Improving Web Application Security: Threats and Countermeasures
You need to regularly monitor the security state of your database server and update it regularly to help prevent newly discovered vulnerabilities from being exploited. To help keep your database server secure:
-
Perform regular backups .
-
Audit group membership .
-
Monitor audit logs .
-
Stay current with service packs and patches .
-
Perform security assessments .
-
Use security notification services .
Perform Regular Backups
You must be able to restore data in the event of a compromise. If you have a recovery system in place, test it before you actually need it. The first time you need to recover data should not be the first time you test your backup and restore process. For more information on backing up and restoring SQL Server, see the following resources:
-
SQL Server 2000 documentation, "Backing Up and Restoring Databases"
-
"Backup and Restore Strategies with SQL Server 2000," by Rudy Lee Martinez, http://www.dell.com/us/en/biz/topics/power_ps4q00-martin.htm
Audit Group Membership
Keep track of user group membership, particularly for privileged groups such as Administrators. The following command lists the members of the Administrators group:
net localgroup administrators
Monitor Audit Logs
Monitor audit logs regularly and analyze the log files by manually viewing them or use the technique described in Microsoft Knowledge Base article 296085, "How To: Use SQL Server to Analyze Web Logs."
Stay Current with Service Packs and Patches
Set up a schedule to analyze your server's software and subscribe to security alerts. Use MBSA to regularly scan your server for missing patches. The following links provide the latest updates:
-
Windows 2000 service packs . The latest service packs are listed at http://www.microsoft.com/windows2000/downloads/servicepacks/default.asp.
-
Critical updates . These updates help to resolve known issues and help protect your computer from known security vulnerabilities. For the latest critical updates, see http://www.microsoft.com/windows2000/downloads/critical/default.asp.
-
Advanced security updates . Also monitor the advanced security updates at http://www.microsoft.com/windows2000/downloads/security/default.asp.
These also help protect your computer from known security vulnerabilities.
Perform Security Assessments
Use MBSA to regularly check for security vulnerabilities and to identify missing patches and updates. Schedule MBSA to run daily and analyze the results to take action as needed. For more information about automating MBSA, see "How To: Use MBSA" in the "How To" section of this guide.
Use Security Notification Services
Use the Microsoft services listed in Table 18.6 to obtain security bulletins with notifications of possible system vulnerabilities.
| Service | Location |
|---|---|
| TechNet security Web site | http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/current.asp Use this Web page to view the security bulletins that are available for your system. |
| Microsoft Security Notification Service | http://register.microsoft.com/subscription/subscribeme.asp?ID=135 Use this service to register for regular email bulletins that notify you of the availability of new fixes and updates |
Additionally, subscribe to the industry security alert services shown in Table 18.7. This allows you to assess the threat of a vulnerability where a patch is not yet available.
| Service | Location |
|---|---|
| CERT Advisory Mailing List | http://www.cert.org/contact_cert/certmaillist.html Informative advisories are sent when vulnerabilities are reported . |
| Windows and .NET Magazine Security UPDATE | http://email.winnetmag.com/winnetmag/winnetmag_prefctr.asp Announces the latest security breaches and identifies fixes. |
| NTBugtraq | http://www.ntbugtraq.com/default.asp?pid=31&sid=1#020 This is an open discussion of Windows security vulnerabilities and attacks. Vulnerabilities which currently have no patch are discussed. |
Категории