A Guide to Securing MySQL on Windows
|
|
- Natalie Ryan
- 8 years ago
- Views:
Transcription
1 A Guide to Securing MySQL on Windows A MySQL White Paper January 2010 Copyright 2010, Sun Microsystems 1
2 Table of Contents Executive Summary... 3 Why MySQL on Microsoft Windows?... 3 Scope of this Guide... 3 Understanding the MySQL Security Model... 3 Post-Installation Tasks... 6 Account Management... 7 Password Management... 8 Encryption... 9 Data Communication Database Replication Securing MySQL with MySQL Enterprise MySQL on Windows Case Studies Conclusion Resources About MySQL Copyright 2010, Sun Microsystems 2
3 Executive Summary For many years, Microsoft Windows has been the most popular development platform and second most popular production platform for MySQL applications. In early 2009 we conducted our annual survey and what we found is that 66% percent of those surveyed used Windows for development and 48% ultimately deployed on Windows. Given that so many users deploy MySQL on Windows, it makes sense to recap some of the best practices for securing MySQL on Windows. Why MySQL on Microsoft Windows? First, MySQL on Windows remains strong due to the fact that MySQL delivers: Lower TCO Ease of use Reliability Performance A fully featured database with no functional limitations of lite database versions For more information on why MySQL is an excellent choice on Windows, please visit: Scope of this Guide This document contains information regarding the best practices one should employ to secure a Windows-based installation of MySQL 5.1. This guide will walk you through the following security-related aspects of MySQL: Understanding the MySQL Security Model Post-Installation Tasks User Acounts Password Management Encryption Data Communication Database Replication Understanding the MySQL Security Model In this section we will cover several key concepts for understanding how the MySQL Server and Client security model works. At a high-level, MySQL s security model is based on Access Control Lists (ACLs) for all connections, queries, and other operations that users can attempt to perform. We should note that there is also support for SSL-encrypted connections between MySQL clients and servers. Copyright 2010, Sun Microsystems 3
4 The MySQL Privilege System The primary function of the MySQL privilege system is to authenticate users who connect from hosts and in turn associate them with privileges on a database such as SELECT, INSERT, UPDATE, and DELETE. Some additional functionality in this regard also includes the ability to have anonymous, privileges for MySQL-specific functions such as LOAD DATA INFILE, replication, object-level privileges and the ability to perform administrative operations. Information concerning account privileges is stored in the following tables located in the mysql database: user db host tables_priv columns_priv procs_priv For example, the USER table contains the host to which the user name is associated with, the user name, the user s password (in an encrypted format) and various privileges. Because of the information contained within the USER table, it is recommended that only the MySQL root user have access to this table. Information about account privileges is also located in several tables of the INFORMATION_SCHEMA database. Tables of note in this regard include: column_privileges schema_privileges Copyright 2010, Sun Microsystems 4
5 table_privileges user_privileges These access-control decisions are based on the in-memory copies of the GRANT tables. The MySQL server loads the contents of these tables into memory when it starts up and re-reads them under the certain circumstances. For a listing of these circumstances please refer to: As a best practice, whenever you issue a data control statement, you should also have the GRANT tables re-read into memory so that the modification is immediately applied to the server. This means that you should always issue a FLUSH PRIVILEGES command with your DCL statement. For example: GRANT SELECT ON database.* TO user@ hostname IDENTIFIED BY password ; FLUSH PRIVILEGES; GRANT and REVOKE statements are the key enablers and disablers of privileges. A complete list of those privileges can be found at: Connecting to MySQL MySQL client programs generally expect you to specify certain connection parameters when you want to access a MySQL server, these include: The name of the host where the MySQL server is running Your username Your password For example, the mysql client can be started as follows from a command-line prompt: mysql -hhostname -uusername -p If you use a -p or --password option but do not specify a password, the client program prompts you to enter the password. The password is not displayed as you enter it. This is more secure than giving the password on the command line. Any user on your system may be able to see a password specified on the command line by reviewing any history that may be kept at the command line. MySQL client programs use default values for any connection parameter option that you do not specify: The default hostname is localhost. The default username is your Windows login name No default value is supplied for the password variable The password is never transmitted in clear text over the connection. All other information is transferred as text, and can be read by anyone who is able to watch the connection. If the connection between the client and the server goes through an un-trusted network, such as the internet, you can use the compressed protocol to make traffic much more difficult to decipher. Better yet, you should consider using MySQL s built-in Secure Sockets Layer (SSL) support to make the connection even more secure. Alternatively, you can employ Secure Shell (SSH) to get an encrypted TCP/IP connection between a MySQL server and a Copyright 2010, Sun Microsystems 5
