Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
51525354555657585960
Best practice Description
Microsoft SQL Server permits the sa account and, in some cases, other user accounts
to access operating system calls based on the security context of the account that
runs the Microsoft SQL Server service. If you do not limit the permission level of the
Microsoft SQL Server, a potentially malicious user might use these operating system
calls to attack any other resource that the account has access to.
Make the Microsoft SQL Server port
numbers that are monitored by default
on your organization’s firewall
unavailable.
Consider configuring your organization’s firewall to filter packets that are addressed
to TCP port 1433, addressed to UDP port 1434, or associated with named instances.
Protect the sa account using a password. Consider assigning a password to the sa account on the Microsoft SQL Server, even
on servers that require Windows authentication. The password is designed to
prevent an empty or weak password for the sa account from being exposed if an
administrator of the database resets the Microsoft SQL Server for mixed mode
authentication.
Protect the Microsoft SQL Server
installation from Internet-based
attacks.
Consider the following guidelines:
Require Windows Authentication Mode for connections to the Microsoft SQL
Server to restrict connections to Windows user accounts and domain user
accounts, and turn on credentials delegation. Windows Authentication Mode
does not require you to store passwords on the computer.
Use stronger authentication protocols, required password complexity, and
required expiration times.
Use a secure file system. Consider the following guidelines:
Use NTFS for the Microsoft SQL Server because it is more stable and
recoverable than FAT file systems, and NTFS permits security options such as
file and directory ACLs and EFS.
Do not change the permissions that the Microsoft SQL Server specifies during
the Microsoft SQL Server installation process. The Microsoft SQL Server
creates appropriate ACLs on registry keys and files if it detects NTFS.
If you must change the account that runs the Microsoft SQL Server, decrypt
the files that you could access using the old account and encrypt them again
for access using the new account.
Use Microsoft SQL Server Management
Studio.
Consider the following guidelines:
Security Technical Overview
Data that the BlackBerry Configuration Database stores
56