viernes, 11 de marzo de 2011

SAP Security In-Depth Volume III: The Silent Threat - SAP Backdoors and Rootkits

New SAP Security In-Depth issue released!

In this volume, "The Silent Threat: SAP Backdoors and Rootkits". Learn how cyber-attackers can attack your business processes to understand how to stop them!



Abstract
Backdoors and rootkits have existed for a long time. From PCI cards to the most modern operating systems, almost every system is susceptible of being attacked and modified to hold a malicious program that will secure future access for the attacker and even perform unauthorized activities, while trying to remain undetected.
As SAP business solutions run the most critical business information and processes in the organization, a backdoor in this platform would imply severe impacts for the business. If the organization is not securing its systems properly, it would be possible for a remote, anonymous attacker to perform continuous espionage, fraud and sabotage attacks through the injection of a backdoor or rootkit in the SAP platform.
This publication analyzes some of the different attack vectors that malicious parties can use to try to inject backdoors and rootkits in the SAP platform, in order to understand which are the necessary protection measures that need to be implemented to protect the business crown jewels.



What is the SAP Security In-Depth Publication?
Until these days, SAP security keeps being regarded as a synonym of Segregation of Duties (SoD) or security of roles and profiles by most part of the professional community. While this kind of security is mandatory and of absolute importance, there are many threats that have been so far overlooked by the Auditing and Information Security industries and entail much higher levels of business fraud risk.





 


 

No hay comentarios: