Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Ensure physical security
- 2. Ensure operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 7 and FileMaker Server 7 for security enhancements
- Chapter 3 Build security into your solutions
10
FileMaker Security Guide
•
To streamline processes, you can enable external authentication, which uses accounts that have
been configured in the Windows Domain Authentication or in Apple OpenDirectory. For more
information, see
“Security enhancements in FileMaker Server 7” on page 15.
•
Do not put FileMaker Pro files on file servers to share them. Use the built-in networking feature
in FileMaker
Pro and FileMaker Server. This prevents the files from being inappropriately
copied or from introducing record locking and potential corruption issues when files are shared
with inappropriate methods.
3. Establish network security
Databases shared on an intranet or the Internet use the TCP/IP protocol. You may also use the TCP/
IP protocol when you share databases peer-to-peer, or with FileMaker Server. Though TCP/IP is
good for moving data and allowing clients to connect to your data, it was not designed with security
as a primary objective. Unless you take precautions, it can provide uninvited access to your host
computer, server software, databases, and perhaps to other client machines on your internal
network. TCP/IP doesn't provide very much protection for data, so it is important to place
barricades such as firewalls and SSL data encryption in the path of uninvited visitors. For more
information on third-party products such as encryption programs, see
“Use encryption or VPNs to
protect data” on page 22.
•
The most common barricade method used is the firewall, which separates your network into two
distinct environments: a public environment that is “outside the firewall,” and a private
environment that is “behind the firewall.” Users outside of the firewall will only have access to
those TCP/IP or hardware addresses that you expose. You can concentrate your security on those
server machines that are exposed, while allowing machines behind the firewall to operate with
fewer safeguards.
•
Using wireless networking devices, like the Apple AirPort and other 802.11b networking cards
and base stations, can pose security challenges. These devices can broadcast your network traffic
beyond the walls of your building, so it is extremely important to encrypt your wireless
networking signals. Always use the maximum level of signal encryption available. For more
information, see
“About wireless networks” on page 23.
4. Devise a plan for securing your databases
When you plan your database design, also plan how to secure your FileMaker database files. It’s
much easier to design security into your database than to incorporate it later.
•
List the areas of the file that you want to protect, such as particular tables, fields, records, layouts,
value lists, and scripts. Plan the number of privilege sets you need to enforce the varying levels
of file access that you require.
•
Determine if you need individual accounts for each user (recommended), or accounts that
multiple users can share (such as a “Marketing” or a “Sales” account).
•
Decide if you want to enable the Guest account, which permits users to open the file without
logging in and providing account information. If you’re using the Guest account, assign the most
limited privilege set possible; otherwise, consider disabling it.