Security concerns in web erp
-
Upload
manoj-jhawar -
Category
Technology
-
view
270 -
download
1
description
Transcript of Security concerns in web erp
![Page 1: Security concerns in web erp](https://reader036.fdocuments.us/reader036/viewer/2022081811/54bcc6674a7959fa7c8b4569/html5/thumbnails/1.jpg)
Security concerns in Web ERP
Manoj JhawarMBA 2nd year
12125027
![Page 2: Security concerns in web erp](https://reader036.fdocuments.us/reader036/viewer/2022081811/54bcc6674a7959fa7c8b4569/html5/thumbnails/2.jpg)
Overview
• ERP is experiencing the transformation that will make it much more intelligent, collaborative, web enabled, highly integrated may become wireless
• ERP solutions worked upon common use of distributed application which causes security problems
![Page 3: Security concerns in web erp](https://reader036.fdocuments.us/reader036/viewer/2022081811/54bcc6674a7959fa7c8b4569/html5/thumbnails/3.jpg)
Security issues
• Physical Security• Transmission Security• Storage Security• Access Security• Data Security• Application Security
![Page 4: Security concerns in web erp](https://reader036.fdocuments.us/reader036/viewer/2022081811/54bcc6674a7959fa7c8b4569/html5/thumbnails/4.jpg)
Several security problems are
• Resource protection• Data confidentiality• Data integrity• Authentication of user• Non repudiation of transaction• Reliability of user• Anonymity of user
![Page 5: Security concerns in web erp](https://reader036.fdocuments.us/reader036/viewer/2022081811/54bcc6674a7959fa7c8b4569/html5/thumbnails/5.jpg)
ERP Architecture• Integration—various components are integrated and seamless
data flow occurs between components to collaborate as a single function.
• Flexible—system is flexible, compatible and expandable with the old systems, changes to the business processes and strategies are easy to accomplish.
• Real-time—different components works in online, real time and batch processing modes should be presented.
• Componentization—different business functional requirement are designed as different components.
• Tailorable—system should be simply configured according to the enterprise’s requirements.
![Page 6: Security concerns in web erp](https://reader036.fdocuments.us/reader036/viewer/2022081811/54bcc6674a7959fa7c8b4569/html5/thumbnails/6.jpg)
3 tier Architecture• 1. Front layer of Presentation Layer:
A combined Graphical User Interface (GUI) or any browser that collects data, generates requests, and proceeds the results back to the user.
• 2. Middle layer of Application: Application programs that collects the requirements from the Presentation layer and further routes the request based on the business function, rules or logic.
• 3. Database Layer (Back): Data Base Management Systems that manages the business and operational data throughout the entire enterprise.
![Page 7: Security concerns in web erp](https://reader036.fdocuments.us/reader036/viewer/2022081811/54bcc6674a7959fa7c8b4569/html5/thumbnails/7.jpg)
Current security solutions in ERP
• Role-Based Access Control– Roles– Permissions– Users– Constraints
![Page 8: Security concerns in web erp](https://reader036.fdocuments.us/reader036/viewer/2022081811/54bcc6674a7959fa7c8b4569/html5/thumbnails/8.jpg)
Security in SAP/R3• Authorization object- This represents the authorization concept and consists of
some authorization fields.• Authorization- This is an instance of one authorization object and defines
permitted value range of each authorization field of the authorization object.• Authorization profile- This contains some authorizations which are assigned to
the user by an administrator.• Authorization check- This is used to protect the transactions or data we choose
and is embedded in program logic. When authorization check is performed then authorization profile will be used for comparing the required values needed to run the specific transaction.
• User master record- This enables the users to log on to R/3 system and grant limited entry to the transactions and data.
• Profile generator- This is the component which helps the administrators create, generate, and assign authorization profiles using activity groups and user
![Page 9: Security concerns in web erp](https://reader036.fdocuments.us/reader036/viewer/2022081811/54bcc6674a7959fa7c8b4569/html5/thumbnails/9.jpg)
Diagram of SAP R/3 Authorization
![Page 10: Security concerns in web erp](https://reader036.fdocuments.us/reader036/viewer/2022081811/54bcc6674a7959fa7c8b4569/html5/thumbnails/10.jpg)
Open security Model• 1. XML encryption 2. XML
signature 3. SAML-configuration parameters.
• Constructing a new security layer and connecting it into the already existing architecture, requires considering different provision of individual security needs
• Appropriate profile processor is able to audit all incoming messages for security fulfillments on the own security profile and also to extend all outgoing messages according to the security policy of remote peer.
![Page 11: Security concerns in web erp](https://reader036.fdocuments.us/reader036/viewer/2022081811/54bcc6674a7959fa7c8b4569/html5/thumbnails/11.jpg)
Future security features
• Intelligent• Knowledge-
based• Heterogeneous• Collaborative • Wireless
![Page 12: Security concerns in web erp](https://reader036.fdocuments.us/reader036/viewer/2022081811/54bcc6674a7959fa7c8b4569/html5/thumbnails/12.jpg)
Conclusion• Existing security solutions like RBAC or SAP R/3 are based on the
features of the current ERP system and since ERP reveals more and more new features that may be supported in the future, present security mechanism needs to be retrofitted and new security issues have to be identified
• In open security model proposed above we see that the division of transport data and content is the key-note area of the introduced security model
• The prefixed article builds an open architecture which will not only considers the integration of existing security standards such as XML encryption or XML signature or SAML but will also aids future developments like Trusted Platforms