAP Security & GRC Framework
byHarish Sharma
 
PDF
SAP BI Security Features
bydw_anil
 
PDF
An expert guide to new sap bi security features
byShazia_Sultana
 
PPT
Sapbasic
byMandeep SINGH
 
PPT
Sap overview posted by Parikshit Sanghavi
byParikshit Sanghavi
 
PPT
Erp sap r3 overview introduction
byBunty Jain
 
PDF
2022 apidays LIVE Helsinki & North_Future proofing API Security
byapidays
 
PPT
ERP MARKET document file for students .ppt
byharshchauhan18septem
 
PPTX
The Holy Grail of IAM: Getting to Grips with Authorization
byDavid Brossard
 
Sap basis and_security_administration
byAnil Kumar Reddy Cheppalli
 
Iia los angeles sap security presentation
byhkodali
 
Sap
byabhishek sharma
 
SAP Security important Questions
byRagu M
 
Week Topic Code Access vs Event Based.pptx
byArjayBalberan1
 
ERP MARKET presentation based on enterprise.ppt
byShivaniSharma335055
 
brief history of SAP and ERP.docx
byAhmedSeid38
 
SAP Overview and Architecture
byAnkit Sharma
 
Study of SAP R3 architecture
bySapFico Training
 
Practical SAP pentesting (B-Sides San Paulo)
byERPScan
 
How vulnerable are you to insider attacks?.pdf
byudayamosol9
 
SAP Security & GRC Framework
byHarish Sharma
 
SAP BI Security Features
bydw_anil
 
An expert guide to new sap bi security features
byShazia_Sultana
 
Sapbasic
byMandeep SINGH
 
Sap overview posted by Parikshit Sanghavi
byParikshit Sanghavi
 
Erp sap r3 overview introduction
byBunty Jain
 
2022 apidays LIVE Helsinki & North_Future proofing API Security
byapidays
 
ERP MARKET document file for students .ppt
byharshchauhan18septem
 
The Holy Grail of IAM: Getting to Grips with Authorization
byDavid Brossard
 

More from Manoj Jhawar

PPTX
Kesco turnaround
byManoj Jhawar
 
PPTX
strategic management
byManoj Jhawar
 
PPTX
postponement in supplychain
byManoj Jhawar
 
PPTX
NERD club IIT kanpur
byManoj Jhawar
 
PPTX
Restaurant Project
byManoj Jhawar
 
PPTX
Cloud ppt
byManoj Jhawar
 
PPTX
Library management
byManoj Jhawar
 
PPTX
Review of Indian coal sector
byManoj Jhawar
 
PPTX
USA aviation Industry
byManoj Jhawar
 
PPTX
Presentation club
byManoj Jhawar
 
PPTX
Presentation club formation
byManoj Jhawar
 
PPTX
Presentation opc by manoj
byManoj Jhawar
 
DOCX
Guest lecture on project management
byManoj Jhawar
 
PPTX
Excel
byManoj Jhawar
 
PPTX
Financial ratio analysis hdfc bank new
byManoj Jhawar
 
PPTX
Computer center lab
byManoj Jhawar
 
Kesco turnaround
byManoj Jhawar
 
strategic management
byManoj Jhawar
 
postponement in supplychain
byManoj Jhawar
 
NERD club IIT kanpur
byManoj Jhawar
 
Restaurant Project
byManoj Jhawar
 
Cloud ppt
byManoj Jhawar
 
Library management
byManoj Jhawar
 
Review of Indian coal sector
byManoj Jhawar
 
USA aviation Industry
byManoj Jhawar
 
Presentation club
byManoj Jhawar
 
Presentation club formation
byManoj Jhawar
 
Presentation opc by manoj
byManoj Jhawar
 
Guest lecture on project management
byManoj Jhawar
 
Excel
byManoj Jhawar
 
Financial ratio analysis hdfc bank new
byManoj Jhawar
 
Computer center lab
byManoj Jhawar
 

Recently uploaded

PDF
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
PPTX
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
PPTX
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
PDF
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
PDF
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
PDF
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 
PPT
Waste water treatment plant operation and maintenance
byDuggineniRamakrishna
 
PDF
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
PDF
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
PPTX
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
PPTX
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
PDF
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
PDF
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
PDF
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
PDF
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
PPTX
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
PPTX
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
PDF
Using Change Data Capture (CDC) to Ingest Data into Apache Kafka
byGiovanni Marigi
 
PDF
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
Unit 1 Introduction of Computer Networks
bySuvarnaSharma5
 
Visual Foxpro-VFP9-Access-Report-Variable-Outside-the-report.pptx
bymanojbkalla
 
Top 10 Dedicated Server Providers in Stockholm (Updated Edition).pdf
byAtal Networks
 
