Sybase Security Checklist
Here's a quick reference checklist for the points that are discussed in this chapter.
Background
- Read the Sybase security documentation.
- Regularly check the Sybase update page.
- Periodically search for alternative security documentation.
- Periodically search vulnerability databases.
Operating System
- Apply host- and network-based packet filters.
- Use a low-privileged account to run Sybase.
- Run Sybase in a chroot jail.
- Restrict Sybase access to the filesystem.
- Restrict other users' access to the Sybase directory.
Sybase Users
- Enforce account password complexity and lockout.
- Remove privileges from the default sa account.
- Use (at least) one user per web application.
- Do not give users unnecessary privileges.
Sybase Configuration
- Enable auditing.
- Disable xp_cmdshell.
- Disable Java if possible.
- Disable filesystem proxy table support if possible.
- Don't install test databases/clear test data.
- Use strong authentication.
The recommendations in this section are divided into four categories: Background, Operating System, Sybase Users, and Sybase configuration.
Get The Database Hacker's Handbook: Defending Database Servers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.