SlideShare una empresa de Scribd logo

Security concerns in web erp

Descargar como PPTX, PDF
Manoj Jhawar
Manoj Jhawar

Modelling security concerns in Web ERP

Tecnología
1 de 12
Security concerns in Web ERP Manoj Jhawar MBA 2nd year 12125027
Overview • ERP is experiencing the transformation that will make it much more intelligent, collaborative, web enabled, highly integrated may become wireless • ERP solutions worked upon common use of distributed application which causes security problems
Security issues • • • • • • Physical Security Transmission Security Storage Security Access Security Data Security Application Security
Several security problems are • • • • • • • Resource protection Data confidentiality Data integrity Authentication of user Non repudiation of transaction Reliability of user Anonymity of user
ERP Architecture • Integration—various components are integrated and seamless data flow occurs between components to collaborate as a single function. • Flexible—system is flexible, compatible and expandable with the old systems, changes to the business processes and strategies are easy to accomplish. • Real-time—different components works in online, real time and batch processing modes should be presented. • Componentization—different business functional requirement are designed as different components. • Tailorable—system should be simply configured according to the enterprise’s requirements.
3 tier Architecture • • • 1. Front layer of Presentation Layer: A combined Graphical User Interface (GUI) or any browser that collects data, generates requests, and proceeds the results back to the user. 2. Middle layer of Application: Application programs that collects the requirements from the Presentation layer and further routes the request based on the business function, rules or logic. 3. Database Layer (Back): Data Base Management Systems that manages the business and operational data throughout the entire enterprise.
Current security solutions in ERP • Role-Based Access Control – – – – Roles Permissions Users Constraints
Security in SAP/R3 • Authorization object- This represents the authorization concept and consists of some authorization fields. • Authorization- This is an instance of one authorization object and defines permitted value range of each authorization field of the authorization object. • Authorization profile- This contains some authorizations which are assigned to the user by an administrator. • Authorization check- This is used to protect the transactions or data we choose and is embedded in program logic. When authorization check is performed then authorization profile will be used for comparing the required values needed to run the specific transaction. • User master record- This enables the users to log on to R/3 system and grant limited entry to the transactions and data. • Profile generator- This is the component which helps the administrators create, generate, and assign authorization profiles using activity groups and user
Diagram of SAP R/3 Authorization
Open security Model • • • 1. XML encryption 2. XML signature 3. SAMLconfiguration parameters. Constructing a new security layer and connecting it into the already existing architecture, requires considering different provision of individual security needs Appropriate profile processor is able to audit all incoming messages for security fulfillments on the own security profile and also to extend all outgoing messages according to the security policy of remote peer.
Future security features • Intelligent • Knowledgebased • Heterogeneous • Collaborative • Wireless
Conclusion • Existing security solutions like RBAC or SAP R/3 are based on the features of the current ERP system and since ERP reveals more and more new features that may be supported in the future, present security mechanism needs to be retrofitted and new security issues have to be identified • In open security model proposed above we see that the division of transport data and content is the key-note area of the introduced security model • The prefixed article builds an open architecture which will not only considers the integration of existing security standards such as XML encryption or XML signature or SAML but will also aids future developments like Trusted Platforms

Recomendados

ERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERPScan
 
What CISOs should know about SAP security
What CISOs should know about SAP securityWhat CISOs should know about SAP security
What CISOs should know about SAP securityERPScan
 
CyberArk
CyberArkCyberArk
CyberArkJimmy Sze
 
Con8813 securing privileged accounts with an integrated idm solution - final
Con8813 securing privileged accounts with an integrated idm solution - finalCon8813 securing privileged accounts with an integrated idm solution - final
Con8813 securing privileged accounts with an integrated idm solution - finalOracleIDM
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkErni Susanti
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 Englishguest5bd7a1
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 

Recomendados

ERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERP Security. Myths, Problems, Solutions
ERP Security. Myths, Problems, SolutionsERPScan
 
What CISOs should know about SAP security
What CISOs should know about SAP securityWhat CISOs should know about SAP security
What CISOs should know about SAP securityERPScan
 
