WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Read this whole guide offline with no ads, for a low price!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)

Previous Topic/Section
3.5.3.9.2  Databases
Previous Page
Pages in Current Topic/Section
123456789
10
Next Page
 3.7  Success Questions
Next Topic/Section

3.6  Summary
(Page 10 of 10)

Hardening Data Repositories



You also looked at hardening different types of data repositories, which are locations holding information about your network or your organization’s business. Some of these include:

  • Directory services, often using LDAP over port 389. It is frequently a good idea to run LDAP over TLS to provide encrypted communication so that information about your network setup or individuals within the organization is not sent across the network in cleartext; you might also restrict access to certain types of directory information by user or group if your directory server allows it; another step to take is to verify that the directory server contains good data to begin with, so that it is not serving up bogus information to clients.

  • Databases, which are collections of information, generally about the company’s products, customers, suppliers, etc. which are generally very sensitive; they are known for having security issues regularly, so keep on top of updates offered by your vendors, and investigate vendor-provided and user community developed recommendations for hardening your databases of choice; watch out for applications which are vulnerable to SQL injection attacks; work with your DBA to restrict access to individual data elements so that they are available only to those with a “need to know”; make sure that your routers and firewalls are configured to only allow connections to your database server’s ports (TCP ports 1433 and 1434 for SQL Server) from those trusted machines which require access and deny access to the database server from other hosts; finally, remove any default passwords your database server may have installed, and if possible select an authentication mechanism that does not rely on passwords, particularly if it requires that the passwords be passed over the net in clear text; if not possible to avoid passwords entirely, make sure you assign strong passwords and change them regularly.

Previous Topic/Section
3.5.3.9.2  Databases
Previous Page
Pages in Current Topic/Section
123456789
10
Next Page
 3.7  Success Questions
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.