Position:home>ERP Article Index> Use correctly assure ERP data no longer nominal
Use correctly assure ERP data no longer nominal
From;  Author:Stand originally


One, the menace that comes from network level

From network level for, the menace that ERP data security suffers basically comes from at two respects. It is exterior visit accredit not quite normative; 2 it is the likelihood on interiorly network existence eavesdrop.

1, exterior visit accredit is not quite normative

ERP uses a field to expand, satisfy the need of ceaseless employee bussiness trip, gradually develop to B/S mode. And the advantage with this the biggest mode, it is OK very convenient offerring is external visit. Namely employee is away on official business outer, also can adopt the visits interior ERP system with very convenient browser. Although this took very big advantage to our job, extended the use space of ERP system. But, do not need doubt, also brought very big safe menace to our system.

It is to be in an enterprise outside use system, do not get effective government.

Be away on official business like buyer outer, if have a bit self a bit, can follow supplier collude, wait the purchases plan, other vendor value of company near future a moment, can adopt the form of system of exterior visit ERP, tell a supplier, make the enterprise loses the active power that purchase. Because be away on official business,use system does not suffer outer employee to manage effectively, so similar case happens from time to tome. So, to exterior visit, we should run the number of exterior visit strictly on one hand, what person has the limits of authority of exterior visit, we have strict limitative; even on the other hand, the user of long-range visit is best can manage alone, especially the change that its password otherwise decides, divulge user name and password not carefully in order to prevent to the personnel of other company. That is to say, on employee computer, hanging builder of a password, this is as synchronous as ERP server, be in commonly very or so kinds, the server can generate an user name and code afresh, go up in the password builder of employee next, also can generate user name and code at the same time. Because both generated regulation is same, so, employee can use the user name on password builder and password to land ERP system. Can solve the code that uses ERP system outside to reveal a problem so.

2 it is to be below specific situation, can give a client the limits of authority of a few long-range visits probably, if this attributive sets undeserved sentence, the information that cannot visit a few clients probably also offers them.

Manage the position in the enterprise to be strengthened ceaselessly as informatization now, some clients can ask their supplier uses ERP system actively, offer the port that the network visits, make them OK carry a network real time the progress that knows their order form. Such company must provide ERP user to them, let them have long-range visit. But, here is put in a safe menace, if our attributive sets undeserved sentence, the client can visit a company a few confidential information, if product cost is waited a moment. So, if be below strong demand of the client, when wanting to provide the long-range visit limits of authority of their ERP system, we must notice, the setting problem of attributive. Cannot let them visit a few data that ought not to visit quite. My proposal is, when encountering this kind of situation, the data that should visit to this user undertakes monitoring, saw its visit what data, put in the case of illegal visit. Be like some words, want to undertake in time adjustment. System of a lot of ERP had had the visit that is aimed at an user to record a function now. Use this function, can manage the visit attributive of the user effectively.
Previous12 Next