Having a secure database today is ever more important with all the news every other week that either a corporate or government entity has been hacked into or researchers have found vulnerabilities in popular web applications and systems.
Databases are extremely important today as they are the in the core of everything tech related. You will find them storing data and information in web applications, software systems, mobile apps, embedded devices and all.
You may not be able to stand against an army of attackers as there are various factors that come into play in the type of attack on can suffer on their database systems. Some may be out of your hands as in the case where there is a vulnerability in the application itself.
Until a patch is released you may be a sitting duck but that notwithstanding there is a whole array of things you can do to harden the security and keep your data much safer on a day-to-day basis.
Here’s What to do to Have a Secure Database
- Keep Your Database Applications Up-to-date: Make sure you keep yourself abreast with all the latest updates and patches that are released for your database system. This will be reduce or get rid of the known vulnerabilities you have to deal with and keep you safe from some of the the holes attackers can use that are not in your control.
- Enable Access Control and Require Authentication: If you use a database management system such as MongoDB which allows open access control then make sure you enable it. You must always configure access control using authentication with a strong password as the bare minimum.
A strong password should contain a mix of uppercase, lowercase, numeric characters and symbols and should be of significant length.With databases like MySQL you would want to restrict access to the database root user preferably granting access from the localhost or specific IP addresses rather than from just anywhere. The same goes for other database users.
Also you want to set up exclusive users for the database that are separate from the operating system users or it should be a dedicated operating system user. The other thing you need to do with these users is to set up user roles with the least privilege as possible. Users should be granted permissions that allow them to function as required and no more.
- Use Encryption Within and Without the Database: incoming and outgoing connections between the database and various clients and applications should be encrypted with TLS/SSL. In addition to that, the data stored should also be encrypted using either device, in-built engines, file system or physical encryption. In the very least sensitive information such as passwords, financial and medical information should be encrypted.
The storage folders of this data should also be protected under least privilege on the operating system’s file system permission controls.
- Log and Audit all Database Activity: Access to the database, user operations, errors and other events should be logged and records kept to allow for forensic audits, for performance tuning and to allow for proper controls.
- Limit Exposure on Public Networks: Restrictions should be placed on the interfaces where the databases listen on especially when they are public facing interfaces. Where possible as much as possible restrict access to certain applications IP addresses and ports.
With these few pointers you are well on your way to having a more secure database that will give you peace of mind. There are obviously other factors that can break this security and therefore educating users on corporate networks on best practice should be encouraged as this can help prevent social engineering hacks or malware accessing internal networks from untrusted sources within the network.