6 MySQL client. Post-Installation Tasks Immediately after you have installed MySQL, it is strongly recommended you perform several tasks to harden the server if you have not already done so when prompted if you chose to use the installation GUI. Delete the test database The default TEST database has very permissive grants and should be dropped. DROP DATABASE test; Secure the root account By default when MySQL is installed on Windows, several accounts are created with blank passwords. MySQL creates an account with the username of root with a blank password. The root user is a super user account that can do anything on the MySQL server. This root account is for connections from the local host only. There is also a second root user which is created that can connect from remote machines. If you used the GUI-based MySQL installation you may have also chosen to create a root account which can connect from remote machines by explicitly selecting the option Enable root access from machines. Below is the procedure to set the password for the root account if you have chosen to retain it. SET PASSWORD FOR root@localhost=password('password ); FLUSH PRIVILEGES; Delete the anonymous accounts By default two anonymous user accounts are also created, each with an empty username and no passwords. One of these anonymous accounts is for connecting from the local host. The other anonymous account can connect from any host and has privileges for the test database and any other databases which start with the name test. It is strongly recommended to drop these accounts. This can be accomplished by issuing the following command against the mysql database: DELETE FROM user WHERE user = ; FLUSH PRIVILEGES; The mysql_secure_installation script Copyright 2010, Sun Microsystems 6
7 The previously described steps can also be automated by using the interactive mysql_secure_installation script which you will find in the scripts directory if you opted to use the.zip installation. Running this script will set the root password, remove remote root access, remove the anonymous accounts and delete the default test database. As previously mentioned, many of these tasks are addressed in the MySQL GUI installer for Windows. Running the MySQL Server Securely To use client programs, the MySQL process, mysqld, must be running. On Windows, users will likely choose to run MySQL as a service. (This option can easily be configured using the MySQL GUI installer for Windows.) Because clients gain access to databases by connecting to the server, mysqld is the main program that does the work. Depending on the installation package you chose, the server is accompanied by several related scripts that perform setup operations when you install MySQL or that assist you in starting and stopping the server. mysqld can (and should) be run as an ordinary, unprivileged user. Account Management Similar to other database management systems, the GRANT and REVOKE statements are used for controlling access to MySQL. As a best practice, do not grant more privileges than necessary. Never grant privileges to all hosts. For example: Try mysql -u root at the command line. If you are able to connect successfully to the server without being asked for a password, anyone can connect to your MySQL server as the MySQL root user with full privileges. Use the SHOW GRANTS statement to check which accounts have access to what. Then use the REVOKE statement to remove those privileges that are not necessary. Do not grant the PROCESS or SUPER privilege to non-administrative users. The output of SHOW PROCESSLIST shows the text of any statements currently being executed, so any user who is allowed to see the server process list might be able to see statements issued by other users such as: UPDATE user SET password=password('some_password') The mysqld process reserves an extra connection for users who have the SUPER privilege, so that a MySQL root user can always log in and check server activity even if all available connections are in use. The SUPER privilege can be used to terminate client connections, change server operation by changing the value of system variables, and control replication servers. Never grant this privilege unless absolutely necessary, as the potential for negatively affecting the server, either intentionally or unintentionally is possible. Do not grant the FILE privilege to non-administrative users. Any user that has this privilege can write a file anywhere in the file system with the privileges of the mysqld process. To make this a bit safer, files generated with SELECT... INTO OUTFILE do not overwrite existing files and are write-able by everyone. Copyright 2010, Sun Microsystems 7
8 Failed Logins The max_connect_errors system variable determines if there are more than this number of interrupted connections from a host before that host is blocked from further connections. You can unblock a blocked host with the FLUSH HOSTS statement. By default, the MySQL server blocks a host after 10 connection errors. Limiting Account Resources MySQL does also offer the ability to limit the number of connections and queries that can be issued from a client during a specified period of time. One means of limiting the use of MySQL server resources is to set the max_user_connections system variable to a non-zero value. However, this method is strictly global, and does not allow for management of individual accounts. In addition, it limits only the number of simultaneous connections made using a single account, and not what a client can do once connected. As of version 5.5, you can limit the following server resources for individual accounts: The number of queries that an account can issue per hour The number of updates that an account can issue per hour The number of times an account can connect to the server per hour The number of simultaneous connections to the server an account can have You can enable these limits with a GRANT statement, for example: GRANT USAGE ON *.* TO localhost WITH MAX QUERIES PER HOUR 50 MAX UPDATES PER HOUR 25 MAX CONNECTIONS PER HOUR 10 MAX_USER_CONNECTIONS 5; Password Management MySQL users and passwords have nothing to do with users and passwords on Windows. Below are some tips for managing passwords: Never give anyone (except MySQL root accounts) access to the user table in the mysql database. The encrypted password is the real password in MySQL. Anyone who knows the password that is listed in the user table and has access to the host listed for the account can easily log in as that user. Do not store any plain-text passwords for your application in the database. If your computer becomes compromised, the intruder can take the full list of passwords and use them. Instead, use MD5(), SHA1(), or some other one-way hashing function and store the hash value. Always choose a strong password which includes letters, numbers and special characters. There are many readily available programs which through brute force can eventually guess the password to your server. Copyright 2010, Sun Microsystems 8
