Further. Forward. Faster.

Security Guide for SAP on

SQL Server 2012
Authors
Cameron Gardiner, Microsoft Senior Program Manager SAP
Technical Reviewers
John Knie, Eddie Teng
Published
May 2012
Applies To
SAP NetWeaver 7.0 (SR3) and above
Summary
This white paper discusses how to secure SAP on SQL Server. This document also
proposes a techniques to secure SAP on SQL Server in a step by step guide. The
document also compares UNIX patching requirements to Windows patching.

DISCLAIMER
This document may discuss sample coding or other information that does not include SAP official
interfaces and therefore is not supported by SAP. Changes made based on this information are not
supported and can be overwritten during an upgrade.
SAP will not be held liable for any damages caused by using or misusing the information, code or methods
suggested in this document, and anyone using these methods does so at his/her own risk.
SAP offers no guarantees and assumes no responsibility or liability of any type with respect to the content
of this technical article or code sample, including any liability resulting from incompatibility between the
content within this document and the materials and services offered by SAP. You agree that you will not
hold, or seek to hold, SAP responsible or liable with respect to the content of this document.
The information contained in this document represents the current view of Microsoft Corporation on the
issues discussed as of the date of publication. Because Microsoft must respond to changing market
conditions, the information presented herein should not be interpreted to be a commitment on the part of
Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of
publication.
This white paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights
under copyright, no part of this document may be reproduced, stored in, or introduced into a retrieval
system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these patents,
trademarks, copyrights, or other intellectual property.
Unless otherwise noted, the example companies, organizations, products, domain names, e-mail
addresses, logos, people, places, and events depicted herein are fictitious, and no association with any
real company, organization, product, domain name, e-mail address, logo, person, place, or event is
intended or should be inferred.
2012 Microsoft Corporation. All rights reserved.
Microsoft, the Microsoft logo, Hyper-V, SQL Server, Windows, Windows Server, and other product names
are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other
countries.
All other trademarks are property of their respective owners.

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000

Sun/Oracle
IBM
Hewlett-Packard

200,000
100,000
0
2004 2005
of Contents
2006Table
2007 2008
2009 2010
2011

Table of Contents..............................................................3
1............................................................................. Executive Summary
........................................................................................6
2........................................................ Microsoft and SAP Partnership
........................................................................................8

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000
200,000

Sun/Oracle
IBM
Hewlett-Packard

100,000
0
3......................................... SAP Solution Security Implementation
2004
2005 2006
......................................................................................10
2007 2008
2009 2010
3.1.........................................................................................
SECURITY LAYERS
2011

.................................................................................................................. 10
3.2....................................................MINIMUM WINDOWS RELEASE PREREQUISITES
.................................................................................................................. 10
3.3.............................................................................SECURITY IMPLEMENTATION
.................................................................................................................. 11
3.3.1........................Step 1 Create Dedicated SAP Management Station(s)
.................................................................................................................. 11
3.3.2..................Step 2 Isolate SAP backend systems in a dedicated VLAN
.................................................................................................................. 13

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000
200,000

Sun/Oracle
IBM
Hewlett-Packard

100,000
0
3.3.3..............................................Step 3 Close all inbound non-SAP ports
2004
2005 2006
..................................................................................................................
13
2007 2008
3.3.4.......................................................Step
2009 2010 4 Close Web outbound ports
2011
..................................................................................................................
15
3.3.5...................................Step 5 Change Windows Terminal Services Port
.................................................................................................................. 16
3.3.6...............................................Step 6 Use Terminal Services Client 6.0
.................................................................................................................. 16
3.3.7.....................Step 7 Create dedicated SAP Active Directory Container
.................................................................................................................. 16
3.3.7.1Create Development, management station, QAS and production subcontainers.................................................................................................16

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000
200,000

Sun/Oracle
IBM
Hewlett-Packard

100,000
0
3.3.7.2.................................................Enable Policy block on SAP container
2004
2005 2006
..................................................................................................................
17
2007 2008
3.3.8........................Step
8 - Create
policy for the SAP servers using SCW
2009 a2010
2011
..................................................................................................................
18
3.3.8.1...............................................Windows firewall and network settings
.................................................................................................................. 22
3.3.8.2..................................................................Uninstall Internet Explorer
.................................................................................................................. 25
3.3.8.3.................................................Check system auditing configuration
.................................................................................................................. 25
3.3.9. . .Step 9 Move Management Station & SAP Servers to AD Containers
.................................................................................................................. 26

