7.7 File Server and Database PolicyThese systems are critical, and steps need to be taken to protect them. Privileged access, for example, root, to them should be limited to a small number of people that maintain them. Services that have a history of security problems, such as sendmail, DNS, and CGIs should not be allowed. If these systems are only for internal use, their access by outside systems should be blocked by a firewall. If the data is so confidential that most people in the company should not see it, such as human resources data, financial information (either the company's or its clients), or medical information, its unencrypted data should be allowed only over separate networks. This is to prevent sniffing by the curious. |
Top |