9 Encrypted Passwords MySQL encrypts passwords using its own algorithm. User accounts are listed in the user table of the mysql database. Each account is assigned a password. The password column of the user table is not the plaintext version of the password, but a hash value computed from it. Password hash values are computed by the PASSWORD() function. The server uses hash values during authentication when a client first attempts to connect. The server generates hash values if a connected client invokes the PASSWORD() function or uses a GRANT or SET PASSWORD statement to set or change a password. Password Uniqueness and Complexity If end users use the mysql client application to connect to a database application, then they are also allowed to change their own password. There is currently no real-time enforcement of the complexity of passwords, their length or age. For users with a subscription to MySQL Enterprise, the Knowledge Base offers some articles and scripts to use in which you can check for: Password complexity against a dictionary file Length Case sensitivity Character sensitivity Same login and password Encryption MySQL provides built-in functions to encrypt and decrypt data values. AES functions allow encryption and decryption of data using the official Advanced Encryption Standard algorithm, previously known as Rijndael Encoding is done with a 128-bit key length is used, but you can extend it up to 256 bits by modifying the source code. DES functions allow for encryption and decryption using the Triple-DES algorithm. MD5 functions calculate a 128-bit checksum for a string. SHA1 calculates a 160-bit checksum for the string, however SHA-1 algorithms have become known and you should strongly consider using one of the other encryption functions. Below is a list of some of the common encryption functions used with MySQL: AES_ENCRYPT() AES_DECRYPT() DES_ENCRYPT() DES_DECRYPT() MD5() SHA1() Copyright 2010, Sun Microsystems 9
10 An example of how to use the AES functions is illustrated below: INSERT INTO table.col1 VALUES (AES_ENCRYPT( , my_password )); and SELECT AES_DECRYPT(col1, my_password ) col1 FROM table1; Data Communication It is best not to transmit plain (unencrypted) data over the Internet. This information is accessible to everyone who has the time and ability to intercept it and use it for their own purposes. Instead, use an encrypted protocol such as SSL or SSH. Another technique is to use SSH port-forwarding to create an encrypted (and compressed) tunnel for the communication. The standard configuration of MySQL is intended to be as fast as possible, so encrypted connections are not used by default. Doing so would make the client/server protocol much slower. Encrypting data is a CPU-intensive operation that requires the computer to do additional work and can delay other MySQL tasks. For applications that require the security provided by encrypted connections, the extra computation is warranted. MySQL allows encryption to be enabled on a per-connection basis. You can choose a normal unencrypted connection or a secure encrypted SSL connection according the requirements of individual applications. Secure connections are based on the OpenSSL API and are available through the MySQL C API. It should be noted that MySQL Replication uses the C API, so secure connections can be used between master and slave servers. For instructions on how to configure MySQL with SSL please visit: Another way to connect securely is from within an SSH connection to the MySQL server host. For instructions on how to configure this option, see: In general it is better to use IP numbers rather than hostnames in the grant tables whenever possible. In any case, you should be very careful about creating grant table entries using hostname values that contain wildcards. Database Replication It is best to set up an exclusive account on the master server that the slave server can use to connect. This account must be given the REPLICATION SLAVE privilege. If this account is used only for replication (which is recommended), you don't need to grant any additional privileges. For example: GRANT REPLICATION SLAVE ON *.* Copyright 2010, Sun Microsystems 10
11 TO IDENTIFIED BY 'password'; If you plan to use the LOAD TABLE FROM MASTER or LOAD DATA FROM MASTER statements from the slave host, you must grant this account additional privileges: Grant the account the SUPER and RELOAD global privileges. (Recall that the SUPER privilege is comparable to root) Grant the SELECT privilege for all tables that you want to load. Any master tables from which the account cannot SELECT will be ignored by LOAD DATA FROM MASTER. Securing MySQL with MySQL Enterprise For production deployments of MySQL, we recommended that a company subscribe to MySQL Enterprise. MySQL Enterprise contains the software and services necessary to support MySQL in mission-critical environments where a business is relying on their database-driven systems to drive their key applications. The MySQL Enterprise subscription is comprised of the following three components: The MySQL Enterprise Server is the most reliable, secure and up-to-date version of MySQL. MySQL Enterprise provides the added value of the update services wrapped around the MySQL Enterprise server in the form of: Monthly Rapid Updates Quarterly Service Packs Hot Fix Build Program Extended End-of-Life Program The MySQL Enterprise Monitor with Query Analyzer is a distributed web application that you deploy within the safety of your corporate firewall. The Monitor continually monitors all of your MySQL servers and proactively alerts you to potential problems and tuning opportunities before they become costly outages. It also provides you with MySQL expert advice on the issues it has found so you know where to spend your time in optimizing your MySQL systems. Copyright 2010, Sun Microsystems 11
