What is Database Security
A lifecycle of any company means generating and collecting a lot of data. This data may come in various forms: business data about the company and data about the company customers. All this data is usually sensitive and private and falls under strict national and international sensitive data protection regulations nowadays. Usually companies collect the following information about their customers: names, e-mail and postal addresses, phone numbers, Social Security Numbers, etc. If this data is leaked, breached or otherwise accessed, the company will be facing big fines and investigation as to the reasons for that.
Database security is understood as any means aimed at protection of databases and data within from compromise. Database security is usually effected at 3 levels:
- Software. Special software is used to make sure that users can’t gain access without permission and privileges or through viruses, hacking and similar malicious tools.
- Physical human control. People responsible for database security should constantly monitor database state and identify potential database weaknesses, vulnerabilities and data compromises.
- Administrative tools. This refers to creation and implementation of general policy on database safety, for example, password and access policy and privileges.
But why is database security so important in modern world? It’s not only important, it’s essential nowadays, because any company having online component may be at risk. Reliable, or even better, impenetrable database security system can protect the company from image and financial losses, because every database hack is big news now.
DataSunrise is the company that can ensure reliable database security. DataSunrise Database Security Suite is a unique combination of tools that can protect more than 26 database types, including MySQL. Surely, DataSunrise can protect MySQL databases, but let’s see what MySQL database users can do themselves to be protected.
How a User Security is Implemented in MySQL
MySQL is one of the best available opensource databases. However, when users install it, it won’t be in its best security configuration, so MySQL users will have to make it so. MySQL security works by limiting both the users who have access to a database and what they are allowed to do once they have access. In this situation one needs to think carefully who is allowed to read and write to a particular database tables and which users have permission to delete tables or use other MySQL features. Basically, you should take into account the following best MySQL database security practices:
- Get information on all current users and their privileges. You need to understand which users have access to database(s). This information is stored in a MySQL database called mysql in the table users.
- Create a new MySQL user with just necessary privileges. Don’t give new users excessive privileges.
- Delete the default database and anonymous/old users accounts. These are the elements most commonly targeted by hackers.
- Require all MySQL accounts to have a password. Do not use passwords from dictionaries and easy to guess passwords. Change passwords periodically.
- Use RCA, DCA, or DH algorithm to encrypt stored data. MySQL Enterprise Encryption extension provides this functionality and includes a set of encryption functions based on OpenSSL library.
- Make sure that the only Unix user account with read or write privileges in the database directories is the account that is used for running mysqld.
- Never run the MySQL server as the Unix root user.
- Do not grant the FILE privilege to nonadministrative users.
- Do not grant the PROCESS or SUPER privilege to nonadministrative users.
- Do not permit the use of symlinks to tables.
- Disable the use of LOCAL INFILE. This command can be used in SQL-injection attacks.
Reasonable security policy and DataSunrise Database Security Suite is a combination that will make your MySQL databases impenetrable!