 |
|
 |
|
 |
 |
||
|
|
|
|
|
|
||
www.ecommerce-guide.com/news/trends/article.php/124951
By Mark Merkow, CCP, CISSP November 20, 1998 Establishing Faith In Your Hosts"Trusted hosts" are another security measure that you may elect to use. One approach is to establish Access Control Lists (ACLs) on your Application servers to thwart attempts at running or installing programs without authority to do so. If your application software can somehow be identified as ''legitimate'' (signed using an organization''s private key, AuthentiCode technology, etc.), you add still another layer of protection to your resources. Still another approach might use server-to-server authentication with digital certificates to provide two-way assurances that application requests and responses are legitimate. Access control information (log-in IDs and passwords) that are stored on your servers should be kept in the most obscure forms possible. Never leave this type of information in the clear anywhere on the file systems. Move them to registries on the operating system in encrypted forms or encrypt the configuration files themselves. Even if the server is hijacked, the attacker will still have a hard time accessing other systems or doing anything destructive. On the Database tier, consider encrypting the contents -- at the field level, the row level, the table level, or at the entire database level. Different data classifications call for different situations, so analyze your needs carefully. Where audit trails of activity are crucial, turn on database auditing to help in monitoring activity or for prosecution purposes. |
| Go to page: Prev 1 2 3 4 5 6 Next |
|
|
The Network for Technology Professionals
Legal Notices, Licensing, Permissions, Privacy Policy.
Advertise | Newsletters | E-mail Offers