12 The security related features of Enterprise Monitor include the ability to monitor: Unplanned security changes users with global privileges Appropriate passwords/usage Inappropriate user privileges Root user issues Others MySQL Production Support Services MySQL Enterprise includes 24 X 7 X 365 production support for your MySQL servers to help ensure your business critical applications are continuously available and running at their peak. MySQL Production Support Services include: Online Self-Help Support The knowledge base is a self-help tool that provides you with access to 2,000+ technical articles on MySQL specific topics that help quickly answer questions and solve problems. Problem Resolution Support Allows you to work directly with the MySQL Production Support team via phone, or an online for quick resolution of technical problems. Consultative Support Allows you to work with MySQL Engineers on the proper installation, configuration and deployment of MySQL and its advanced feature set and on best practices around the design and tuning of schemas, queries and application specific code. Advanced Support for MySQL High Availability and Scalability Solutions MySQL Enterprise includes full production support for additional advanced MySQL features and third-party solutions to scale the availability and performance of your online applications. MySQL on Windows Case Studies Below are some examples of MySQL customers realizing lower TCO by running MySQL on Windows. Adobe Relies on MySQL to Make Creative Professionals More Productive Adobe Systems is one of the largest software companies and is the leading provider of creative tools for print, web, interactive, mobile, video and film. Adobe embeds MySQL into several Adobe Creative Suite 3 components, including Adobe Acrobat CS3, Adobe Bridge CS3, and Adobe Version Cue CS3 so that workgroups can work more efficiently on complex projects. For more information please visit: NetQoS Delivers Distributed Network Management Solution with Embedded MySQL NetQoS delivers products and services that enable some of the world s most demanding enterprises to improve network performance. American Express, Barclays, Boeing, Chevron, Cisco, Citrix, DuPont, Sara Lee, and Schlumberger are among the corporations that rely on NetQoS performance management solutions to ensure consistent delivery of business critical applications, monitor application service levels, troubleshoot problems quickly, contain infrastructure costs, and manage user expectations. To find the right embedded database solution to fit its innovative product architecture, NetQoS evaluated everything from flat-files to proprietary databases. NetQoS found that MySQL provided the ideal combination of performance, reliability, and ease of administration on Windows. For more information please visit: Copyright 2010, Sun Microsystems 12
13 For a complete list of case studies and other resources concerning organizations making use of MySQL on Windows, please visit: Conclusion In this paper we presented a recap of many of the post-installation tasks required to secure an installation of the MySQL server on Windows. We covered topics related to account and password management, encryption and network access. Because MySQL continues to be a very popular choice on Windows, we strongly encourage you to review these guidelines and implement then into your standard operating procedures. Resources White Papers Case Studies Press Releases, News and Events Live Webinars Webinars on Demand About MySQL MySQL is the most popular open source database software in the world. Many of the world's largest and fastest-growing organizations use MySQL to save time and money powering their high-volume Web sites, critical business systems and packaged software -- including industry leaders such as Yahoo!, Alcatel- Lucent, Google, Nokia, YouTube and Zappos.com. At Sun provides corporate users with commercial subscriptions and services, and actively supports the large MySQL open source developer community. To discover how Sun s offerings can help you harness the power of next-generation Web capabilities, please visit Copyright 2010, Sun Microsystems 13
Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment
White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based
More informationHardening MySQL. Maciej Dobrzański maciek at psce.com @MushuPL http://www.psce.com/
Hardening MySQL Maciej Dobrzański maciek at psce.com @MushuPL http://www.psce.com/ In this presentation Database security Security features in MySQL The ugly truth Improving security DATABASE SECURITY
More informationNetwork-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2
Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3
More informationMySQL Security: Best Practices
MySQL Security: Best Practices Sastry Vedantam sastry.vedantam@oracle.com Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes
More informationDBA Tutorial Kai Voigt Senior MySQL Instructor Sun Microsystems kai@sun.com Santa Clara, April 12, 2010
DBA Tutorial Kai Voigt Senior MySQL Instructor Sun Microsystems kai@sun.com Santa Clara, April 12, 2010 Certification Details http://www.mysql.com/certification/ Registration at Conference Closed Book
More informationMySQL Backup and Security. Best practices on how to run MySQL on Linux in a secure way Lenz Grimmer <lenz@mysql.com>
MySQL Backup and Security Best practices on how to run MySQL on Linux in a secure way Lenz Grimmer Introduction In this session you will learn best practises on how to configure and run
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationNovell Access Manager SSL Virtual Private Network
White Paper www.novell.com Novell Access Manager SSL Virtual Private Network Access Control Policy Enforcement Compliance Assurance 2 Contents Novell SSL VPN... 4 Product Overview... 4 Identity Server...
