Databases Reference
In-Depth Information
Don't use the Sybase mail capability.
Review all passwords. (See Chapter 4 for more on password strength.)
Make sure that passwords are set to expire by setting
exec
sp_configure "password expiration interval", 60
. You can use
any number except 0, which means that passwords never expire. The
example above sets passwords to expire after 60 days. (More on this in
Chapter 4.)
Require strong passwords. For example, set
exec sp_configure
"password expiration interval", 1
to ensure that each password
has at least one digit and set
exec sp_configure "minimum password
length", 8
to ensure that each password is at least eight characters
long (or whatever your policy requires). (More on this in Chapter 4.)
Remove the guest user from all databases except from master and
tempdb.
If you are running a Windows-based system, verify that the Sybase
registry keys have the appropriate permissions.
If running on a Windows system, prefer integrated authentication
mode. You can check the authentication mode using
exec
sp_loginconfig "login mode"
. Integrated is a value of 1.
Ensure that the default login (used in integrated login mode when a
user has no entry in the
syslogins
table) is mapped to a low-privilege
account or, preferably, to null. You can view the mapping using
exec
sp_loginconfig "default account"
.
Protect the source code of stored procedures, views, triggers, and con-
straints. Ensure that the
syscomments
table is protected by testing
that the value for
exec sp_configure "select on syscom-
ments.text"
is 0. (More on this in Chapter 9.)
Ensure that users cannot write stored procedures that modify system
tables. You can test the value using
exec sp_configure "allow
updates to systems tables"
.
Make sure resource limits are enabled by testing the value using
exec
sp_configure "allow resource limit"
. You can then set resource
limits per user (stored in sysresourcelimit). This protects your server
against denial-of-service attacks because a user who has been granted
access to the system cannot bring the server to its knees by issuing
commands that generate huge result sets and otherwise consume too
many resources.
Search WWH ::
Custom Search