The security of the internal network is related to building security. If our MariaDB server is located in a locked server closet, then we will likely be accessing it remotely from our desk. If so, then we need to at least be aware of the security of our internal network. Some key questions to ask our local network administrator include the following:
- Is there a firewall in place to prevent outside access to our network?
- If there is, great! If not, suggest that one be added.
- Is there a Wi-Fi network that is directly connected to our internal network, or is the Wi-Fi sectioned off into its own network?
- If the Wi-Fi network is connected directly to the internal network, see if that can be changed.
- What type of access, if any, do telecommuting employees have—VPN, SSH, or something else?
- If telecommuting employees are forced into using VPN or SSH to connect, that is good, as both of those access methods are encrypted. If the answer is something else, we need to find out if it is secure and encrypted (if it isn't, we need to complain).
- Are our database users defined with
%for the network part or are they all restricted to localhost or known valid locations and networks? The%character is the wildcard character and its presence in the network part of a username means that the user can connect from anywhere, which may be convenient, but is not good from a security standpoint. We'll go into this in more detail in Chapter 4, Administering MariaDB. - If we are in a large company, do different departments have their own segregated networks, and if so, do they have access to the network the server is on?
- If our database is a part of a project inside the company for a product in the early stages of development, we might not want the salespeople, for example, finding out about it until it is ready.
- At the very least, when we connect to the server remotely, we must always do so securely using SSH or an encrypted tunnel. And if we don't know how to do so, we need to learn right away.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.