Control the start of external programs via secinfo
You can create the file "secinfo" in the file system. The location is controlled as follows:
gw/sec_info /usr/sap/P01/DVEBMGS30/data/secinfo
If the fikle is empty, no RFC starts are allowed at all (e.g. after homo system copies)
Otherwise you can explicitly allow and deny a lot of stuff ...