More informationConfiguring Security Features of Session Recording
Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording
More informationWhat s New in MySQL 5.7 Security Georgi Joro Kodinov Team Lead MySQL Server General Team
What s New in MySQL 5.7 Security Georgi Joro Kodinov Team Lead MySQL Server General Team Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information
More informationComplying with PCI Data Security
Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring
More informationNetQoS Delivers Distributed Network
Behind the Scenes with MySQL NetQoS Delivers Distributed Network Management Solution with Embedded MySQL NetQoS delivers products and services that enable some of the world s most demanding enterprises
More informationSecurity Architecture Whitepaper
Security Architecture Whitepaper 2015 by Network2Share Pty Ltd. All rights reserved. 1 Table of Contents CloudFileSync Security 1 Introduction 1 Data Security 2 Local Encryption - Data on the local computer
More informationUsing EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience
Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Applied Technology Abstract The Web-based approach to system management taken by EMC Unisphere
More informationMonitoring Sonic Firewall
Monitoring Sonic Firewall eg Enterprise v6.0 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may be reproduced
More informationCONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities
CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities DNS name: turing.cs.montclair.edu -This server is the Departmental Server
More informationipad in Business Security
ipad in Business Security Device protection Strong passcodes Passcode expiration Passcode reuse history Maximum failed attempts Over-the-air passcode enforcement Progressive passcode timeout Data security
More informationWebsense Support Webinar: Questions and Answers
Websense Support Webinar: Questions and Answers Configuring Websense Web Security v7 with Your Directory Service Can updating to Native Mode from Active Directory (AD) Mixed Mode affect transparent user
More informationHIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER
HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER With technology everywhere we look, the technical safeguards required by HIPAA are extremely important in ensuring that our information
More informationLotus Domino Security
An X-Force White Paper Lotus Domino Security December 2002 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 Introduction Lotus Domino is an Application server that provides groupware
More informationEnterprise Manager. Version 6.2. Installation Guide
Enterprise Manager Version 6.2 Installation Guide Enterprise Manager 6.2 Installation Guide Document Number 680-028-014 Revision Date Description A August 2012 Initial release to support version 6.2.1
More informationConfigure Cisco Emergency Responder Disaster Recovery System
Configure Cisco Emergency Responder Disaster Recovery System Disaster Recovery System overview, page 1 Backup and restore procedures, page 2 Supported features and components, page 4 System requirements,
More informationBeamYourScreen Security
BeamYourScreen Security Table of Contents BeamYourScreen Security... 1 The Most Important Facts in a Nutshell... 3 Content Security... 3 User Interface Security... 3 Infrastructure Security... 3 In Detail...
More informationCisco SSL Encryption Utility
About SSL Encryption Utility, page 1 About SSL Encryption Utility Unified ICM web servers are configured for secure access (HTTPS) using SSL. Cisco provides an application called the SSL Encryption Utility
More informationXerox DocuShare Security Features. Security White Paper
Xerox DocuShare Security Features Security White Paper Xerox DocuShare Security Features Businesses are increasingly concerned with protecting the security of their networks. Any application added to a
More informationwww.novell.com/documentation Server Installation ZENworks Mobile Management 2.7.x August 2013
www.novell.com/documentation Server Installation ZENworks Mobile Management 2.7.x August 2013 Legal Notices Novell, Inc., makes no representations or warranties with respect to the contents or use of this
More informationMIKOGO SECURITY DOCUMENT
MIKOGO SECURITY DOCUMENT Table of Contents Page 2. 6. 6. The Most Important Facts in a Nutshell In Detail Application Firewall Compatibility Quality Management: ISO 9001 Certification Data Compression
More informationFireSIGHT User Agent Configuration Guide
Version 2.2 August 20, 2015 THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL
More informationIBackup Drive User Guide
IBackup Drive User Guide TABLE OF CONTENTS Introduction... 3 Features... 4 Install IBackup Drive... 5 Login to IBackup Drive... 5 About Main Screen... 7 Settings... 8 Toolbar Options... 11 IBackup Drive
More informationFTP Service Reference
IceWarp Server FTP Service Reference Version 10 Printed on 12 August, 2009 i Contents FTP Service 1 V10 New Features... 2 FTP Access Mode... 2 FTP Synchronization... 2 FTP Service Node... 3 FTP Service
More informationServer Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4
Contents Is Rumpus Secure? 2 Use Care When Creating User Accounts 2 Managing Passwords 3 Watch Out For Aliases 4 Deploy A Firewall 5 Minimize Running Applications And Processes 5 Manage Physical Access
More informationSECUR IN MIRTH CONNECT. Best Practices and Vulnerabilities of Mirth Connect. Author: Jeff Campbell Technical Consultant, Galen Healthcare Solutions
SECUR Y IN MIRTH CONNECT Best Practices and Vulnerabilities of Mirth Connect Author: Jeff Campbell Technical Consultant, Galen Healthcare Solutions Date: May 15, 2015 galenhealthcare.com 2015. All rights
More informationMonitoring Coyote Point Equalizers
Monitoring Coyote Point Equalizers eg Enterprise v6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may
More informationLast Updated: July 2011. STATISTICA Enterprise Server Security
Last Updated: July 2011 STATISTICA Enterprise Server Security STATISTICA Enterprise Server Security Page 2 of 10 Table of Contents Executive Summary... 3 Introduction to STATISTICA Enterprise Server...
