Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Ensure physical security
- 2. Ensure operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 7 and FileMaker Server 7 for security enhancements
- Chapter 3 Build security into your solutions
Build security into your solutions 23
You can protect data by:
• Setting up a secure VPN to encrypt some (or all) of your network traffic as it travels across a
Wide Area Network (WAN).
• Host databases with FileMaker Server and configure SSL encryption in the web server
application.
• Combining the above.
Using Secure Sockets Layer (SSL) security for web publishing
The SSL protocol is a standardized method for allowing encrypted and authenticated
communication between web servers and clients (web browsers). SSL encryption is only available
to databases hosted with FileMaker
Server, and is enabled in the web server application, such as
Microsoft Internet Information Server (IIS) or Apache HTTP Server by the Apache Group.
SSL encryption converts information exchanged between servers and clients into unintelligible
information through the use of mathematical formulas known as
ciphers. These ciphers are then
used to transform the information back into understandable data through
encryption keys.
For information on enabling and configuring SSL, review the documentation that accompanies
your web server.
About wireless networks
Another security vulnerability to be aware of are 802.11x wireless networking devices, also called
“Wi–Fi” connections, which include:
• a station (or the device with the 802.11x wireless access) such as a laptop
• an access point (wireless hub or bridge) that is the point of access to the network
• the Local Area Network itself
• an authentication server, a separate device that challenges clients when they attempt network
connections
Radio frequency access to a network leaves it open to packet interception by any radio within range
of a transmitter. This enables intruders to connect through wireless protocols to corporate networks.
These intrusions can be made far outside the customary “working” range by using hi-gain antennas.
For example, if FileMaker Server is hosting files, an intruder could access data if the files lack
sufficient user account security. An intruder who knows how a WAN controls access might be able
to gain access to the network, steal a valid computer address, and use its assigned IP address. A
typical approach is to wait until the valid computer stops using the network and then take over its
position in the network and gain access to all devices in the network or to the wider Internet.
Important When assessing the physical security of your network, password-protect and encrypt your
wireless networking signals. Always use the maximum level of signal encryption available.