Cover security related topics of the Dispatcher process of the NetWeaver ABAP instance.
This WIKI page will list security related topics of the Dispatcher, providing assistance to secure the Dispatcher.
Restricting network connections
The parameter "rdisp/acl_file" can be used to specify a file containing an Access Control List (ACL).
With such list, it is possible to restrict the access (network connection) to the Dispatcher port.
This help.sap.com page has detailed documentation about this topic.
The communication between the SAP Logon / SAP GUI to the Dispatcher can be encrypted by activating the SNC.
This is possible even if no SSO (Single Sign-On) solution is used, as the SAP GUI has the option "SNC logon with user/password (no Single Sign-On)" under the "Network" tab, which can be seen when editing a system or at the "Chose network settings" screen when adding a system through the SAP GUI wizard.
This will ensure that the data exchanged between the end users' computers and the SAP servers is secure.
Read the following SAP Help pages for more information.
- Secure Network Communications (SNC)
- Using the SAP Cryptographic Library for SNC
- Using SNC Client Encryption for Password Logon
The parameter "rdisp/traffic_control" can be used as a DoS protection mechanism.
The Dispatcher will close "wild" TCP connections that did not complete the connection setup as a SAP GUI client after this timeout has been reached.
The parameter must be set as "rdisp/traffic_control = LOGIN_TIME=X", where "X" is the number of seconds (valid range: 1 - 1000).
The transaction RZ11 can be used to read the parameter's documentation.