Limiting Access to the CommServe Database
Your primary means to protect the CommServe database are – and will always be - the physical, application, and network security measures you take. However, there are additional security precautions you can take. Recommendations are listed in order from basic security to more advanced steps.
Some of the security precautions recommended involve configuration of the Microsoft SQL Server instance or the Windows Server host used by the CommServe component. Configuration steps listed here may vary depending on whether you are using Microsoft Windows or SQL Server version 2008 or 2012 – initial or R2 variant. Consult the latest Microsoft’s documentation for version specific steps.
The software uses an ODBC connection to communicate with the commserv database. Only the CommServe component accesses the database. The commserv database is in a DBO-only state allowing access only to:
- System Administrator (SA)
- Windows account used to install the SQL Instance (used in ODBC)
- Application use-only accounts created by the installation process which cannot be used for direct log on
Limiting database access would include these steps at a minimum:
- Maintain good physical security denying local/console access.
- Limit users with interactive logon rights.
- Use strong passwords and change them often.
- Implement a firewall to prevent remote network exploitation.
Additionally you can:
- Disable NETBIOS.
- Use the Local Security Policy tool to remove the right of the Everyone group to access the computer from the network. This tool is located in the Administrative Tools group on the computer.
- Disable null sessions to prevent anonymous, or unauthenticated, sessions. To accomplish this, set the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\LSA\RestrictAnonymous registry value data to 1.
Last modified: 4/12/2019 2:39:02 PM