Presentation on Four Stroke Engine of Ic engine
bySonam Sherpa
 
Chapter 2 Computer Threat .pdf
byGetnet Tigabie Askale -(GM)
 
Higgsfield AI: The New Way to Create Cinematic Video
bytechnologyupside
 
Waste water treatment plant operation and maintenance
byDuggineniRamakrishna
 
SEO in Charleston SC | Local SEO Strategies to Grow Your Business.pdf
bycustomdigitalsolutio1
 
65 AI-related Posts Catalog https://tinyurl.com/mpavkr8z
byBob Marcus
 
Software Tools for penetration Testing (1).pptx
byAmosCheruiyot13
 
Lecture 04. about Black heads and Hackerss.pptx
byvinocol222
 
Purple Team - Active Directory and AzureAD v1
byVICTOR MAESTRE RAMIREZ
 
The Cost of Missing Critical Connections in Data - Suspicious Behavior Detect...
byEnterprise Knowledge
 
Intro to CrafterQ - AI Agent Platform for the Enterprise.pdf
byCrafterQ
 
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
IBM_NEXA_DAC2021 NEXA, a cloud-native platform for collaborative hardware log...
byArun Joseph
 
KTU-PEMET413 -MODULE 2-POLYMER MATRIX COMPOSITES - LECTURE 1.pptx
byVINAY B
 
Using Change Data Capture (CDC) to Ingest Data into Apache Kafka
byGiovanni Marigi
 
Effective Ai powered mock interview .pdf
byamazingnishusingh766
 

Security concerns in web erp

  • 1.
    Security concerns inWeb ERP Manoj Jhawar MBA 2nd year 12125027
  • 2.
    Overview • ERP isexperiencing the transformation that will make it much more intelligent, collaborative, web enabled, highly integrated may become wireless • ERP solutions worked upon common use of distributed application which causes security problems
  • 3.
    Security issues • • • • • • Physical Security TransmissionSecurity Storage Security Access Security Data Security Application Security
  • 4.
    Several security problemsare • • • • • • • Resource protection Data confidentiality Data integrity Authentication of user Non repudiation of transaction Reliability of user Anonymity of user
  • 5.
    ERP Architecture • Integration—variouscomponents are integrated and seamless data flow occurs between components to collaborate as a single function. • Flexible—system is flexible, compatible and expandable with the old systems, changes to the business processes and strategies are easy to accomplish. • Real-time—different components works in online, real time and batch processing modes should be presented. • Componentization—different business functional requirement are designed as different components. • Tailorable—system should be simply configured according to the enterprise’s requirements.
  • 6.
    3 tier Architecture • • • 1.Front layer of Presentation Layer: A combined Graphical User Interface (GUI) or any browser that collects data, generates requests, and proceeds the results back to the user. 2. Middle layer of Application: Application programs that collects the requirements from the Presentation layer and further routes the request based on the business function, rules or logic. 3. Database Layer (Back): Data Base Management Systems that manages the business and operational data throughout the entire enterprise.
  • 7.
    Current security solutionsin ERP • Role-Based Access Control – – – – Roles Permissions Users Constraints
  • 8.
    Security in SAP/R3 •Authorization object- This represents the authorization concept and consists of some authorization fields. • Authorization- This is an instance of one authorization object and defines permitted value range of each authorization field of the authorization object. • Authorization profile- This contains some authorizations which are assigned to the user by an administrator. • Authorization check- This is used to protect the transactions or data we choose and is embedded in program logic. When authorization check is performed then authorization profile will be used for comparing the required values needed to run the specific transaction. • User master record- This enables the users to log on to R/3 system and grant limited entry to the transactions and data. • Profile generator- This is the component which helps the administrators create, generate, and assign authorization profiles using activity groups and user
  • 9.
    Diagram of SAPR/3 Authorization
  • 10.
    Open security Model • • • 1.XML encryption 2. XML signature 3. SAMLconfiguration parameters. Constructing a new security layer and connecting it into the already existing architecture, requires considering different provision of individual security needs Appropriate profile processor is able to audit all incoming messages for security fulfillments on the own security profile and also to extend all outgoing messages according to the security policy of remote peer.
  • 11.
    Future security features •Intelligent • Knowledgebased • Heterogeneous • Collaborative • Wireless
  • 12.
    Conclusion • Existing securitysolutions like RBAC or SAP R/3 are based on the features of the current ERP system and since ERP reveals more and more new features that may be supported in the future, present security mechanism needs to be retrofitted and new security issues have to be identified • In open security model proposed above we see that the division of transport data and content is the key-note area of the introduced security model • The prefixed article builds an open architecture which will not only considers the integration of existing security standards such as XML encryption or XML signature or SAML but will also aids future developments like Trusted Platforms