Introduction

Systems, Applications, and Products

SAP SE is a German multinational software corporation based in Walldorf, Baden-

Württemberg, that develops enterprise software to manage business operations and
customer relations. The company is especially known for its ERP software. SAP is the largest
non-American software company by revenue, the world's third-largest publicly-traded
software company by revenue, and the largest German company by market capitalisation.

1.Vision and Mission

 Vision
The vision statement for SAP is its strategic plan for the future – it
defines what and where SAP Company wants to be in the future. The
vision statement for SAP is a document identifying the goals of SAP to
facilitate its strategic, managerial, as well as general decision making
processes.
  Mission
The mission statement for SAP is a public document that details the values
and strategic aims of SAP. The mission statement of SAP also identifies the
purpose of the organization existence, highlighting the services and the
products it offers. Further, the mission statement also identifies the
organization’s operational goals for SAP, the processes the company uses to
achieve those, the target customer groups, and the region where the
company operates.

2. policy of the Industry

Every SAP employee has a quality assurance role, whether developing

software or providing services and support. We cooperate closely with
customers, partners, and suppliers, and regularly monitor our customers’
perception of our quality. Our quality culture is based on employee
commitment, and we use innovative methods to support continuous product,
process, and service quality improvement.
3.History

SAP Business One was initially launched in Israel in 1996 under the name "Menahel"
("manager") or "TopManage", for countries out of Israel. The company was founded by
Reuven Agassi (CEO) and Gadi Shamia (VP of sales, marketing and product). The product
was designed by Gadi Shamia and the head developer was Hilla Mazinter.

In its first years, TopManage was sold in the Israeli market only, and was the first
Windows/Mac business management product to be offered in the Israeli market. In 2000
TopManage started its global expansion into markets in Europe and Latin America.

In March 2002, SAP purchased TopManage Financial Systems and branded their system as
SAP Business One. TopManage founders Reuven Agassi and Gadi Shamia were given
executive positions at SAP following the acquisition. A year earlier, TopManage's sister
company, TopTier, had also been acquired by SAP. TopTier was founded by Reuven
Agassi's son Shai Agassi.[1]

The acquisition allowed SAP to reach out to the small market through its partners and also to
gain additional business from the smaller subsidiaries of its enterprise customers.

Industry background and nature of business

Type Public (Societas Europaea)

Traded as FWB: SAP
NYSE: SAP
DAX Component
ISIN DE0007164600
Industry Enterprise software
Founded Weinheim, Germany
(1972; 49 years ago)
Founder Dietmar Hopp
Hans-Werner Hector
Hasso Plattner
Klaus Tschira
Claus Wellenreuther
Headquarters Dietmar-Hopp-Allee 16, Walldorf, Baden-
Württemberg
,
Germany
Awards

The annual SAP Pinnacle Award program spotlights the market’s most outstanding SAP
partners. Finalists are judged by a panel of experts against stringent award criteria.
Capgemini has garnered an SAP Pinnacle Award for many consecutive years, reflecting our
superlative SAP expertise and customer satisfaction.

1. 2021 SAP Pinnacle Award for Partner Learning Excellence

2. 2021 SAP Innovation Awards (finalist) – Capgemini (Fieldglass), Excelerate Energy
Projects
3. 2020 SAP Innovation Awards (finalist) – Truechain, Safety Workers
4. 2019 Microsoft SAP on Azure – Partner of the Year
5. 2019 SAP Pinnacle Award (finalist) – Customers’ Choice Partner of the Year
6. 2018 SAP Pinnacle Award, Customer Choice Partner of the Year – Large Enterprises
7. 2018 SAP Pinnacle Award (finalist) – SAP Leonardo Partner of the Year
8. 2017 SAP Pinnacle Award, Customer Choice – Services
9. SAP Certifications
10. Global SAP-Certified provider of SAP HANA Operations
11. Global SAP-Certified provider of Hosting Operations
12. Global SAP-certified provider of SAP Business Suite Solutions Operations
13. Global SAP-certified provider of SAP S/4HANA Solutions Operations
14. Local SAP-certified provider of Cloud and Infrastructure Operations
15. Global SAP-certified provider of DevOps
16. Global SAP-certified provider of SAP SuccessFactors Solutions Operations
17. SAP Certified Partner Center of ExpertiseAwards
Introduction of firewall

A firewall is a protective layer for your server that monitors and filters incoming and
outgoing network traffic. It uses a set of rules to determine to allow or block specific
network traffic. Firewalls can prevent unauthorized use before reaching your servers.
Firewalls can be hardware or software based. In network security, the first line of defense
that should always be used is a firewall.

Over the past few decades, firewall deployments have advanced and the functionality as
well as the features have increased. Firewalls can n ow examine individual packets of traffic
and test the packets to determine if they are safe.
There are various types of firewalls in a computer network, which are as
follows −

1) Packet Filtering Firewalls

A packet filtering firewall is an essential type of firewall. It facilitates a management
program that monitors web traffic and filters incoming packets based on configured
security methods.

