Level 4: For Gurus Only

1. How long do most companies take to detect a data breach, even a major one?

Best Answer: d.

6 months

Equifax, Capital One and Facebook are just a few of the companies who were hacked in recent years and didn’t discover the intrusion for at least six months. According to the Ponemon 2017 Cost of a Data Breach Study, US companies take an average of 206 days to detect a data breach.

2. Who can access the configuration port of the SAP Message Server and potentially register a rogue application server and bypass SAP Gateway Access Control Lists?

Best Answer: b.

Everybody, ms/acl_file_admin does not exist by default.

By default, the profile parameters ms/acl_file_admin, ms/acl_file_ext, ms/acl_file_int are not specified. Following a secure white list approach, this would mean nobody is allowed access.

However, in absence of these files, ANYBODY can access the relevant ports of a SAP message server. Attackers can register a rogue application server. Because that server will be considered “trusted,” the attacker may bypass any Access Control implemented in the SAPGW.

3. What should be considered the single most critical component of an SAP installation?

Best Answer: c.

The Solution Manager

It has a trust relationship with ALL connected systems. Hence, if the SAP Solution Manager is compromised, ALL connected systems can be accessed by an attacker.

4. True or False: SAP passwords are not stored in the database. Instead, only hashes are stored in the USR02, USH02 and USRPWDHISTORY tables. This means they are safe.

Best Answer: b.

False

Common hacking tools like JTR’s Hashcat have been supporting SAP Hashes for some time now. Although time-consuming, passwords can be cracked using either a dictionary or brute force.

Companies should enforce strong-password policies and disallow the use of common passwords in table USR04.

How Did You Do?

After performing the self-assessment, do you feel confident about your organization’s ability to keep your SAP systems secure from cyberattack? Or did you uncover some areas in which you could be doing better?

Download our helpful SAP cybersecurity checklist, which will help you clearly assess your SAP system and your cybersecurity processes, putting you on the road to stronger SAP cybersecurity.

SAP Cybersecurity Checklist

At bowbridge, we’re here to help. We’ve helped organizations worldwide (like Honda, IBM, KPMG, the Australian Government, LEGO, and so many more) secure their SAP system from today’s — and tomorrow’s — sophisticated cyberattacks.

Contact us today for a free consultation, and ensure your SAP system is safe, secure, and out of the reach of cyberattackers.