More informationDisaster Recovery System Administration Guide for Cisco Unified Contact Center Express Release 8.5(1)
Disaster Recovery System Administration Guide for Cisco Unified Contact Center Express Release 8.5(1) This guide provides an overview of the Disaster Recovery System, describes how to use the Disaster
More informationMonitoring DoubleTake Availability
Monitoring DoubleTake Availability eg Enterprise v6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of this document may
More informationIM and Presence Disaster Recovery System
Disaster Recovery System, page 1 Access the Disaster Recovery System, page 2 Back up data in the Disaster Recovery System, page 3 Restore scenarios, page 9 Backup and restore history, page 15 Data authentication
More informationWhite Paper BMC Remedy Action Request System Security
White Paper BMC Remedy Action Request System Security June 2008 www.bmc.com Contacting BMC Software You can access the BMC Software website at http://www.bmc.com. From this website, you can obtain information
More informationSetting Up Specify to use a Shared Workstation as a Database Server
Specify Software Project www.specifysoftware.org Setting Up Specify to use a Shared Workstation as a Database Server This installation documentation is intended for workstations that include an installation
More information7.1. Remote Access Connection
7.1. Remote Access Connection When a client uses a dial up connection, it connects to the remote access server across the telephone system. Windows client and server operating systems use the Point to
More informationDatabase Security. Principle of Least Privilege. DBMS Security. IT420: Database Management and Organization. Database Security.
Database Security Rights Enforced IT420: Database Management and Organization Database Security Textbook: Ch 9, pg 309-314 PHP and MySQL: Ch 9, pg 217-227 Database security - only authorized users can
More informationUnderstanding the Cisco VPN Client
Understanding the Cisco VPN Client The Cisco VPN Client for Windows (referred to in this user guide as VPN Client) is a software program that runs on a Microsoft Windows -based PC. The VPN Client on a
More informationQuick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca!
Quick Start Guide Cerberus FTP is distributed in Canada through C&C Software. Visit us today at www.ccsoftware.ca! How to Setup a File Server with Cerberus FTP Server FTP and SSH SFTP are application protocols
More informationIBM WebSphere Application Server Version 7.0
IBM WebSphere Application Server Version 7.0 Centralized Installation Manager for IBM WebSphere Application Server Network Deployment Version 7.0 Note: Before using this information, be sure to read the
More informationRemotelyAnywhere. Security Considerations
RemotelyAnywhere Security Considerations Table of Contents Introduction... 3 Microsoft Windows... 3 Default Configuration... 3 Unused Services... 3 Incoming Connections... 4 Default Port Numbers... 4 IP
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More informationDisaster Recovery System Administration Guide for Cisco Unified Contact Center Express Release 8.0(2)
Disaster Recovery System Administration Guide for Cisco Unified Contact Center Express Release 8.0(2) This guide provides an overview of the Disaster Recovery System, describes how to use the Disaster
More informationBlaze Vault Online Backup. Whitepaper Data Security
Blaze Vault Online Backup Version 5.x Jun 2006 Table of Content 1 Introduction... 3 2 Blaze Vault Offsite Backup Server Secure, Robust and Reliable... 4 2.1 Secure 256-bit SSL communication... 4 2.2 Backup
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationApplication Security Policy
Purpose This document establishes the corporate policy and standards for ensuring that applications developed or purchased at LandStar Title Agency, Inc meet a minimum acceptable level of security. Policy
More informationWeb Plus Security Features and Recommendations
Web Plus Security Features and Recommendations (Based on Web Plus Version 3.x) Centers for Disease Control and Prevention National Center for Chronic Disease Prevention and Health Promotion Division of
More informationLenz Grimmer <lenz@mysql.com>
MySQL Backup and Security Best practices on how to run MySQL on Linux in a secure way Lenz Grimmer Free and Open Source Software Conference Bonn/Rhein-Sieg, Germany 24./25. June 2006 MySQL
More informationSECURELINK.COM ENTERPRISE REMOTE SUPPORT NETWORK
ENTERPRISE REMOTE SUPPORT NETWORK I. INTRODUCTION EXECUTIVE SUMMARY MANAGING REMOTE SUPPORT IN A SECURE ENVIRONMENT Enterprise computing environments often include dozens, even hundreds of different software
More informationBacking Up and Restoring Data
Backing Up and Restoring Data Cisco Unity Express backup and restore functions use an FTP server to store and retrieve data. The backup function copies the files from the Cisco Unity Express application
More informationFileMaker Server 7. Administrator s Guide. For Windows and Mac OS
FileMaker Server 7 Administrator s Guide For Windows and Mac OS 1994-2004, FileMaker, Inc. All Rights Reserved. FileMaker, Inc. 5201 Patrick Henry Drive Santa Clara, California 95054 FileMaker is a trademark
More informationPowerChute TM Network Shutdown Security Features & Deployment
PowerChute TM Network Shutdown Security Features & Deployment By David Grehan, Sarah Jane Hannon ABSTRACT PowerChute TM Network Shutdown (PowerChute) software works in conjunction with the UPS Network
More informationClick Studios. Passwordstate. Installation Instructions
Passwordstate Installation Instructions This document and the information controlled therein is the property of Click Studios. It must not be reproduced in whole/part, or otherwise disclosed, without prior
More informationSecure IIS Web Server with SSL
Secure IIS Web Server with SSL EventTracker v7.x Publication Date: Sep 30, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The purpose of this document is to help
More informationDataTrust Backup Software. Whitepaper Data Security. Version 6.8
Version 6.8 Table of Contents 1 Introduction... 3 2 DataTrust Offsite Backup Server Secure, Robust and Reliable... 4 2.1 Secure 128-bit SSL communication... 4 2.2 Backup data are securely encrypted...