These firewalls are created to block network traffic IP protocols, an IP address, and a
port number if a data packet does not connect to the established rule-set.

2) Application Level Gateway Firewall

It is also known as Proxy Firewalls. Proxies are mainly used to control or monitor
outbound traffic. Some application proxies cache the data requested.

This lower bandwidth requirement decreases the access time for the following user
to access the same data. It also gives unquestionable evidence of what was
transferred.

3) Circuit-level Gateways
Circuit-level gateways are another type of firewall that can easily configure to allow
or block traffic without significant computing resources.
These types of firewalls typically operate at the OSI model’s session-level by
verifying TCP (Transmission Control Protocol) connections and sessions. Circuit-level
gateways are designed to ensure that the regular sessions are protected.

4) Next-Generation Firewalls (NGFW)

These work by filtering traffic moving by a network by the filtering is specified by the
applications or traffic methods and the ports they are created.

5) Stateful Multi-Layer Inspection (SMLI) Firewalls

Stateful multilayer inspection firewalls contain both packet inspection technology
and TCP handshake verification. It can create SMLI firewalls better than packet-
 filtering firewalls or circuit-level gateways. These types of firewalls keep track of the
status of established connections.

6) Network address translation (NAT) Firewalls

It allows multiple devices with independent network addresses to connect to the
internet using a single IP address, keeping individual IP addresses hidden.

7) Threat-focused NGFW
Threat-focused NGFW contains all the features of a traditional NGFW. They can also
support advanced threat detection and remediation. These types of firewalls can
react against attacks quickly.

8) Cloud Firewalls
Whenever a firewall is created using a cloud solution, it is called a cloud firewall or
FaaS (firewall-as-service). Cloud firewalls are supported and run on the Internet by
third-party vendors.
FIREWALL ARCHITECTURES

The configuration that works best for a particular organization depends on three factors:

The objectives of the network, the organization‘s ability to develop and implement the
Architectures, and the budget available for the function.
There are FOUR common architectural implementations of firewalls.These
Implementations are packet filtering routers, screened host firewalls, dual-homed
Firewalls, a nd screened subnet firewalls.

1. Filtering Routers

Most organizations with a n Internet connections have some form of a router

As the interface to the Internet at the perimeter between the organization‘s
Internal networks and the external service provider. Many of these routers can
Be configured to reject packets that the organization does not allow into the
Network. This is a simple but effective way to lower the organization‘s risk
From external attack. The drawbacks to this type of system include a lack of
Auditing and strong authentication. Also, the complexity of the access control
Lists used to filter the packets can grow and degrade network performance.

2. Host Firewalls

This architecture combines the packet filtering router with a separate, dedicated
Firewall, such as an application proxy server. This approach allows the router to
Pre-screen packets to minimize the network traffic and loads on the internal
Proxy.The application proxy examines an application layer protocol, such as
HTTP, and perform the proxy services. This separate host is often referred to as a
Bastion host; it can be a rich target for external attacks, and should be very
Thoroughly secured.Evn though the bastion host/application proxy actually
Contains only cached copies of the internal Web documents, it can still present a
Promising target, because compromise of the bastion host can disclose the
Configuration of internal networks and possibly provide external sources with
Internal information. Since the bastion host stands as a sloe defender on the
Network perimeter, it is also commonly referred to as the Sacrificial Host.
To its advantage, this configuration requires the external attack to compromise
Two separate systems, before the attack can access internal data. In this way, the
Bastion host protects the data more fully than the router alone. Fig 6-11 shows a
Typical configuration of a screened host architectural approach.

III. Dual-Homed Host Firewalls

The next step up in firewall architectural complexity is the dual-homed host. When this
architectural approach is used, the bastion host contains two NICs (Network Interface
Cards) rather than one, as in the bastion host configuration. One NIC is connected to the
external network, and one is connected to the internal network, providing an additional
layer of protection. With TWO NICs , all traffic must physically go through the firewall
to move between the internal and external networks.
Implementation of this architecture often makes use of NATs. NAT is a method of
mapping real, valid, external IP addresses to special ranges of non- IP addresses, thereby
creating yet another barrier to intrusion from external attackers. The internal addresses
used by NAT consist of three different ranges. Organizations that need Class A addresses can
use the 10.x.x.x range, which has over 16.5 millionusable addresses. Organization‘s that
need Class B addresses can use the 192.168.x.x range, which has over 65,500 addresses.
Finally , organiazations with smaller needs , such as those needing onlya few Class C
addresses, can use the c172.16.0.0 to 172.16.15.0 range, which hs over 16 Class C addresses
or about 4000 usable addresses. See table 6-4 for a recap of the IP address ranges reseved
fro non-public networks.
Messages sent with internal addresses within these three internal use addresses is directly
connected to the external network, and avoids the NAT server, its traffic cannot be routed
on the public network. Taking advantage of this , NAT prevents external attacks from
reaching internal machines with addresses in specified ranges.If the NAT server is a multi-
homed bastion host, it translates between the true, external IP addresses assigned to the
organization by public network naming authorities ansd the internally assigned, non-
routable IP addresses. NAT translates by dynamically assigning addresses to internal
communications and tracking the conversions with sessions to determine which incoming
message is a response to which outgoing traffic. Fig 6-12 shows a typical configuration of a
dual homed host firewall that uses NAT and proxy access to protect the internal
network.Another benefit of a dual-homed host is its ability to translate between
Many different protocols at their respective data link layers, including Ethernet , Token Ring,
Fiber Distributed Data interface (FDDI) , and Asynchronous Transfer Method
(ATM). On the downside, if this dual-homed host is compromised, it can disable the
Connection to the external network, and as traffic volume increases, it can become over-
Loaded. Compared to more complex solutions, however, this architecture provides strong
Overall protection with minimal expense.

