Posted by arlene

Hardening is an important process, another way to harden the network is to use network access control (NAC). There are several different incarnations of NAC available. These include infrastructure-based NAC, endpoint-based NAC, and hardware-based NAC.

1. Infrastructure-based NAC requires an organization to be running the most current hardware and OSes. OSes such as Microsoft Vista has the ability to perform NAC.
2. Endpoint-based NAC requires the installation of software agents on each network client. These devices are then managed by a centralized management console.
3. Hardware-based NAC requires the installation of a network appliance. The appliance monitors for specific behavior and can limit device connectivity should noncompliant activity be detected.

NAC offers administrators a way to verify that devices meet certain health standards before they’re allowed to connect to the network. Laptops, desktop computers, or any device that doesn’t comply with predefined requirements, can be prevented from joining the network or can even be relegated to a controlled network where access is restricted until the device is brought up to the required security standards.

Databases

Database servers may include servers running SQL or other databases such as Oracle. These types of databases present unique and challenging conditions when considering hardening the system. For example, in most SQL-based systems, there is both a server function and a client front end that must be considered. In most database systems, access to the database information, creation of new databases, and maintenance of the databases is controlled through accounts and permissions created by the application itself. Although some databases allow the integration of access permissions for authenticated users in the OS and NOS directory services system, they still depend on locally created permissions to control most access. This makes the operation and security of these types of servers more complicated than is seen in other types.

Unique challenges exist in the hardening of database servers. Most require the use of extra components on client machines and the design of forms for access to the data structure, to retrieve the information from the tables constructed by the database administrator. Permissions can be extremely complex, as rules must be defined to allow individuals to query database access to some records, and no access to others. This process is much like setting access permissions, but at a much more granular and complex level.

Forms designed for the query process must also be correctly formulated to allow access only to the appropriate data in the search process. Integrity of the data must be maintained, and the database itself must be secured on the platform on which it is running to protect against corruption.

Other vulnerabilities require attention when setting up specific versions of SQL in a network. For example, Microsoft’s SQL 7.0 and earlier versions set two default conditions that must be hardened in the enterprise environment. First, the “sa” account, which is used for security associations and communication with the SQL processes, and the host machine, is installed with a blank password. Second, the server is configured using mixed mode authentication, which allows the creation of SQL- specific accounts for access that are not required to be authenticated by the Windows authentication subsystem. This can lead to serious compromise issues and allow control of the server or enterprise data. It is strongly recommended that administrators harden these two conditions, using a strong password on the sa account, and utilizing Windows authentication instead of mixed-mode authentication.

Network access concerns must also be addressed when hardening the database server. SQL, for example, requires that ports be accessible via the network depending on what platform is in use. Oracle may use ports 1521, 1522, 1525, or 1529, among others. MS SQL server uses ports 1433 and 1444 for communication. As can be seen, more consideration of network access is required when using database servers. Normal OS concerns must also be addressed.

Possibly related posts: (automatically generated)
Network Access Control Databases

• Network and Servers Technical Compare continue...
• Website Hosting Sever, some Pitfalls you need to avoid part 1
• Using the New Wizards in SQL Server 2000
• Sharing Data, Database Design and Data Backup
• Keeping Multiple Database Applications in Sync with Replication
• Running Multiple Instances on One Machine
• Future Programming, the Next Development Platform part 1
• The Active Directory Schema
• Data Warehouse, Databases Easy Access Top ten Considerations part 2
• Altering the Size of the Transaction Log Files