A SAP system communicates with SAP clients, browsers, applications and other SAP systems via the local network. Data is also exchanged between SAP system components. In all cases, data which needs to be protected is transferred. This includes not only the data used to authenticate users (e.g. user name and password, cookies, certificates, etc.), but also business data processed as part of the activated functions.
Secure Network Communications (SNC) is a software layer developed by SAP which provides end-to-end protection for data communication channels between SAP system components that use SAP protocols such as RFC or DIAG.
The security layers of SNC
With SNC the following security layers are presented for communication:
The SNC itself does not contain a security mechanism, but provides an interface for external security products such as smart cards with the “GSS-API V2” (Generic Security Services Application Programming Interface Version 2).
Protection levels of the security layer
1. Authentication – low protection: only identities of communication partners are checked. Data is sent unencrypted.
2. Integrity – medium protection: all undesired data changes can be detected during transmission. Data is sent unencrypted.
3. Privacy – high protection: data is transmitted between the partners via cable in encrypted form.
SAP Cryptographic Library
SAP provides the SAP Cryptographic Library as a standard SNC security product. However, the SAP Cryptographic Library can only be used to implement SNC between server components, that is, to protect connections on an RFC basis. If at the same time user communication needs to be protected, for example connections between SAP GUI and the SAP system, users need an additional solution, such as our styx.SSO.