Secure your Server

by jeremyjones on March 14, 2011

  • Share
  • CevherShare
  • Share

It does not matter what data is stored in your database, you want to prevent unauthorized access to it. If the data is not secure then anyone with the time and motivation can potentially access it over the internet. Once they are in to your database they can take all your data or delete it if they want. As well as hackers, several variants of MySQL malware exist that can get onto an unsecure server and potentially destroy all your data too.

When you are a MySQL administrator, it is your responsibility to main database security. Several activities can help you to tighten up security and make it much harder to penetrate your site.

Even before you install MySQL, you need to consider the underlying operating system. Whatever platform you run MySQL on, make sure that you are running the latest version of the software and install all relevant security updates. Where possible schedule regular maintenance slots to install these update and keep your server up to date. This is particularly true for Windows, which has patches released on a monthly cycle. You will also need to patch MySQL and any other applications on the server on a regular basis.

Once the operating system and applications are up-to-date, you can also look at securing your databases. One of the most important steps is to configure a strong password for any administrator accounts. Strong means a minimum of 12 characters and a mixture of letters, numbers and special characters. Disabled, or better still, delete any accounts that are not in use and rename any default system accounts. Run your database as a limited user to reduce the risk to the server and assign all user accounts the minimum possible permissions.

By default, MySQL will allow connection via TCP/IP from any host. If this is not required then you can disable this or limit connections only to specific allowed hosts such as a web or application server. Another way is to disable TCP/IP and use Named Pipes or shared memory instead. If TCP/IP is enabled, then a firewall between the server and an internet will help to reduce any malicious traffic.

It can be difficult to secure your server, but with a little work, you can make it a lot harder for anyone malicious to gain access to your data. Remember, if you make it hard for an intruder then they will move their attention to a less secure server.

Leave a Comment

Previous post:

Next post: