SQL Security Policy

Mind Map by , created almost 6 years ago

Mind Map on SQL Security Policy, created by seanie_32 on 01/13/2014.

Tags No tags specified
Created by seanie_32 almost 6 years ago
Khadijah Mohammed
PSBD TEST # 3_1_1
yog thapa
Teaching students to be digitally literate
Micheal Heffernan
Acids and Bases
Sarah Egan
Basic Korean Verbs
Geometry Formulas (Perimeters)
2014 GCSE History Exam Paper Setup
James McConnell
A Level: English language and literature techniques = Structure
Jessica 'JessieB
How does Shakespeare present villainy in Macbeth?
Life in Germany
Ben C
SQL Security Policy
1 Physical
1.1 Disaster Recovery
1.1.1 Ensure the disaster recovery plan is up to date
1.1.2 Off-site back-up + secure
1.1.3 Fireproof / Flood proof / Offline
1.2 Physical Access
1.2.1 Ensure physical access to server is restricted
1.2.2 Server can't be turned off / disconnected / plug in keyboard or USB stick
2 Software
2.1 Anti - Virus
2.1.1 Ensure that anti-virus is running
2.1.2 Has been tuned correctly
2.1.3 Unnecessary directories are excluded to improve performance
2.1.4 Exclusions and test loading have been completed
2.2 Configure Firewall
2.2.1 Open TCP 3306 for MySQL
2.2.2 Keep as many ports closed as possible
2.2.3 Use SSH tunnel for testing as this does not expose server across web
2.3 Vendor Updates
2.3.1 Ensue that server packs / hot fixes / patches are applied frequently
2.3.2 Both at server and MySQL level
2.3.3 This fixes security risks and loopholes Results in less risk of intrusion
2.4 Unwanted Services
2.4.1 These added services could give side-door access, introducing something unexpected
2.4.2 Linux – use “rcconf” removal tool to remove unwanted services
3 Access Restrictions on Server
3.1 Restrict remote access - SOCKET
3.1.1 Socket on network layer model Connects two computers together
3.1.2 Linux – skip-networking This stops it from opening socket connections Ties connection down to local host Needs to go into .ini file
3.2 Restrict remote access – LOCALHOST
3.2.1 Bind-address = Forces SQL to listen only to localhost Can’t accept connections from anywhere else Preventing access from TCP3306 from outside source
3.3 Restrict remote access – GRANT
3.3.1 Defines who and where they will be hosted from
3.3.2 Ties down specific database and specific user
3.3.3 GRANT SELECT, INSERT ON mydb.* TO ‘someuser’@’somehost’;
4 Database Changes
4.1 Disable LOCAL INFILE
4.1.1 Prevents access to local files (eg. /etc/passwd) Stops some SQL injection attacks.
4.2 Change root directory
4.2.1 /chroot/mysql
4.2.2 socket = /chroot/mysql/tmp/mysql.sock
4.3 Remove test database
4.3.1 Can be test databases installed with MySQL Allows anonymous access to database
4.3.2 DROP DATABASE test; Drop the test and any other unwanted databases
4.4 Remove test accounts
4.4.1 SHOW GRANTS FOR ‘’@’localhost’; DROP USER “”;
4.4.2 Delete account shipped with MySQL
4.4.3 Make sure created accounts are tied down to relevant tables
4.5 Change rootname and password
4.5.1 Should upgrade to version 5 as privileges stay on previous versions.
4.5.2 MySQL > RENAME USER root TO new_user;
4.6 Lower privileges
4.6.1 Version 5 and above has pre-set restrictions Set ownership to MySQL user: shell>ls -l /var/lib/mysql Only allow MySQL and root access: shell>ls -l /usr/bin/my

Media attachments