Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 - Guía de instalación descargar pdf (Pagina 27)

BlackBerry Enterprise Solution Security

BlackBerry architecture component security 27

Configuration option Recommendations

limit the privilege level of

Microsoft SQL Server Windows

services

• Associate each service with a Windows account from which the service

derives its security context.

Note: Microsoft SQL Server allows a user of the sa login and in some cases

other users to access operating system features derived from the security

context of the account that owns the server process. If the server is not

secured, a malicious user might use these operating system calls to extend

an attack to any other resource to which the Microsoft SQL Server service

account has access.

use the Microsoft SQL Server

Enterprise Manager

• If you must change the account associated with a Microsoft SQL

Server service, use the SQL Server Enterprise Manager. The SQL Server

Enterprise Manager sets the appropriate permissions on the files and

registry keys that the Microsoft SQL Server uses.

• Do not use the Microsoft Management Console Services applet to

change the account associated with a Microsoft SQL Server service.

Using this Services applet requires you to manually adjust many

registry and NTFS file system permissions and Microsoft Windows user

rights.

Note: See the Microsoft Knowledge Base article How to change the SQL

Server or SQL Server Agent service account without using SQL Enterprise

Manager in SQL Server 2000 or SQL Server Management Studio in SQL

Server 2005.

make the Microsoft SQL Server

ports that are monitored by

default on your firewall

unavailable

• Configure your firewall to filter out packets that are addressed to TCP

port 1433, addressed to UDP port 1434, or associated with named

instances.

use a secure file system

• Use NTFS for the Microsoft SQL Server because it is more stable and

recoverable than FAT file systems, and enables security options such

as file and directory ACLs and EFS.

• Do not change the permissions that the Microsoft SQL Server sets

during installation. The Microsoft SQL Server sets appropriate ACLs on

registry keys and files if it detects NTFS.

• If you must change the account that runs the Microsoft SQL Server,

decrypt the files under the old account and re-encrypt them under the

new account.

delete unsecured, old setup

files

• Delete Microsoft SQL Server setup files that might contain plain text,

credentials encrypted with weak public keys, or sensitive configuration

information that the Microsoft SQL Server logged to a Microsoft SQL

Server version-dependent location during installation.

Note: Microsoft distributes a free tool, Killpwd, which is designed to locate

and remove passwords from unsecured, old setup files on your system. See

the Microsoft Knowledge Base article Service Pack Installation May Save

Standard Security Password in File for more information.

audit connections to the

Microsoft SQL Server

• At a minimum, log failed connection attempts to the Microsoft SQL

Server and review the log regularly.

• When possible, save log files to a different hard drive than the one on

which data files are stored.

www.blackberry.com

1 2 ... 22 23 24 25 26 27 28 29 30 31 32 ... 51 52

Comentarios a estos manuales

Sin comentarios

Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 - Guía de instalación Pagina 27

Comentarios a estos manuales

Relacionado con productos y manuales para Software Blackberry S-MIME SUPPORT PACKAGE VERSION 4.1 -