Chapter 16: Securing Sybase
Up to this point, we have discussed a fair portion of Sybase's functionality, though we have barely scratched the surface in terms of the various ways that Sybase can be configured. Many issues become relevant only when an enterprise-level database infrastructure is involved.
Sybase Security Checklist
Here's a quick reference checklist for the points that are discussed in this chapter.
Background
-
Read the Sybase security documentation.
-
Regularly check the Sybase update page.
-
Periodically search for alternative security documentation.
-
Periodically search vulnerability databases.
Operating System
-
Apply host- and network-based packet filters.
-
Use a low-privileged account to run Sybase.
-
Run Sybase in a chroot jail.
-
Restrict Sybase access to the filesystem.
-
Restrict other users' access to the Sybase directory.
Sybase Users
-
Enforce account password complexity and lockout.
-
Remove privileges from the default sa account.
-
Use (at least) one user per web application.
-
Do not give users unnecessary privileges.
Sybase Configuration
-
Enable auditing.
-
Disable xp_cmdshell.
-
Disable Java if possible.
-
Disable filesystem proxy table support if possible.
-
Don't install test databases/clear test data.
-
Use strong authentication.
The recommendations in this section are divided into four categories: Background, Operating System, Sybase Users, and Sybase configuration.
EAN: 2147483647
Pages: 156