{"id":191,"date":"2016-06-08T14:00:45","date_gmt":"2016-06-08T13:00:45","guid":{"rendered":"http:\/\/akquinet-security-en.blog\/?p=191"},"modified":"2020-07-24T11:03:57","modified_gmt":"2020-07-24T09:03:57","slug":"unprotected-interfaces-are-attractive-targets-for-attackers","status":"publish","type":"post","link":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/","title":{"rendered":"Unprotected interfaces are attractive Targets for attackers."},"content":{"rendered":"

\"shutterstock_331648835_akqw_jpg\"Analyze the RFC interfaces of your SAP Systems.<\/strong><\/span><\/p>\n

SAP interfaces are often not considered when SAP systems are protected. Therefore, they remain unprotected and provide attractive targets for attackers. <\/span><\/p>\n

Experience from numerous SAP security audits and penetration tests for SAP systems <\/a> shows repeatedly that, in almost every SAP system checked, unprotected interfaces exist that could allow attackers direct access to your SAP Systems.<\/span><\/p>\n

<\/span><\/p>\n

How to keep\u00a0the overview:<\/span><\/p>\n

1. Analysis<\/strong><\/span>
\nComplex system environments and SAP systems that have a large number of interfaces, such as SAP Solution Manager, as appropriate for operational scenarios quickly become confusing with regards to their communication requirements with other upstream or downstream systems. This situation tends to become even less transparent over the course of a system life cycle.<\/span>
\nFor a comprehensive analysis, it is necessary to carry out a fundamental baseline inventory of the current interface relationships within a customer\u2019s system landscape. In the results, there is a list of interfaces that must be evaluated according to various considerations regarding their actual operational necessity and security.<\/span><\/p>\n

2. Inventory
\n<\/b>Are the determined interfaces actually relevant for operations and do they work properly? In this case, it may be necessary to remove incorrect connections and legacy systems that came to exist via test scenarios, upgrades, and so on.<\/span><\/p>\n

3. Configuration
\n<\/b>The remaining interfaces must be analyzed with regard to their completion and security aspects (such as user\/authorization assignments and trust).<\/span><\/p>\n

4. System hardening
\n<\/b>The determined vulnerabilities must be removed, and the documentation concerned (for example, an authorization concept) must be adjusted. Settings of dependent components, such as RFC Gateway, also must be adjusted.<\/span><\/p>\n

Take advantage of our experience\u00a0and let us advise you: knowhow@akquinet.de<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