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000
200,000

Sun/Oracle
IBM
Hewlett-Packard

100,000
0
3.3.10.....Step 10 Apply Policies to Management Station & SAP Containers
2004
2005 2006
..................................................................................................................
26
2007 2008
3.3.11.........Step 11 Rename
local administrator
account
using
a
function
2009
2010 2011
..................................................................................................................
26
3.3.12..........Step 12 Remove Domain Admins and all other user accounts
.................................................................................................................. 27
3.3.13.......................................................Step 13 MS SQL Server Security
.................................................................................................................. 27
3.3.13.1...................................................SQL Server Security Configuration
27
3.3.13.2.................................Use of scripts & direct access to the database
28

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000
200,000

Sun/Oracle
IBM
Hewlett-Packard

100,000
0
3.3.13.3..................Security Requirements for SQL Server Service Accounts
2004
282005 2006 2007
2008 2009
3.3.13.4............................................................................Admin
Connection
2010 2011
29
3.3.14...............................................Step 14 Secure SAP Service Accounts
.................................................................................................................. 29
3.3.14.1 Validate & Adjust DOMAIN\<sid>adm & DOMAIN\SAPService<SID>
security..................................................................................................... 30
3.3.15................................................................Web Dispatcher & SAP MMC
.................................................................................................................. 30
3.3.16...................................................Step Physical Data Centre Security
.................................................................................................................. 30

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000
200,000

Sun/Oracle
IBM
Hewlett-Packard

100,000
0
3.3.17.....................................................Windows Server Core Deployments
2004
2005 2006
..................................................................................................................
30
2007 2008
2009 2010
4.........A Scientific Comparison of AIX,2011
HPUX, Solaris, Linux &
Windows Server Security Vulnerabilities...........................32

4.1......................WINDOWS PLATFORM IN COMPARISON TO UNIX SECURITY - REALITY

.................................................................................................................. 32
4.1.1...........................................Security Threats Internal versus External
.................................................................................................................. 32
4.1.1.1.................................................................................External Threats
.................................................................................................................. 33
4.1.1.2..................................................................................Internal Threats
.................................................................................................................. 33

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000
200,000

Sun/Oracle
IBM
Hewlett-Packard

100,000
0
4.1.1.3.................................................................................3rd Party Threats
2004
2005 2006
..................................................................................................................
34
2007 2008
4.1.2.......Desktop versus
Server
Server
Patching
versus
Desktop
Patching
2009
2010 2011
..................................................................................................................
34
4.1.3.............National Institute for Standards & Technology CVE Database
Comparisons.............................................................................................34
4.1.4..........................How to Assess the Impact of a Security Vulnerability?
.................................................................................................................. 37
4.1.4.1. Example: Integer overflow in cdd.dll in the Canonical Display Driver
(CDD)........................................................................................................ 38
4.1.5...................UNIX Patching vs. Windows Patching: Reboot Requirement
.................................................................................................................. 39

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000
200,000

Sun/Oracle
IBM
Hewlett-Packard

100,000
0
5.............................................................................. Patch Management
2004
2005 2006
......................................................................................42
2007 2008
2009 2010
5.1.........................................................M
ICROSOFT
2011WINDOWS SECURITY PATCHES

.................................................................................................................. 42
5.1.1......................................................................Security Patch Evaluation
.................................................................................................................. 42
5.1.1.1......Vulnerabilities in .NET Framework and Microsoft Silverlight Could
Allow Remote Code Execution (2651026)..................................................43
5.1.1.2.............Cumulative Security Update for Internet Explorer (2675157)
.................................................................................................................. 43
5.1.1.3 Vulnerability in Active Directory Could Allow Remote Code Execution
(2640045).................................................................................................44

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000
200,000

Sun/Oracle
IBM
Hewlett-Packard

100,000
0
5.1.1.4....Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote
2004
2005
2006 (2525694)........................................................................44
Code
Execution
2007 2008
2009 2010
5.2...............................................................................SAP
PATCHING STRATEGY
2011