CyberArk
CyberArkCyberArk
CyberArkJimmy Sze
 
Con8813 securing privileged accounts with an integrated idm solution - final
Con8813 securing privileged accounts with an integrated idm solution - finalCon8813 securing privileged accounts with an integrated idm solution - final
Con8813 securing privileged accounts with an integrated idm solution - finalOracleIDM
 
EPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkEPV_PCI DSS White Paper (3) Cyber Ark
EPV_PCI DSS White Paper (3) Cyber ArkErni Susanti
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 Englishguest5bd7a1
 
Managing privileged account security
Managing privileged account securityManaging privileged account security
Managing privileged account securityRaleigh ISSA
 
SIEM Primer:
SIEM Primer:SIEM Primer:
SIEM Primer:Anton Chuvakin
 
Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...akquinet enterprise solutions GmbH
 
Implementing SAP security in 5 steps
Implementing SAP security in 5 stepsImplementing SAP security in 5 steps
Implementing SAP security in 5 stepsERPScan
 
Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP SystemsOnapsis Inc.
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysRisk Analysis Consultants, s.r.o.
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...Ryan Gallavin
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...akquinet enterprise solutions GmbH
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 Andris Soroka
 
Secure Management of Privileged Passwords
Secure Management of Privileged PasswordsSecure Management of Privileged Passwords
Secure Management of Privileged PasswordsHitachi ID Systems, Inc.
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity managementNis
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0Rasmi Swain
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]akquinet enterprise solutions GmbH
 
SAP security landscape. How to protect(hack) your(their) big business
SAP security landscape. How to protect(hack) your(their) big businessSAP security landscape. How to protect(hack) your(their) big business
SAP security landscape. How to protect(hack) your(their) big businessERPScan
 
SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...akquinet enterprise solutions GmbH
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 
Cybercom Enhanced Security Platform
Cybercom Enhanced Security PlatformCybercom Enhanced Security Platform
Cybercom Enhanced Security Platformabelsonp
 
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Glen Roberts, CISSP
 

Más contenido relacionado

La actualidad más candente

Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...akquinet enterprise solutions GmbH
 
Implementing SAP security in 5 steps
Implementing SAP security in 5 stepsImplementing SAP security in 5 steps
Implementing SAP security in 5 stepsERPScan
 
Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP SystemsOnapsis Inc.
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Lance Peterman
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinAnton Chuvakin
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsAnton Chuvakin
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...Ryan Gallavin
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)danb02
 
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...akquinet enterprise solutions GmbH
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 Andris Soroka
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity managementNis
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0Rasmi Swain
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk M sharifi
 
Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]akquinet enterprise solutions GmbH
 
SAP security landscape. How to protect(hack) your(their) big business
SAP security landscape. How to protect(hack) your(their) big businessSAP security landscape. How to protect(hack) your(their) big business
SAP security landscape. How to protect(hack) your(their) big businessERPScan
 
SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...akquinet enterprise solutions GmbH
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesReliaQuest
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerSameer Paradia
 

La actualidad más candente (20)

Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...Effective Cyber Security – the difference between “point in time” and “period...
Effective Cyber Security – the difference between “point in time” and “period...
 
Implementing SAP security in 5 steps
Implementing SAP security in 5 stepsImplementing SAP security in 5 steps
Implementing SAP security in 5 steps
 
Incident Response and SAP Systems
Incident Response and SAP SystemsIncident Response and SAP Systems
Incident Response and SAP Systems
 
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015Privileged Access Management - Unsticking Your PAM Program - CIS 2015
Privileged Access Management - Unsticking Your PAM Program - CIS 2015
 
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton ChuvakinSo You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
So You Got That SIEM. NOW What Do You Do?  by Dr. Anton Chuvakin
 
Implementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and LessonsImplementing and Running SIEM: Approaches and Lessons
Implementing and Running SIEM: Approaches and Lessons
 
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for QualysQualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
QualysGuard InfoDay 2012 - Secure Digital Vault for Qualys
 
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
PIM, PAM, PUM: Best Practices for Unix/Linux Privileged Identity & Access Man...
 
