|Read this whole guide offline with no ads, for a low price!|
Use coupon code "certiguide" to save 20%!
|Need more practice? 300 additional Security+ questions!|
|Get It Here!|
(Page 10 of 10)
Hardening Data Repositories
You also looked at hardening different
types of data repositories, which are locations holding information
about your network or your organizations business. Some of these
- Directory services, often using LDAP over
port 389. It is frequently a good idea to run LDAP over TLS to provide
encrypted communication so that information about your network setup
or individuals within the organization is not sent across the network
in cleartext; you might also restrict access to certain types of directory
information by user or group if your directory server allows it; another
step to take is to verify that the directory server contains good data
to begin with, so that it is not serving up bogus information to clients.
- Databases, which are collections of information,
generally about the companys products, customers, suppliers, etc.
which are generally very sensitive; they are known for having security
issues regularly, so keep on top of updates offered by your vendors,
and investigate vendor-provided and user community developed recommendations
for hardening your databases of choice; watch out for applications which
are vulnerable to SQL injection attacks; work with your DBA to restrict
access to individual data elements so that they are available only to
those with a need to know; make sure that your routers and
firewalls are configured to only allow connections to your database
servers ports (TCP ports 1433 and 1434 for SQL Server) from those
trusted machines which require access and deny access to the database
server from other hosts; finally, remove any default passwords your
database server may have installed, and if possible select an authentication
mechanism that does not rely on passwords, particularly if it requires
that the passwords be passed over the net in clear text; if not possible
to avoid passwords entirely, make sure you assign strong passwords and
change them regularly.
|If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!|
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.