SAP interfaces are often not considered when SAP systems are protected. Therefore, they remain unprotected and provide attractive targets for attackers.
\nExperience from numerous SAP security audits and penetration tests for SAP systems shows repeatedly that, in almost every SAP system checked, unprotected interfaces exist that could allow attackers direct access to your SAP Systems.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[52,61,97,114],"class_list":["post-191","post","type-post","status-publish","format-standard","hentry","category-sap-security","tag-penetration-testing","tag-rfc-interface","tag-sap-audit","tag-threat-detection"],"yoast_head":"\nUnprotected interfaces are attractive Targets for attackers.<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Unprotected interfaces are attractive Targets for attackers.\" \/>\n<meta property=\"og:description\" content=\"SAP interfaces are often not considered when SAP systems are protected. Therefore, they remain unprotected and provide attractive targets for attackers. Experience from numerous SAP security audits and penetration tests for SAP systems shows repeatedly that, in almost every SAP system checked, unprotected interfaces exist that could allow attackers direct access to your SAP Systems.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/\" \/>\n<meta property=\"og:site_name\" content=\"SAST BLOG\" \/>\n<meta property=\"article:published_time\" content=\"2016-06-08T13:00:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-07-24T09:03:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2017\/01\/shutterstock_331648835_akqw_jpg.jpg\" \/>\n<meta name=\"author\" content=\"securityblog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"securityblog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2016\\\/06\\\/08\\\/unprotected-interfaces-are-attractive-targets-for-attackers\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2016\\\/06\\\/08\\\/unprotected-interfaces-are-attractive-targets-for-attackers\\\/\"},\"author\":{\"name\":\"securityblog\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#\\\/schema\\\/person\\\/cd70e3749cca136a7e8a37dc1d3cfc26\"},\"headline\":\"Unprotected interfaces are attractive Targets for attackers.\",\"datePublished\":\"2016-06-08T13:00:45+00:00\",\"dateModified\":\"2020-07-24T09:03:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2016\\\/06\\\/08\\\/unprotected-interfaces-are-attractive-targets-for-attackers\\\/\"},\"wordCount\":285,\"publisher\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2016\\\/06\\\/08\\\/unprotected-interfaces-are-attractive-targets-for-attackers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sast-blog.akquinet.com\\\/wp-content\\\/uploads\\\/2017\\\/01\\\/shutterstock_331648835_akqw_jpg.jpg\",\"keywords\":[\"Penetration Testing\",\"RFC Interface\",\"SAP Audit\",\"Threat Detection\"],\"articleSection\":[\"SAP Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2016\\\/06\\\/08\\\/unprotected-interfaces-are-attractive-targets-for-attackers\\\/\",\"url\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2016\\\/06\\\/08\\\/unprotected-interfaces-are-attractive-targets-for-attackers\\\/\",\"name\":\"Unprotected interfaces are attractive Targets for attackers.\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2016\\\/06\\\/08\\\/unprotected-interfaces-are-attractive-targets-for-attackers\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2016\\\/06\\\/08\\\/unprotected-interfaces-are-attractive-targets-for-attackers\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/sast-blog.akquinet.com\\\/wp-content\\\/uploads\\\/2017\\\/01\\\/shutterstock_331648835_akqw_jpg.jpg\",\"datePublished\":\"2016-06-08T13:00:45+00:00\",\"dateModified\":\"2020-07-24T09:03:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2016\\\/06\\\/08\\\/unprotected-interfaces-are-attractive-targets-for-attackers\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2016\\\/06\\\/08\\\/unprotected-interfaces-are-attractive-targets-for-attackers\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2016\\\/06\\\/08\\\/unprotected-interfaces-are-attractive-targets-for-attackers\\\/#primaryimage\",\"url\":\"https:\\\/\\\/sast-blog.akquinet.com\\\/wp-content\\\/uploads\\\/2017\\\/01\\\/shutterstock_331648835_akqw_jpg.jpg\",\"contentUrl\":\"https:\\\/\\\/sast-blog.akquinet.com\\\/wp-content\\\/uploads\\\/2017\\\/01\\\/shutterstock_331648835_akqw_jpg.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/2016\\\/06\\\/08\\\/unprotected-interfaces-are-attractive-targets-for-attackers\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Unprotected interfaces are attractive Targets for attackers.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#website\",\"url\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/\",\"name\":\"SAST BLOG\",\"description\":\"SAP Security & Compliance\",\"publisher\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#organization\",\"name\":\"SAST BLOG\",\"url\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/sast-solutions-logo.png\",\"contentUrl\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/wp-content\\\/uploads\\\/2021\\\/03\\\/sast-solutions-logo.png\",\"width\":358,\"height\":155,\"caption\":\"SAST BLOG\"},\"image\":{\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sast-solutions.com\\\/blog-en\\\/#\\\/schema\\\/person\\\/cd70e3749cca136a7e8a37dc1d3cfc26\",\"name\":\"securityblog\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Unprotected interfaces are attractive Targets for attackers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/","og_locale":"en_US","og_type":"article","og_title":"Unprotected interfaces are attractive Targets for attackers.","og_description":"SAP interfaces are often not considered when SAP systems are protected. Therefore, they remain unprotected and provide attractive targets for attackers. Experience from numerous SAP security audits and penetration tests for SAP systems shows repeatedly that, in almost every SAP system checked, unprotected interfaces exist that could allow attackers direct access to your SAP Systems.","og_url":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/","og_site_name":"SAST BLOG","article_published_time":"2016-06-08T13:00:45+00:00","article_modified_time":"2020-07-24T09:03:57+00:00","og_image":[{"url":"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2017\/01\/shutterstock_331648835_akqw_jpg.jpg","type":"","width":"","height":""}],"author":"securityblog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"securityblog","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/#article","isPartOf":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/"},"author":{"name":"securityblog","@id":"https:\/\/sast-solutions.com\/blog-en\/#\/schema\/person\/cd70e3749cca136a7e8a37dc1d3cfc26"},"headline":"Unprotected interfaces are attractive Targets for attackers.","datePublished":"2016-06-08T13:00:45+00:00","dateModified":"2020-07-24T09:03:57+00:00","mainEntityOfPage":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/"},"wordCount":285,"publisher":{"@id":"https:\/\/sast-solutions.com\/blog-en\/#organization"},"image":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/#primaryimage"},"thumbnailUrl":"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2017\/01\/shutterstock_331648835_akqw_jpg.jpg","keywords":["Penetration Testing","RFC Interface","SAP Audit","Threat Detection"],"articleSection":["SAP Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/","url":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/","name":"Unprotected interfaces are attractive Targets for attackers.","isPartOf":{"@id":"https:\/\/sast-solutions.com\/blog-en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/#primaryimage"},"image":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/#primaryimage"},"thumbnailUrl":"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2017\/01\/shutterstock_331648835_akqw_jpg.jpg","datePublished":"2016-06-08T13:00:45+00:00","dateModified":"2020-07-24T09:03:57+00:00","breadcrumb":{"@id":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/#primaryimage","url":"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2017\/01\/shutterstock_331648835_akqw_jpg.jpg","contentUrl":"https:\/\/sast-blog.akquinet.com\/wp-content\/uploads\/2017\/01\/shutterstock_331648835_akqw_jpg.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/sast-solutions.com\/blog-en\/2016\/06\/08\/unprotected-interfaces-are-attractive-targets-for-attackers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sast-solutions.com\/blog-en\/"},{"@type":"ListItem","position":2,"name":"Unprotected interfaces are attractive Targets for attackers."}]},{"@type":"WebSite","@id":"https:\/\/sast-solutions.com\/blog-en\/#website","url":"https:\/\/sast-solutions.com\/blog-en\/","name":"SAST BLOG","description":"SAP Security & Compliance","publisher":{"@id":"https:\/\/sast-solutions.com\/blog-en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sast-solutions.com\/blog-en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/sast-solutions.com\/blog-en\/#organization","name":"SAST BLOG","url":"https:\/\/sast-solutions.com\/blog-en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/sast-solutions.com\/blog-en\/#\/schema\/logo\/image\/","url":"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2021\/03\/sast-solutions-logo.png","contentUrl":"https:\/\/sast-solutions.com\/blog-en\/wp-content\/uploads\/2021\/03\/sast-solutions-logo.png","width":358,"height":155,"caption":"SAST BLOG"},"image":{"@id":"https:\/\/sast-solutions.com\/blog-en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/sast-solutions.com\/blog-en\/#\/schema\/person\/cd70e3749cca136a7e8a37dc1d3cfc26","name":"securityblog"}]}},"_links":{"self":[{"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/posts\/191","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/comments?post=191"}],"version-history":[{"count":1,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/posts\/191\/revisions"}],"predecessor-version":[{"id":1327,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/posts\/191\/revisions\/1327"}],"wp:attachment":[{"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/media?parent=191"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/categories?post=191"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sast-solutions.com\/blog-en\/wp-json\/wp\/v2\/tags?post=191"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}