Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about what the database security specifications are, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

I. OS security policy

Strictly abide by the policy on os security formulated by SA. Pay special attention to the following points:

1. It is strictly forbidden to expose the database server to the public network.

two。 Shut down unnecessary services and ports on the database server.

3. Limit the open ports in the local area network, mainly ssh and database service ports. Additional ports are required, applications need to be made and documented.

4. Restrict the OS account on the database server. In addition to the default account, only database users (such as mysql) are allowed. If you need to open other system accounts, you need to apply separately.

5. Host trust policy: trust is limited to server permissions granted by non-proliferation. If it is specified that admin users of Server An are only open to sa,dba and serverB is a trusted server for server A, serverB must be a server that is prohibited from being accessed by anyone other than sa,dba.

II. Database configuration security

The installation of all database servers is deployed according to the standard template and has a detailed installation log.

III. Password management strategy

(1) root of database host and password management policy of database users:

Database host root and database user password are controlled by other roles besides product dba team

1. In this case, change it once a month. Other passwords are changed every three months.

two。 The password is more than 8 digits long and must be a combination of letters and numbers or symbols.

3. The same password must not be used multiple times.

4. For employee turnover, the corresponding password will be changed once.

(2) apply user password management policy:

1. The application user password is not allowed to be disclosed to other personnel except that it is known by the product dba personnel.

two。 The password is more than 8 digits long and must be a combination of letters and numbers or symbols.

3. The same password must not be used multiple times.

4. For employee turnover, the corresponding password will be changed once.

IV. Account management strategy

1. Other users who are self-built in the database should change the default password and keep their account in lock status unless otherwise necessary.

two。 The database log should be monitored daily to observe the changes of database login and find out whether there are illegal attempts to log in in time.

3. The login process must be encrypted. The password in the application configuration file should also be encrypted.

Fifth, patch strategy

Database upgrade, patching, need to ensure stability, security, and abide by the following principles:

1. No major problems, no patches (patch)

two。 To upgrade a large version, you need to wait for the big version to be released for more than 1 year.

3. Patchset upgrade, you need to wait until patchset is released for more than 3 months.

4. Patchset takes precedence over patch.

VI. Data backup and recovery strategy

See the company's data backup management specification.

VII. provisions on safety inspection

1. Conduct a security inspection of the database at least once a quarter.

two。 Conduct a security audit of database operations at least once a quarter.

After reading the above, do you have any further understanding of the database security specification? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.