Privileged Access Management (PAM)
Privileged Access Management (PAM)Privileged Access Management (PAM)
Privileged Access Management (PAM)
 
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
SAP HANA & S/4HANA: How hackers are compromising S/4HANA and how you can prot...
 
SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011 SIEM vs Log Management - Data Security Solutions 2011
SIEM vs Log Management - Data Security Solutions 2011
 
Secure Management of Privileged Passwords
Secure Management of Privileged PasswordsSecure Management of Privileged Passwords
Secure Management of Privileged Passwords
 
Privileged identity management
Privileged identity managementPrivileged identity management
Privileged identity management
 
SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0SIEM enabled risk management , SOC and GRC v1.0
SIEM enabled risk management , SOC and GRC v1.0
 
QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk QRadar, ArcSight and Splunk
QRadar, ArcSight and Splunk
 
Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]Why your works council has nothing to fear from SAP security. [Webinar]
Why your works council has nothing to fear from SAP security. [Webinar]
 
SAP security landscape. How to protect(hack) your(their) big business
SAP security landscape. How to protect(hack) your(their) big businessSAP security landscape. How to protect(hack) your(their) big business
SAP security landscape. How to protect(hack) your(their) big business
 
SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...SAST Authorization Management: How to integrate your SoD analysis into the SA...
SAST Authorization Management: How to integrate your SoD analysis into the SA...
 
Information Security: Advanced SIEM Techniques
Information Security: Advanced SIEM TechniquesInformation Security: Advanced SIEM Techniques
Information Security: Advanced SIEM Techniques
 
Owasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developerOwasp Proactive Controls for Web developer
Owasp Proactive Controls for Web developer
 

Similar a Security concerns in web erp

Cybercom Enhanced Security Platform
Cybercom Enhanced Security PlatformCybercom Enhanced Security Platform
Cybercom Enhanced Security Platformabelsonp
 
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Glen Roberts, CISSP
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxTrongMinhHoang1
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureCloudPassage
 
It iyer , akansha, samoneh , david & rahul
It iyer , akansha, samoneh , david & rahulIt iyer , akansha, samoneh , david & rahul
It iyer , akansha, samoneh , david & rahulRahul Singh
 
Logicaworks brochure
Logicaworks brochureLogicaworks brochure
Logicaworks brochureAshwini Rath
 
Weblogic Cluster Security
Weblogic Cluster SecurityWeblogic Cluster Security
Weblogic Cluster SecurityAditya Bhuyan
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hackingDesmond Devendran
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...IJERA Editor
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET Journal
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2Anne Starr
 
Office 365 Dashboards - Analytical Reporting Tools
Office 365 Dashboards - Analytical Reporting ToolsOffice 365 Dashboards - Analytical Reporting Tools
Office 365 Dashboards - Analytical Reporting ToolsUnifyCloud
 
access-control-week-3
access-control-week-3access-control-week-3
access-control-week-3jemtallon
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowPrecisely
 
Unit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxUnit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxSakshiGawde6
 
Impact 2013 2963 - IBM Business Process Manager Top Practices
Impact 2013 2963 - IBM Business Process Manager Top PracticesImpact 2013 2963 - IBM Business Process Manager Top Practices
Impact 2013 2963 - IBM Business Process Manager Top PracticesBrian Petrini
 

Similar a Security concerns in web erp (20)

Cybercom Enhanced Security Platform
Cybercom Enhanced Security PlatformCybercom Enhanced Security Platform
Cybercom Enhanced Security Platform
 
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
Security Challenges in Cloud Integration - Cloud Security Alliance, Austin Ch...
 
talk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptxtalk6securingcloudamarprusty-191030091632.pptx
talk6securingcloudamarprusty-191030091632.pptx
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
 
Security and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud InfrastructureSecurity and Compliance for Enterprise Cloud Infrastructure
Security and Compliance for Enterprise Cloud Infrastructure
 