.................................................................................................................. 47
5.2.1......................................Rolling Upgrades/Patching Reduces Downtime
.................................................................................................................. 47

6....................Auditing, Encryption & Additional Security Topics

......................................................................................48
6.1..................................................................................SECURE SOCKET LAYER
.................................................................................................................. 48

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000
200,000

Sun/Oracle
IBM
Hewlett-Packard

100,000
0
6.2.....................................................................TRANSPARENT DATA ENCRYPTION
2004
2005 2006
..................................................................................................................
48
2007 2008
2009 2010
6.2.1..............................................................................Key
Storage Devices
2011
..................................................................................................................
48
6.3..................................................................ADVANCED SQL SERVER AUDITING
.................................................................................................................. 48
6.3.1.........................................................New Features in SQL Server 2012
.................................................................................................................. 48
6.4.....................................................................................ANTI-VIRUS OPTIONS
.................................................................................................................. 48
6.5...............................................................BITLOCKER TO PROTECT BOOT DISKS
.................................................................................................................. 49

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000
200,000

Sun/Oracle
IBM
Hewlett-Packard

100,000
0
6.6............................................................................WINDOWS SINGLE SIGN ON
2004
2005 2006
..................................................................................................................
49
2007 2008
2009
6.7........................................................................................................
IPSEC
2010 2011
.................................................................................................................. 49
6.8.....................................................................................WINDOWS AUDITING
.................................................................................................................. 49
6.9.....................................................WINDOWS ATTACK SURFACE AREA ANALYSER
.................................................................................................................. 49

7................................................................................ Security Checklist

......................................................................................50

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000
200,000

Sun/Oracle
IBM
Hewlett-Packard

100,000
0
8............................................................................................... Appendix I
2004
2005 2006
......................................................................................52
2007 2008
2009 2010
2011
9.............................................................................................
Appendix II
......................................................................................54
9.1..................WINDOWS 2008 R2 VULNERABILITIES 3 MONTHS TO 17TH APRIL 2012
.................................................................................................................. 54
9.2.........................................AIX VULNERABILITIES 3 MONTHS TO APRIL 17TH 2012
.................................................................................................................. 55
9.3.............................................HP-UX VULNERABILITIES 3 MONTHS TO APRIL 17TH
.................................................................................................................. 56

Security Guide for SAP on SQL

Server

1 Executive Summary
ERP business executives & IT professionals are convinced that a Windows SQL Server
offers scalable, high performance and low Total Cost of Ownership solution for SAP
systems. One question that remains unanswered for some is How secure is SAP on
Windows and SQL Server?
This whitepaper demonstrates that the Microsoft Trustworthy Computing Initiative has
created a platform that is equal to or more secure than almost all UNIX based
alternatives. Security tools and utilities for the Microsoft platform are integrated in the
Microsoft platform as opposed to the expensive tools available for UNIX platforms that
lack the ease of use available in Windows tools.
This whitepaper is for Microsoft customers & partners who wish to secure their
business critical SAP applications. The document is designed to empower the reader
with the knowledge to secure an SAP on Windows SQL system. The procedures in this
document can be adapted to each customers unique landscape, requirements and
environment.
Securing SAP on Windows & SQL Server has become much more important since the
UNIX market has decreased significantly and more large multi-national companies run
their core business on Windows and SQL Server on commodity Intel platforms. In 2011
less than 2% of worldwide server sales were on UNIX platforms as customers
terminate investments into proprietary platforms.
Leading Industry Analyst Gartner reports that proprietary UNIX is losing share
dramatically and predicts a mass movement to commodity hardware. IDC shows
a sharp decline in worldwide shipments of proprietary UNIX servers across the
last decade (Figure 1). Figure 1: Worldwide server shipments: Solaris, AIX, HPUX server units
shipped per year

600,000
500,000
400,000
300,000
200,000

Sun/Oracle
IBM
Hewlett-Packard

100,000
0
10.......................................... Security Links and Online Resources
2004
2005 2006
......................................................................................58
2007 2008
2009 2010
10.1.......................................................................................M
ICROSOFT LINKS
2011

.................................................................................................................. 58
10.2................................................................................................ SAP LINKS
.................................................................................................................. 58
10.3............................................................................GENERAL SECURITY LINKS
.................................................................................................................. 58