Saturday, November 19, 2005

Secure everything!

Throwing a firewall between your precious database server and the outside world or the internet is a good first step. Unfortunately many firms literally never get beyond this. It would be like putting a lock on the front an back door, but not on the president's door, the controller's door or the company safe. This leaves database information unsafe and vulnerable to anyone with access to the "hallways" or your company's network, that is, vulnerable to the "inside job".

If I can "see" the start-up script, I can copy it somewhere, edit it and run it, find out what files I have access to and begin dumping them. There is a simple protection against this, but rarely have I seen it done because of the extra layer of administration involved.

Do it, do it, do it - you will not regret it one bit. My next entry will give you the steps.

0 Comments:

Post a Comment

<< Home