It iyer , akansha, samoneh , david & rahul
It iyer , akansha, samoneh , david & rahulIt iyer , akansha, samoneh , david & rahul
It iyer , akansha, samoneh , david & rahul
 
Logicaworks brochure
Logicaworks brochureLogicaworks brochure
Logicaworks brochure
 
Weblogic security
Weblogic securityWeblogic security
Weblogic security
 
Weblogic Cluster Security
Weblogic Cluster SecurityWeblogic Cluster Security
Weblogic Cluster Security
 
Material best practices in network security using ethical hacking
Material best practices in network security using ethical hackingMaterial best practices in network security using ethical hacking
Material best practices in network security using ethical hacking
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
 
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
IRJET- Privacy Preserving and Proficient Identity Search Techniques for C...
 
gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2gkkCloudtechnologyassociate(cta)day 2
gkkCloudtechnologyassociate(cta)day 2
 
Office 365 Dashboards - Analytical Reporting Tools
Office 365 Dashboards - Analytical Reporting ToolsOffice 365 Dashboards - Analytical Reporting Tools
Office 365 Dashboards - Analytical Reporting Tools
 
publishable paper
publishable paperpublishable paper
publishable paper
 
Predix
PredixPredix
Predix
 
access-control-week-3
access-control-week-3access-control-week-3
access-control-week-3
 
Effective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to KnowEffective Security Monitoring for IBM i: What You Need to Know
Effective Security Monitoring for IBM i: What You Need to Know
 
Unit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptxUnit 2 - Chapter 7 (Database Security).pptx
Unit 2 - Chapter 7 (Database Security).pptx
 
Impact 2013 2963 - IBM Business Process Manager Top Practices
Impact 2013 2963 - IBM Business Process Manager Top PracticesImpact 2013 2963 - IBM Business Process Manager Top Practices
Impact 2013 2963 - IBM Business Process Manager Top Practices
 

Más de Manoj Jhawar

strategic management
strategic managementstrategic management
strategic managementManoj Jhawar
 
postponement in supplychain
postponement in supplychainpostponement in supplychain
postponement in supplychainManoj Jhawar
 
NERD club IIT kanpur
NERD club IIT kanpurNERD club IIT kanpur
NERD club IIT kanpurManoj Jhawar
 
Restaurant Project
Restaurant Project Restaurant Project
Restaurant Project Manoj Jhawar
 
Library management
Library managementLibrary management
Library managementManoj Jhawar
 
Review of Indian coal sector
Review of Indian coal sectorReview of Indian coal sector
Review of Indian coal sectorManoj Jhawar
 
USA aviation Industry
USA aviation Industry USA aviation Industry
USA aviation Industry Manoj Jhawar
 
Presentation club formation
Presentation club formationPresentation club formation
Presentation club formationManoj Jhawar
 
Presentation opc by manoj
Presentation opc by manojPresentation opc by manoj
Presentation opc by manojManoj Jhawar
 
Guest lecture on project management
Guest lecture on project managementGuest lecture on project management
Guest lecture on project managementManoj Jhawar
 
Financial ratio analysis hdfc bank new
Financial ratio analysis hdfc bank newFinancial ratio analysis hdfc bank new
Financial ratio analysis hdfc bank newManoj Jhawar
 
Computer center lab
Computer center labComputer center lab
Computer center labManoj Jhawar
 

Más de Manoj Jhawar (16)

Kesco turnaround
Kesco turnaroundKesco turnaround
Kesco turnaround
 
strategic management
strategic managementstrategic management
strategic management
 
postponement in supplychain
postponement in supplychainpostponement in supplychain
postponement in supplychain
 
NERD club IIT kanpur
NERD club IIT kanpurNERD club IIT kanpur
NERD club IIT kanpur
 
Restaurant Project
Restaurant Project Restaurant Project
Restaurant Project
 
Cloud ppt
Cloud pptCloud ppt
Cloud ppt
 
Library management
Library managementLibrary management
Library management
 
Review of Indian coal sector
Review of Indian coal sectorReview of Indian coal sector
Review of Indian coal sector
 
