|
-
July 1st, 2005, 04:53 PM
#7
Hi
maddog1, no offense here: Do you have to be the maintainer
of this database, or do you want to? I hope, you can understand,
that based on
huge project for the farmers in south africa
(...)
me to do the maintenance on the DB
(...)
Can i do the maintenance on the DB over the net or not.
and without knowing you, I actually would feel uncomfortable
to delegate the security and integrity of my database(s) to
you. Just have in mind, that outsourcing to a trustworthy
partner might be the better option.
Apart from this aspect, to your question. Yes, web maintenance
is possible in principle.
It seems to boil down to a decision to be taken - which product
in which environment (homogeneous?). Katja did a decent job to
present a few solutions available. But in the end, it is up to
you to choose. What is the value of your assets and what are the
threats and vulnerabilities to them? What are the cost of
countermeasures?
Somewhere, you have to start. There are several layers, your security
plan should include, besides the security policy. Let me brainstorm:
Starting with physical security, accessibility, Multi-Tier setup[2],
Authentication mechanisms (from a SSL point of view, from a design
point of view (role-based)), integrity, encrypted connections in
general (e.g. SSL, IPSEC), service/daemon mode, forms of backup
updating, patching, access privilege model, server errors, injections,
... , auditing. Such a document can be written in a general sense,
but in particular, if you have to assign numbers, it is based on a
specific database environment. Do some reading in general[3] and get
an idea of vulnerabilities[4]. Also, it always useful to let do others
the work for you: Ask local key-account managers of database contractors/
manufacturers.
In case you have just skipped, what I have written - again: What environment
are you in? server: distributed/centralised? clients: homogeneous OS's,
remote or local? Anticipated load? Funding? With that, get in contact
with professionals.
Cheers
[1] http://www.microsoft.com/technet/pro.../security.mspx
[2] http://en.wikipedia.org/wiki/Multitier_architecture
[3] http://database.ittoolbox.com/nav/t....1&p=371&h1=371
[4] http://database.ittoolbox.com/browse...Security%2Epdf
If the only tool you have is a hammer, you tend to see every problem as a nail.
(Abraham Maslow, Psychologist, 1908-70)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote