Anticlue

Security & Programming

Let's talk for a minute about security and programming. The problem is sometimes with science "oh can we do this" is soo much cooler than "oh should we being doing this".

So how does one protect oneself from the threat of a possible attack? Well do the simple things first.

First employ a mechanism of database hardening for the backend. In otherwords only install what is absolutely needed.

Next change the default accounts, and change the network address. For example change the MS SQL server TCPIP Port from 1433 to something else. Put a very very secure password in the sa account, and disable the guest account on the windows machine.

The next stage is auditing have a detailed auditing practice, and review the practice. The auditing should cover who was on the box when and what they installed, for an application who changed or even looked at what data elements when.

It is a very good idea to be up to date with all security patches. The next one is coming around July 18th, just a heads up.

Use encryption when necessary. Ideal times are messages and using a public key to encrypt a digital signature.

Use a strong application design, and review it with others, be very wary of dos attacks and load balance the app.

These are just a few tips, I'm sure others have more.