null
US
Iniciar Sesión
Regístrate Gratis
Registro
Hemos detectado que no tienes habilitado Javascript en tu navegador. La naturaleza dinámica de nuestro sitio requiere que Javascript esté habilitado para un funcionamiento adecuado. Por favor lee nuestros
términos y condiciones
para más información.
Siguiente
Copiar y Editar
¡Debes iniciar sesión para completar esta acción!
Regístrate gratis
479317
SQL Security Policy
Descripción
Mapa Mental sobre SQL Security Policy, creado por seanie_32 el 13/01/2014.
Mapa Mental por
seanie_32
, actualizado hace más de 1 año
Más
Menos
Creado por
seanie_32
hace más de 10 años
66
2
0
Resumen del Recurso
SQL Security Policy
Physical
Disaster Recovery
Ensure the disaster recovery plan is up to date
Off-site back-up + secure
Fireproof / Flood proof / Offline
Physical Access
Ensure physical access to server is restricted
Server can't be turned off / disconnected / plug in keyboard or USB stick
Software
Anti - Virus
Ensure that anti-virus is running
Has been tuned correctly
Unnecessary directories are excluded to improve performance
Exclusions and test loading have been completed
Configure Firewall
Open TCP 3306 for MySQL
Keep as many ports closed as possible
Use SSH tunnel for testing as this does not expose server across web
Vendor Updates
Ensue that server packs / hot fixes / patches are applied frequently
Both at server and MySQL level
This fixes security risks and loopholes Results in less risk of intrusion
Unwanted Services
These added services could give side-door access, introducing something unexpected
Linux – use “rcconf” removal tool to remove unwanted services
Access Restrictions on Server
Restrict remote access - SOCKET
Socket on network layer model
Connects two computers together
Linux – skip-networking
This stops it from opening socket connections
Ties connection down to local host
Needs to go into .ini file
Restrict remote access – LOCALHOST
Bind-address = 127.0.0.1
Forces SQL to listen only to localhost
Can’t accept connections from anywhere else
Preventing access from TCP3306 from outside source
Restrict remote access – GRANT
Defines who and where they will be hosted from
Ties down specific database and specific user
GRANT SELECT, INSERT ON mydb.* TO ‘someuser’@’somehost’;
Database Changes
Disable LOCAL INFILE
Prevents access to local files (eg. /etc/passwd) Stops some SQL injection attacks.
Change root directory
/chroot/mysql
socket = /chroot/mysql/tmp/mysql.sock
Remove test database
Can be test databases installed with MySQL
Allows anonymous access to database
DROP DATABASE test;
Drop the test and any other unwanted databases
Remove test accounts
SHOW GRANTS FOR ‘’@’localhost’;
DROP USER “”;
Delete account shipped with MySQL
Make sure created accounts are tied down to relevant tables
Change rootname and password
Should upgrade to version 5 as privileges stay on previous versions.
MySQL > RENAME USER root TO new_user;
Lower privileges
Version 5 and above has pre-set restrictions
Set ownership to MySQL user:
shell>ls -l /var/lib/mysql
Only allow MySQL and root access: shell>ls -l /usr/bin/my
Mostrar resumen completo
Ocultar resumen completo
¿Quieres crear tus propios
Mapas Mentales
gratis
con GoConqr?
Más información
.
Similar
Capitales Europeas
Diego Santos
6 Técnicas de Enseñanza que No Conocías
maya velasquez
Los 10 Mandamientos de la Ciudadanía Digital
Diego Santos
INGLES PRONOMBRES 73
Pedro Fernández
Cristobal Colón - El Nuevo Mundo
Diego Santos
Sociales
David Andrino
COMUNICACIÓN EN INTERNET
Custodio García
Relación del Derecho Mercantil con otras ramas del Derecho
Juan Jose Avila Espinoza
CLASIFICACIÓN DE LOS SERES VIVOS
pochopupi4802
VOCABULARIO DE AMOS OZ PNT 2
oriol wagensberg
Arkikuntzen garaia
Amparo de Bran
Explorar la Librería