Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Ensure physical security
- 2. Ensure operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 7 and FileMaker Server 7 for security enhancements
- Chapter 3 Build security into your solutions
About database security
7
Planning security
Start by mastering the FileMaker Pro built-in security features: accounts and privilege sets. Plan on
taking a flexible, multi-layered, and iterative approach to security.
•
Your security plan should be flexible enough to consider an individual’s unique data access
requirements.
•
Layer security at every area of access, including locking down computers, setting accounts and
privileges in the databases, restricting access to directories, and taking other steps to protect the
data.
•
Continually evaluate your security to make sure it is still protecting your data. This includes
verifying that users have the latest, most secure software versions, changing passwords on an
ongoing basis, evaluating log files to avoid surprises, and rigorously following a backup scheme.
Configure and test security options as you add structure and data to your files over time.
The table below shows how a developer or network administrator might assess variables in the
workplace and associated risks.
Workplace variables
Effect on risk level
Inexperienced data entry staff;
high turnover; new computer users
High risk of unintentional threats caused primarily by data entry
mistakes and poor backup techniques.
Inexperienced database designer • High risk of unintentional threats caused by employees having
inappropriate file and database feature access.
• Employees may introduce unintentional threats by sharing files
without taking proper security measures.
• Data is exposed if FileMaker Pro accounts and privileges are
not configured correctly to protect files adequately.
Inexperienced network administrator • High risk of unintentional threats caused by inadequate
operating system security, poor backup techniques.
• Poor network security increases the risk of intentional threats,
particularly if files are shared over the web or on a wireless
network.
• Risks are also introduced if shared files are accessed from file
servers instead of using the built-in network sharing in
FileMaker Pro and FileMaker Server. Employees can make
inappropriate copies of the files and can introduce record
locking and potential corruption issues when files are shared
with inappropriate methods.
Poor physical security High risk of intentional threat due to possible computer theft.
Databases store sensitive or
valuable data
Increased risk of intentional threats of data theft, particularly if
data is shared over the web or if access to data isn’t adequately
monitored and protected.