Step 6. Secure Your Line-of-Business Applications

Many companies rely on specialised business programs for accounting tasks, running point-of-sale systems, tracking inventory and managing supply chains.

These programs - sometimes dubbed line-of-business (LOB) applications - typically run on a server and operate in conjunction with a database. This integrated setup offers great advantages. Multiple employees can work with an LOB program and access the database information-all at the same time. For example, a salesperson could use the program to record her sales numbers while a manager created a customized financial report.

But there are also security risks. Customer information, sales figures, profit and loss statements and other vital business data located on a network server is vulnerable to intruders. And you may not want all employees to have access to all kinds of data.

The challenge is to create a security plan that protects LOB program data integrity and privacy and also supports efficient data access and collaboration. Here are three measures to include in your plan.

1. Cover the Basics Protecting your database from unwanted snoopers and other threats starts with establishing basic computer security measures in your workplace. As other Small Business Security Centre articles point out, you should:
  • Set up a firewall. A firewall helps block intruders on the internet from gaining access to your computers and business data. A hardware firewall is best because it provides protection for all the PCs on your business network. Having a software firewall for additional protection is also a good idea. Windows Small Business Server 2003-which many small businesses run in combination with business applications-ships with firewall technology. The premium edition of the server software includes Microsoft Internet Security and Acceleration (ISA) Server, an advanced software firewall solution.
  • Install anti-virus software on all computers. Running anti-virus programs on your server is as important as running it on a client PC. Look for a program that not only detects and disables viruses, but that you can regularly update to screen for new viruses.
  • Use strong passwords. Passwords should be required to log on to any computer and server in your workplace. Strong passwords have a mix of uppercase and lowercase letters, numbers and symbols. Make sure users are required to change their passwords regularly.
  • Back up files. Disasters happen, and if you haven't saved your important files and information on a separate storage system, all your critical business application data could be lost. Windows Small Business Server 2003 includes a backup feature that is easy to use.
  • Update your software. Software updates typically include the latest security features. Updates for Microsoft products are available on Microsoft Update and the Microsoft Download Centre.
2. Regulate Access to Information
Not everyone should have access to everything in your workplace. If your business runs a Windows Server operating system, you can permit and restrict employee access to documents, spreadsheets or other business files. You can also designate whether a user is permitted to just read a file or change it. Here are tips for regulating access.
  • Create groups of users and assign permissions and privileges to them rather than individual users. This saves you time administering access rights.
  • Create your user groups based on roles, such as sales representatives. Then assign a set of permissions that are relevant to performing the tasks defined for that role.
  • Set access rights for each role to the minimum levels required for users to do their jobs. For instance, if the sales representative group only needs to be able to read a customer profile, do not also give then access rights to share or delete the file.
Some LOB applications take much of the work out of setting access rights. One example is Microsoft Dynamics CRM, a sophisticated program that tracks customer sales and support relationships-and that is typically run in combination with Microsoft Small Business Server 2003. Microsoft CRM comes with eight pre-defined roles that range from CEO-Business Manager to Customer Service Representative to Marketing Professional. The program also pre-defines common business elements that you can assign rights to, such as Leads, Opportunities, Contacts, Accounts, Competitors, Products, Sales Literature, Quotes, Orders, Invoices and Contracts.

3. Pay Attention to the Database.
Because business-specific programs typically use a database to store application data, remember to pay special attention to database security. Here are several things you can do:
  • Install the most recent database service packs. Windows Small Business Server 2003 comes with Microsoft SQL Server 2000 Desktop Edition (MSDE 2000). The premium edition of the server software ships with the more advanced Microsoft SQL Server 2000. When using these database programs in conjunction with your business programs, make sure to install the latest service packs and updates for improved security. The Microsoft Download Centre has the latest server applications updates.
  • Assess your server's security with MBSA. Microsoft Baseline Security Analyzer (MBSA) is a tool that scans for common insecure configurations in several Microsoft products including SQL Server and MSDE 2000.
  • Use Windows Authentication Mode. Whenever possible, require Windows Authentication Mode for connections to SQL Server. This will shield your SQL Server installation from most internet-based attacks by restricting connections to Microsoft Windows user and domain user accounts.
  • Isolate your server and back it up regularly. Physical and logical isolation make up the foundation of SQL Server security. Machines hosting a database should be in a physically protected location. Back up all data regularly and store copies in a secure off-site location.


Read More About It

Installing and Securing Microsoft Small Business Manager 7.5 on Microsoft Windows Small Business Server 2003 (US Link)
Installing and Securing Microsoft CRM 1.2 on a Windows Small Business Server 2003 Network (US Link)
Microsoft Baseline Security Analyzer Tool (US Link)
**
Security Bulletin

JPEG Issues Identified
Security issues with JPEG processing technology may require multiple updates. Software that supports the image format, including some versions of Microsoft Windows, Microsoft Office and Microsoft Developer tools, are affected. If you have any of these on your computer, you should install the related update. Windows XP Service Pack 2 is not affected, however SP2 users should update Office (if installed).

Microsoft Security Centre

How to check your version of Windows

Learn more about Windows XP SP2

**