{"id":4411,"date":"2015-04-28T13:48:00","date_gmt":"2015-04-28T13:48:00","guid":{"rendered":"https:\/\/209.235.70.100\/?p=4411"},"modified":"2022-09-19T18:56:32","modified_gmt":"2022-09-19T18:56:32","slug":"what-is-database-hardening","status":"publish","type":"post","link":"https:\/\/www.navisite.com\/blog\/what-is-database-hardening\/","title":{"rendered":"What is Database Hardening?"},"content":{"rendered":"\n
Database hardening is the process of analyzing and configuring your database to address security vulnerabilities by applying recommended best practices and implementing security product sets, processes and procedures.<\/p>\n\n\n\n
However, how you go about this, and the steps required to harden servers and databases, can vary based on the platform you’re using. So how do you know where to start? There are tons of websites and how-to articles explaining how to start your database hardening process and database security procedures, but still, not all information is created equal. <\/p>\n\n\n\n
To help you navigate your quest for information on database hardening, we compiled a list of our favorite websites that map out how to get started: <\/p>\n\n\n\n
Those that want to learn more about data security best practices can also find information by visiting websites that focus on regulatory compliances. The Payment Card Industry Data Security Standard (PCI DSS) provides a comprehensive security architecture broken down into 12 categories to secure cardholder data. The 12 categories are further decomposed into a little over 300 individual control objectives.<\/p>\n\n\n\n
Although your shop may not store or process credit cards, the PCI DSS website<\/a> is an excellent resource to learn the activities that credit card processors perform to secure their environments. The documents library contains the \u201cTemplate for Report on Compliance for use with PCI DSS V3.0,\u201d commonly known as the PCI ROC, which provides a line item for every activity required to obtain PCI DSS compliance.<\/p>\n\n\n\n Although Navistie does not store, process or transmit credit card data, we adhere to PCI DSS standards to improve the security of our service delivery architecture. We contracted a third-party auditing firm to evaluate our processes, standards documentation and control points. After the audit was complete, the auditing firm created our PCI DSS ROC attestation documentation.<\/p>\n\n\n\n The PCI DSS ROC documents have the sections broken down into the individual control activities, procedural documentation and processes. The key takeaway is that you don\u2019t need to use the ROC documentation to become PCI DSS compliant. You can use it as a learning tool to further your education on data security best practices. Here\u2019s a general overview of what is covered in the PCI ROC document:<\/p>\n\n\n\n The PCI DSS Standards Organization recommends that organizations adhere to the following industry-accepted server hardening standards:<\/p>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":114,"featured_media":21794,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"acf":[],"yoast_head":"\n
<\/li><\/ul><\/li>
<\/li><\/ul><\/li>
<\/li><\/ul><\/li>
<\/li><\/ul><\/li>