I. Screened Subnet Firewalls (with DMZ)

The dominant architecture used today is the screened subnet firewall. The architecture of A
screened subnet firewall provides a DMZ. The DMZ can be a dedicated port on the Firewall
device linking a single bastion host, or it can be connected to a screened subnet . Until
recently , servers providing services through an untrusted Network were commonly placed
in the DMZ. Examples of these include Web servers, file Transfer protocol (FTP) servers, and
certain database servers. More recent strategies using Proxy servers have provided much
more secure solutions.

A common arrangement finds the subnet firewall consisting of two or more internal Bastion
hosts behind a packet filtering router, with each host protecting the trusted Network. There
are many variants of the screened subnet architecture. The first general Model consists of
two filtering routers, with one or more dual-homed bastion hosts Between them. In the
second general model, as illustrated in Fig 6-13 , the connections

Are routed as follows:

1. Connections from the outside or un trusted network are routed through an

External filtering router.

2. Connections from the outside or un trusted network are routed into-and then Out of
– a routing firewall to the separate network segment known as the DMZ.

3. Connections into the trusted internal network are allowed only from the DMZ
bastion host servers.
The screened subnet is an entire network segment that performs two functions: it protects
The DMZs systems and information from outside threats by providing a network of
Intermediate security; and it protects the internal networks by limiting how external
Connections can gain access to internal systems. Although extremely secure, the screened
Subnet can be expensive to implement and complex to configure and manage. The value Of
the information it protects must justify the cost.

Another facet of the DMZ is the creation of an area of known as an extranet. AN extranet Is
a segment of the DMZ where additional authentication and authorization controls are Put
into place to provide services that are not available to the general public. An example Would
be an online retailer that allows anyone to browse the product catalog and place Items into
a shopping cart, but will require extra authentication and authorization when The customer
is ready to check out and place an order.
How Firewall Works

Firewall match the network traffic against the rule set defined in its table. Once the rule is
matched, associate action is applied to the network traffic. For example, Rules are defined
as any employee from HR department cannot access the data from code server and at the
same time another rule is defined like system administrator can access the data from both
HR and technical department. Rules can be defined on the firewall based on the necessity
and security policies of the organization.
From the perspective of a server, network traffic can be either outgoing or incoming.
Firewall maintains a distinct set of rules for both the cases. Mostly the outgoing traffic,
originated from the server itself, allowed to pass. Still, setting a rule on outgoing traffic is
always better in order to achieve more security and prevent unwanted communication.
Incoming traffic is treated differently. Most traffic which reaches on the firewall is one of
these three major Transport Layer protocols- TCP, UDP or ICMP. All these types have a
source address and destination address. Also, TCP and UDP have port numbers. ICMP uses
type code instead of port number which identifies purpose of that packet.

Default policy: It is very difficult to explicitly cover every possible rule on the firewall. For
this reason, the firewall must always have a default policy. Default policy only consists of
action (accept, reject or drop).
Suppose no rule is defined about SSH connection to the server on the firewall. So, it will
follow the default policy. If default policy on the firewall is set to accept, then any computer
outside of your office can establish an SSH connection to the server. Therefore, setting
default policy as drop (or reject) is always a good practice.
Advantages of Firewall

1. Firewall prevents hackers and remote access.

1. It protects data.
2. It ensures better privacy and security.
3. It protects from Trojans.
4. A network-based Firewall, like a router, can offer protection to multiple systems,
while an OS-based Firewall can protect individual systems.

Disadvantages of Firewall

1. Cost: Installation of a Firewall can be costly depending on the sophistication

required.
2. Performance: This is affected as each packet has to be verified for authenticity
before it is allowed into the network.
3. Virus and Malware: There are a few limitations in a Firewall like its inability to
prevent virus and malware attacks for which separate applications would be
required, at the individual system level.
4. A network-level Firewall might bring in a false sense of security in employees and
make them slacken on securing individual systems. Companies need to make all
employees understand the concept of a Firewall and the importance of a Firewall for
information security and their responsibility. Firewall maintenance and up-gradation
require extra manpower and resources.