More informationConfiguring and Monitoring Citrix Branch Repeater
Configuring and Monitoring Citrix Branch Repeater eg Enterprise v5.6 Restricted Rights Legend The information contained in this document is confidential and subject to change without notice. No part of
More informationImplementation Guide
Implementation Guide PayLINK Implementation Guide Version 2.1.252 Released September 17, 2013 Copyright 2011-2013, BridgePay Network Solutions, Inc. All rights reserved. The information contained herein
More informationDesigning and Implementing Scalable Applications with Memcached and MySQL
Designing and Implementing Scalable Applications with Meached and MySQL A MySQL White Paper June, 2008 Copyright 2008, MySQL AB Table of Contents Designing and Implementing... 1 Scalable Applications with
More informationQuestion Name C 1.1 Do all users and administrators have a unique ID and password? Yes
Category Question Name Question Text C 1.1 Do all users and administrators have a unique ID and password? C 1.1.1 Passwords are required to have ( # of ) characters: 5 or less 6-7 8-9 Answer 10 or more
More informationUnifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway
Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...
More informationWeb-Based Data Backup Solutions
"IMAGINE LOSING ALL YOUR IMPORTANT FILES, IS NOT OF WHAT FILES YOU LOSS BUT THE LOSS IN TIME, MONEY AND EFFORT YOU ARE INVESTED IN" The fact Based on statistics gathered from various sources: 1. 6% of
More informationState of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)
State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP) Document Revision History Date Version Creator Notes File Transfer Protocol Service Page 2 7/7/2011 Table of Contents
More informationHow to Secure a Groove Manager Web Site
How to Secure a Groove Manager Web Site Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations,
More informationGiftWrap 4.0 Security FAQ
GiftWrap 4.0 Security FAQ The information presented here is current as of the date of this document, and may change from time-to-time, in order to reflect s ongoing efforts to maintain the highest levels
More informationDivision of IT Security Best Practices for Database Management Systems
Division of IT Security Best Practices for Database Management Systems 1. Protect Sensitive Data 1.1. Label objects containing or having dedicated access to sensitive data. 1.1.1. All new SCHEMA/DATABASES
More informationADO and SQL Server Security
ADO and SQL Server Security Security is a growing concern in the Internet/intranet development community. It is a constant trade off between access to services and data, and protection of those services
More informationInfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures
InfoCenter Suite and the FDA s 21 CFR part 11 Electronic Records; Electronic Signatures Overview One of the most popular applications of InfoCenter Suite is to help FDA regulated companies comply with
More informationDatabase Security Guide
Institutional and Sector Modernisation Facility ICT Standards Database Security Guide Document number: ISMF-ICT/3.03 - ICT Security/MISP/SD/DBSec Version: 1.10 Project Funded by the European Union 1 Document
More informationFile Transfer And Access (FTP, TFTP, NFS) Chapter 25 By: Sang Oh Spencer Kam Atsuya Takagi
File Transfer And Access (FTP, TFTP, NFS) Chapter 25 By: Sang Oh Spencer Kam Atsuya Takagi History of FTP The first proposed file transfer mechanisms were developed for implementation on hosts at M.I.T.
More informationQuest InTrust. Version 8.0. What's New. Active Directory Exchange Windows
Quest InTrust Version 8.0 What's New Active Directory Exchange Windows Abstract This document describes the new features and capabilities of Quest InTrust 8.0. Copyright 2004 Quest Software, Inc. and Quest
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationEnterprise Remote Support Network
Enterprise Remote Support Network Table of Contents I. Introduction - Executive Summary...1 Managing Remote Support in a Secure Environment...1 The Challenge...2 The Solution...2 II. SecureLink Enterprise
More informationCA Performance Center
CA Performance Center Single Sign-On User Guide 2.4 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation ) is
More informationSetting Up Scan to SMB on TaskALFA series MFP s.