USA aviation Industry
USA aviation Industry USA aviation Industry
USA aviation Industry
 
Presentation club
Presentation clubPresentation club
Presentation club
 
Presentation club formation
Presentation club formationPresentation club formation
Presentation club formation
 
Presentation opc by manoj
Presentation opc by manojPresentation opc by manoj
Presentation opc by manoj
 
Guest lecture on project management
Guest lecture on project managementGuest lecture on project management
Guest lecture on project management
 
Excel
ExcelExcel
Excel
 
Financial ratio analysis hdfc bank new
Financial ratio analysis hdfc bank newFinancial ratio analysis hdfc bank new
Financial ratio analysis hdfc bank new
 
Computer center lab
Computer center labComputer center lab
Computer center lab
 

Último

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Último (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Security concerns in web erp

  • 1. Security concerns in Web ERP Manoj Jhawar MBA 2nd year 12125027
  • 2. Overview • ERP is experiencing the transformation that will make it much more intelligent, collaborative, web enabled, highly integrated may become wireless • ERP solutions worked upon common use of distributed application which causes security problems
  • 3. Security issues • • • • • • Physical Security Transmission Security Storage Security Access Security Data Security Application Security
  • 4. Several security problems are • • • • • • • Resource protection Data confidentiality Data integrity Authentication of user Non repudiation of transaction Reliability of user Anonymity of user
  • 5. ERP Architecture • Integration—various components are integrated and seamless data flow occurs between components to collaborate as a single function. • Flexible—system is flexible, compatible and expandable with the old systems, changes to the business processes and strategies are easy to accomplish. • Real-time—different components works in online, real time and batch processing modes should be presented. • Componentization—different business functional requirement are designed as different components. • Tailorable—system should be simply configured according to the enterprise’s requirements.
  • 6. 3 tier Architecture • • • 1. Front layer of Presentation Layer: A combined Graphical User Interface (GUI) or any browser that collects data, generates requests, and proceeds the results back to the user. 2. Middle layer of Application: Application programs that collects the requirements from the Presentation layer and further routes the request based on the business function, rules or logic. 3. Database Layer (Back): Data Base Management Systems that manages the business and operational data throughout the entire enterprise.
  • 7. Current security solutions in ERP • Role-Based Access Control – – – – Roles Permissions Users Constraints
  • 8. Security in SAP/R3 • Authorization object- This represents the authorization concept and consists of some authorization fields. • Authorization- This is an instance of one authorization object and defines permitted value range of each authorization field of the authorization object. • Authorization profile- This contains some authorizations which are assigned to the user by an administrator. • Authorization check- This is used to protect the transactions or data we choose and is embedded in program logic. When authorization check is performed then authorization profile will be used for comparing the required values needed to run the specific transaction. • User master record- This enables the users to log on to R/3 system and grant limited entry to the transactions and data. • Profile generator- This is the component which helps the administrators create, generate, and assign authorization profiles using activity groups and user
  • 9. Diagram of SAP R/3 Authorization
  • 10. Open security Model • • • 1. XML encryption 2. XML signature 3. SAMLconfiguration parameters. Constructing a new security layer and connecting it into the already existing architecture, requires considering different provision of individual security needs Appropriate profile processor is able to audit all incoming messages for security fulfillments on the own security profile and also to extend all outgoing messages according to the security policy of remote peer.
  • 11. Future security features • Intelligent • Knowledgebased • Heterogeneous • Collaborative • Wireless
  • 12. Conclusion • Existing security solutions like RBAC or SAP R/3 are based on the features of the current ERP system and since ERP reveals more and more new features that may be supported in the future, present security mechanism needs to be retrofitted and new security issues have to be identified • In open security model proposed above we see that the division of transport data and content is the key-note area of the introduced security model • The prefixed article builds an open architecture which will not only considers the integration of existing security standards such as XML encryption or XML signature or SAML but will also aids future developments like Trusted Platforms