Security Guide
Table Of Contents
- Chapter 1 About database security
- Chapter 2 Security “Top 10” list
- 1. Enhance physical security
- 2. Enhance operating system security
- 3. Establish network security
- 4. Devise a plan for securing your databases
- 5. Restrict data access with accounts and privilege sets
- 6. Back up databases and other important files
- 7. Install, run, and upgrade anti-virus software
- 8. Test your security measures
- 9. Assess, iterate, and improve security measures
- 10. Upgrade to FileMaker Pro 8 and FileMaker Server 8 for security enhancements
- Chapter 3 Build security into your solutions
Security “Top 10” list 13
• Make sure backup copies aren’t damaged or inaccessible. Verify that they are functioning
properly
before you need them. Run diagnostic tools on your hard drive and your backup files
regularly.
• Ensure that you can restore an entire set of files from backup copies.
• Regularly export the data to protect against file corruption.
• Protect the backup media itself. Store backups in a separate and fire-proof location.
• Assign backup administrators who can retrieve files, in case the network administrator is
unavailable.
• Plan for redundancy. If the power goes off, a universal power supply (UPS) should sustain power
for at least 15 minutes, enabling you to safely close all files. If the power can’t be restored in a
timely fashion, consider using a generator to supply power to servers. Also consider power
sources for routers and firewalls. Will communication be a problem if your Internet access is
interrupted for 48 hours or longer?
• Consider how you will continue to provide services if an intruder takes down your database
server and that server can’t be restored to its previous condition.
• Evaluate additional scenarios that could occur, and create a plan to respond to each one.
Also, network administrators should assess risks to data systems and business-critical functions.
For example, consider:
• Theft of data or theft of proprietary intellectual property.
• Disruption, theft, or damage to network infrastructure such as servers, networks, data storage, or
data backup storage. Damage can be caused by password crackers or by other types of malicious
sabotage and destruction. Most incidents originate from within the organization.
• Disruption or damage to the organization infrastructure such as building fires, environmental or
biological hazards, floods, and so on.
• Disruption or damage to the public infrastructure, including electrical power,
telecommunications (voice and data), transportation grids (roadways, buses, trains) caused by
environmental conditions, or severe weather such as tornadoes or floods.
Important In the event of a server failure, such as an unexpected loss of power, hard drive failure,
or software failure, use the backup files. Any system failure causing FileMaker Server to shut down
inappropriately can result in corrupted files if cached data was not written to disk and the files were
not closed properly. Even if the files re-open and go through a consistency check or recovery,
corruption might be buried in the file. File recovery cannot guarantee that problems have been
fixed.
About FileMaker Pro file recovery
Use the recovery feature when a database file is closed inappropriately and the data since the last
backup must be recovered. Recovery creates a new file with a name different than the original file
because it is not intended to replace the file. It is an aggressive process which might remove layouts,
scripts, etc. in order to return the most data possible. The data should be exported from the
recovered file and imported into a clean backup of the original database file.
Because recovery can take a long time, make local backups at an interval relating to the amount of
data that could be lost.