Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
CYBERSECURITY
INFORMATION AGE
• Disruptive Technology
• Ability to change existing business models.
• Allow you to do something better, faster, and cheaper.
• Internet is a major example.
• e-Commerce, e-Banking, e-Book, Social Media
• Netflix versus Blockbusters.
• Borders versus Amazon.
• With the advancement of PCs, tablets, smart phones and
computers in every devices => IOT. More funs with Blockchain &
AI over coming years
WHAT DOES IT MEAN TO US
• Go Digital
• Can be trade secret or sensitive financial or personnel info which can affect our stock
price or market value/ reputation or safety.
• SAP ERP
• A familiar name in town – used by major agencies such as Defence, DHS (Services
Australia), Finance, Home Affairs, ATO, DFAT for delivering services from corporate
functions to revenue collection to disbursements. Critical to what we do! DTA signed WoG
contractual agreement
with SAP Australia on 29
• Rely on SAP platforms to handle their most critical business processes and information. September 2017.
Any criminal cyber attacks seeking to conduct espionage, sabotage, or financial
fraud, knows that these systems contain the jewels in the crown.
BUSINESS CRITICAL
• Confidentiality
• Access to customers, vendors, HR, Finance (P&L, Balance
sheet)
• Integrity Data
• Alter information on Purchase orders, create new vendors and
bank account numbers etc.
• Availability
• Bring down SAP systems, interfaces with other systems
(customers, vendors) and sabotage critical information
A LITTLE BIT ABOUT SAP ERP
• Released in 2006
• Interesting statistics
• Mid-sized companies (fewer than 1,000 employees) SAP Modules & Architecture snapshot
Ariba
Concur
• Statement
• Most SAP Security settings are left by default and many of the default settings are not
secure.
• Rush for delivery and deadlines.
• Many SAP systems out there are not secure.
• SoD is necessary but it is not enough
If an attacker breaks into it, all the connected system will be compromised.
RFC
• Used to call function modules on
remote systems.
• Can be called remotely and
anonymously by default.
• Traffic sniffing
• SAP Port scanning
• Most port use a fixed
range of ports.
• Common ports: 32XX,3299
• SAP GUI configurations
Returns of info about remote SAP
Protection Application Server using
• Restrict connections to the RFC_SYSTEM_INFO function module
Public Info
• Existence of default SAP user accounts
• Many are configured with high privileged
profiles.
• Also, many SAP web portal available. Just
Google search “/bc/gui/sap”
Protection
• Default users must be secured.
• SAP* should be deactivated.
• Use report RSUSR003 to check default user
status.
COMPLETE SAP ON AWS
HYBRID SAP ON AWS
CONNECT SAP SYSTEMS WITH SIEM
Responsibility
• At country level, law enforcement bodies, GDPR
• At organisation level, collectively using policies, procedures, tech tools & applicable laws
under respective jurisdictions, PCI DSS, HIPAA
• At individual, education and training awareness in line with applicable legislations and
latest cybersecurity trends