The Database Hacker's Handbook: Defending Database Servers by

Sybase Security Checklist

Here's a quick reference checklist for the points that are discussed in this chapter.

Background

1. Read the Sybase security documentation.
2. Regularly check the Sybase update page.
3. Periodically search for alternative security documentation.
4. Periodically search vulnerability databases.

Operating System

1. Apply host- and network-based packet filters.
2. Use a low-privileged account to run Sybase.
3. Run Sybase in a chroot jail.
4. Restrict Sybase access to the filesystem.
5. Restrict other users' access to the Sybase directory.

Sybase Users

1. Enforce account password complexity and lockout.
2. Remove privileges from the default sa account.
3. Use (at least) one user per web application.
4. Do not give users unnecessary privileges.

Sybase Configuration

1. Enable auditing.
2. Disable xp_cmdshell.
3. Disable Java if possible.
4. Disable filesystem proxy table support if possible.
5. Don't install test databases/clear test data.
6. Use strong authentication.

The recommendations in this section are divided into four categories: Background, Operating System, Sybase Users, and Sybase configuration.