Setting Up Scan to SMB on TaskALFA series MFP s. There are three steps necessary to set up a new Scan to SMB function button on the TaskALFA series color MFP. 1. A folder must be created on the PC and
More informationFileCloud Security FAQ
is currently used by many large organizations including banks, health care organizations, educational institutions and government agencies. Thousands of organizations rely on File- Cloud for their file
More informationConfiguring Basic Settings
CHAPTER 12 This chapter describes how to configure basic settings on your ASASM that are typically required for a functioning configuration. This chapter includes the following sections: Configuring the
More informationHow Reflection Software Facilitates PCI DSS Compliance
Reflection How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance How Reflection Software Facilitates PCI DSS Compliance In 2004, the major credit
More informationThe Ultimate Remote Database Administration Tool for Oracle, SQL Server and DB2 UDB
Proactive Technologies Inc. presents Version 4.0 The Ultimate Remote Database Administration Tool for Oracle, SQL Server and DB2 UDB The negative impact that downtime can have on a company has never been
More informationDiamondStream Data Security Policy Summary
DiamondStream Data Security Policy Summary Overview This document describes DiamondStream s standard security policy for accessing and interacting with proprietary and third-party client data. This covers
More informationSQL Server Hardening
Considerations, page 1 SQL Server 2008 R2 Security Considerations, page 4 Considerations Top SQL Hardening Considerations Top SQL Hardening considerations: 1 Do not install SQL Server on an Active Directory
More informationImplementing and Managing Security for Network Communications
3 Implementing and Managing Security for Network Communications............................................... Terms you ll need to understand: Internet Protocol Security (IPSec) Authentication Authentication
More informationRelease Notes For Versant/ODBC On Windows. Release 7.0.1.4
Release Notes For Versant/ODBC On Windows Release 7.0.1.4 Table of Contents CHAPTER 1: Release Notes... 3 Description of Release... 4 System Requirements... 4 Capabilities of the Drivers... 5 Restrictions
More informationUsing RADIUS Agent for Transparent User Identification
Using RADIUS Agent for Transparent User Identification Using RADIUS Agent Web Security Solutions Version 7.7, 7.8 Websense RADIUS Agent works together with the RADIUS server and RADIUS clients in your
More informationNetwork FAX Driver. Operation Guide
Network FAX Driver Operation Guide About this Operation Guide This Operation Guide explains the settings for the Network FAX driver as well as the procedures that are required in order to use the Network
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationPostgres Plus xdb Replication Server with Multi-Master User s Guide
Postgres Plus xdb Replication Server with Multi-Master User s Guide Postgres Plus xdb Replication Server with Multi-Master build 57 August 22, 2012 , Version 5.0 by EnterpriseDB Corporation Copyright 2012
More informationComparing Microsoft SQL Server 2005 Replication and DataXtend Remote Edition for Mobile and Distributed Applications
Comparing Microsoft SQL Server 2005 Replication and DataXtend Remote Edition for Mobile and Distributed Applications White Paper Table of Contents Overview...3 Replication Types Supported...3 Set-up &
More informationSECURITY DOCUMENT. BetterTranslationTechnology
SECURITY DOCUMENT BetterTranslationTechnology XTM Security Document Documentation for XTM Version 6.2 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of
More informationMANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But
More informationPAYMENTVAULT TM LONG TERM DATA STORAGE
PAYMENTVAULT TM LONG TERM DATA STORAGE Version 3.0 by Auric Systems International 1 July 2010 Copyright c 2010 Auric Systems International. All rights reserved. Contents 1 Overview 1 1.1 Platforms............................
More informationLifeSize Video Center Administrator Guide March 2011
LifeSize Video Center Administrator Guide March 2011 LifeSize Video Center 2200 LifeSize Video Center Adminstrator Guide 2 Administering LifeSize Video Center LifeSize Video Center is a network server
More informationDecryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks
Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us
More informationIT360: Applied Database Systems. Database Security. Kroenke: Ch 9, pg 309-314 PHP and MySQL: Ch 9, pg 217-227
IT360: Applied Database Systems Database Security Kroenke: Ch 9, pg 309-314 PHP and MySQL: Ch 9, pg 217-227 1 Database Security Rights Enforced Database security - only authorized users can perform authorized
More informationCisco TelePresence Authenticating Cisco VCS Accounts Using LDAP
Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP Deployment Guide Cisco VCS X8.1 D14465.06 December 2013 Contents Introduction 3 Process summary 3 LDAP accessible authentication server configuration
More informationConfiguring GTA Firewalls for Remote Access
GB-OS Version 5.4 Configuring GTA Firewalls for Remote Access IPSec Mobile Client, PPTP and L2TP RA201010-01 Global Technology Associates 3505 Lake Lynda Drive Suite 109 Orlando, FL 32817 Tel: +1.407.380.0220
More information