Macromedia breeze 5 User Guide
Planning for security
21
Best practices
The following is a checklist of best practices that will assist you in securing Breeze.
•
Protect your servers with firewalls.
You should place the Breeze server behind a firewall, especially if Breeze is accessed through the
Internet. If you do not place Breeze behind a firewall, you are leaving the server open for
attacks. Your sensitive information is unsecured and open for theft. All servers should sit
behind a firewall, including the system(s) hosting Breeze and the database server.
Internet. If you do not place Breeze behind a firewall, you are leaving the server open for
attacks. Your sensitive information is unsecured and open for theft. All servers should sit
behind a firewall, including the system(s) hosting Breeze and the database server.
•
Run only the services you need.
You should run only the services you need for Breeze. This means that you should not run
applications like a domain controller, a web server or an FTP server on the same computer as
Breeze. By reducing the number of applications and services running on the computer hosting
Breeze, you can minimize the chances that another application can be used to compromise the
Breeze server.
applications like a domain controller, a web server or an FTP server on the same computer as
Breeze. By reducing the number of applications and services running on the computer hosting
Breeze, you can minimize the chances that another application can be used to compromise the
Breeze server.
•
Update operating system security.
For Windows and other platforms, customers need to check regularly for critical updates that
close platform security holes and apply the required patches. Some of these issues are
eliminated by a firewall. In general customers should keep their servers patched with all current
security updates approved by Microsoft and the other appropriate platform vendors.
close platform security holes and apply the required patches. Some of these issues are
eliminated by a firewall. In general customers should keep their servers patched with all current
security updates approved by Microsoft and the other appropriate platform vendors.
•
Update database security.
Since your database may be another targeted application of the Breeze solution, you need to
check for database server security holes and apply the required patches. Like the operating
system, some issues are eliminated by a firewall, but you must continue applying the latest
patches.
check for database server security holes and apply the required patches. Like the operating
system, some issues are eliminated by a firewall, but you must continue applying the latest
patches.
•
Secure host systems.
Customers who store sensitive information on their servers should be aware of the physical
security of their systems. Breeze relies on the safety of the host system against intruders, so
servers should be kept secured when private and confidential data is at risk. Breeze is designed
to take advantage of native environmental features like file system encryption.
security of their systems. Breeze relies on the safety of the host system against intruders, so
servers should be kept secured when private and confidential data is at risk. Breeze is designed
to take advantage of native environmental features like file system encryption.
•
Use strong passwords.
Breeze users are protected by passwords. Users, and particularly administrators, should choose
strong passwords to keep their data safe. Breeze enterprise installations often use Microsoft
SQL Server, which also requires strong password protection.
strong passwords to keep their data safe. Breeze enterprise installations often use Microsoft
SQL Server, which also requires strong password protection.
•
Perform regular security audits.
Users should audit their systems periodically to ensure that all security features they installed
are still operating as expected. For example, firewalls are easily tested using a port scanner for
validation.
are still operating as expected. For example, firewalls are easily tested using a port scanner for
validation.