Hello, Fishbowl Blog readers! This is my first of, what I hope to be, many blog posts. My name is Aaron Wignall, and I am the IT Manager at Fishbowl Inventory. I’m somewhat of a unique IT Manager in that my training background is in Information Security, and not the nuts and bolts, necessarily, of IT. In fact, I recently obtained my CISSP (Certified Information Systems Security Professional) Certificate. What I’d like to do with my blog posts is to pass on some of my security knowledge, especially as it pertains to using Fishbowl. So please follow me and my posts here on the Fishbowl Inventory Blog!
The first, and I hope most obvious, thing to do is to make sure your database is in a secure location (If you are a Hosted Fishbowl customer, these steps will be done for you). Your Fishbowl database is in a file <whatever you named it>.fdb and, by default, resides in C:\Program Files (x86)\Fishbowl\database\data. You can put your database file anywhere you want as long as you point Fishbowl to the right location (Database tab of Server options – server must be stopped to change).
The trick is to put it in a folder that not everyone has access to. As much as we hate to think of the people we work with doing something malicious, it’s a real possibility. Your Fishbowl database has lots of valuable information about your customers, your inventory, your open SO’s, etc. and if a rogue employee copies that database and takes it with them, they have all the time in the world to crack passwords and get into it.
Make sure the folder you have your database in is only accessible by the user running the Fishbowl Server (should be a user with administrative rights). The user that runs the Fishbowl Server should have a secure password that is known by as few people as possible, and, for good measure, should probably be changed periodically (your password change frequency should be based off your paranoia level, 30 days for the ultra-paranoid, 90+ for the relaxed hippies *smirk*).
You’d think that would be enough, wouldn’t you! After securing your database, though, you need to secure your backup database! Fishbowl allows you to schedule a database backup, and to specify the folder to put it in. You need to secure that folder, as well. You can put it into the same folder, but you wouldn’t be maximizing the benefit of the backup! Try to move your backup to another physical drive, at least, so that if the drive with your main database makes like an IED and explodes, you can recover within minutes.
Again, you still aren’t done. Another thing to keep in mind while securing your database: sometimes when we release new versions of Fishbowl, it upgrades your database to a new version, as well. When this happens, Fishbowl makes two different backups. One is a copy of the database; the other is a Firebird database dump. I like to call these the “Murphy’s Law backups” because you shouldn’t need them, and you won’t need them – until you don’t have them. They are created for rollback purposes during the upgrade. Leaving these unprotected is just as bad as leaving your main database unprotected. You can find these files in C:\Program Files (x86)\Fishbowl\database\data – inside the “old” and “backup” directories.
Now your database is much safer. You will want to consider doing the same for your QuickBooks database ( <dbname>.qbw ) and related files! With QuickBooks, you have to make sure you allow access to the folder for the QuickBooks user as well. To determine which QuickBooks files to secure and back up, refer to the Intuit Website and this blog post by Doug Sleeter.
Pingback: Firebird News » Episode 1: Fishbowl Security Basics
Interesting Blog
Thanks for stopping by our blog and leaving a comment, Jeanne. You’re great!
There seems to be a lot of information about backing up, but I can’t seem to find anything about restoring from that backup. For example – can I choose to just restore certain elements (ie a deleted BOM) or do I have to completely overwrite the whole database?
Great question Lisa! There really isn’t much documentation on restoring- I’ll make sure that is changed! You can restore from a backup using the server tools (the server has to be stopped). From the server interface (GUI), make sure the server is stopped, and go to tools > options > restore tab. From there you point to the backup you want to restore to. This option is an all or nothing option, it will overwrite the entire database.
Restoring one item like a deleted BOM is possible, but a little more difficult. It may be easier to just re-create it. If that isn’t an option, you have 2 choices. First, you can stop your server, go to tools > options > database tab, and add a new database connection. Point the new connection to your backup database. Using the new connection, start your server. Now you are running on the backup database and you can find your deleted item, export it, then stop the server and reconnect back to your live database and import the deleted item you just exported. The risk with this method is that a user might connect to the server while it’s running the backup database, and any changes they make would be lost since it’s not the live database. You would have to be careful to keep your users out while you export your deleted item.
The second method would be to run a second Fishbowl Server and connect it to the backup so that you can export the deleted item. The trick here is that if you run 2 Fishbowl servers on the same machine, you have to differentiate them so as not to overwrite anything. To do this you would need to install another server, and change the install directory to a different folder than your live one. Once installed, you then have to change the port the second server uses to run (again, with server stopped, tools > options > server > server port). The advantage here is that you don’t have to stop your live server and there is little risk that a user would change their client port and log into the secondary server.
Pingback: 3 Ways to Prevent Malware Infections | Fishbowl Inventory Blog
Pingback: Top 10 Most Popular Fishbowl Blog Posts of 2011 | Fishbowl Inventory Blog