Most of my fellow TT380 collegues are most likely using a Windows based platform and if you are not lucky enought or even too lazy to build a suitable linux based server for the duration of this course you may well be interested in know how to secure a MySQL server based on a Windows Platform. I must also hold my hands high and say that I have not been bothered to install a suitable linux server.
I have not had the time to personally check each stage of this process yet - it's on my 'To-do-list', but due to the source of where I have located the information I would be willing to trust it. Mind you can't hold me to that should something go wrong - LOL.
The full and detailed article can be found at the following address:
http://dev.mysql.com/tech-resources/articles/securing_mysql_windows.html
But like most things on the WWW, it is subject to change, move and even deletion. For this reason I am going to summarise the steps to be taken in securing a Windows based MySQL Server. In-time I will recreate the entire article in my own words - thus avoiding plararism etc, and also include any additional information that I might have picked up along the way. This re-write is obviously also on my 'To-do-list'.
How to secure your Windows MySQL Server
My Conclusion
I have not had the time to personally check each stage of this process yet - it's on my 'To-do-list', but due to the source of where I have located the information I would be willing to trust it. Mind you can't hold me to that should something go wrong - LOL.
The full and detailed article can be found at the following address:
http://dev.mysql.com/tech-resources/articles/securing_mysql_windows.html
But like most things on the WWW, it is subject to change, move and even deletion. For this reason I am going to summarise the steps to be taken in securing a Windows based MySQL Server. In-time I will recreate the entire article in my own words - thus avoiding plararism etc, and also include any additional information that I might have picked up along the way. This re-write is obviously also on my 'To-do-list'.
How to secure your Windows MySQL Server
The overal securing of a MySQL server installation requires various uniquie steps to be performed. It should also be noted now that once this procedure has been performed it still requires monitoring to ensure any new security breaches and back-doors etc are quickly identified and secured. I therefore recommend that you subscribe to a couple of the various security bulletins that are available on the WWW.
Okay that being said - lets identify the areas to be addressed:
As previously mentioned, at this stage of my blog development, I have not had the opportunity to document or actually follow the above staged in fine detail. Given time I shall carry out a detailed investigation of these stages.
- Step 1: Install MySQL on a Recent, NT-based version of Windows
- Step 2: Install MySQL on an NTFS File System
- Step 3: Install MySQL on a Standalone Machine
- Step 4: Install the Latest Production Version of MySQL
- Step 5: Secure the MySQL User Accounts
- Step 6: Disable TCP/IP Access
- Step 7: Bind the TCP/IP Address
- Step 8: Firewall the Server
- Step 9: Run The MySQL Service as a Limited User
- Step 10: Encrypt the Data Folder
- Step 11: GRANT the Minimum Privileges Necessary
- Step 12: Change the Name of the Root User
My Conclusion
Some of these steps have already been documented in my previous blog titled 'MySQL Installation Cleanup'.
As you can see with a few simple step you can easierly secure your newly installed MySQL server. Obviously, security is an on-going task and is also a specialised area. There are however, a vast amount of detailed articles, guides etc on the WWW to aid you in your quest to keep your server secure - Good luck and please feel free in sharing your comments.
All the best Jayson
No comments:
Post a Comment