Database Security Issues and Challenges
At the present time, it is hard to imaging an organization that does not use databases in their daily activities. Database is one of the most significant and valuable assets for any company. Since the database can store very sensitive or confidential information, the database protection is the main task for a database support team as any information leakage can be disastrous.
There are several basic methods that are commonly used to steal data, namely:
- Directly from database files
- From database backup files
- By intercepting the database traffic
- Using unauthorized access
- Vulnerabilities in the RDBMS core
Unfortunately, it’s impossible to exclude the possibility of data leakage, but if you follow simple rules, you can make this process very difficult. These rules are:
- Restrict access to the database server and the database backup server. It is not only to restrict remote access to the database server but to restrict the physical access as well.
- Store database files on an encrypted file system. This can help in the case when the physical storage media is stolen, as it will be very difficult to get data from an encrypted file system.
- If the database supports data files encryption then enable it. In the situation when the database files were copied, these files can not be used without having decrypted them.
- Store database backups on the encrypted file system. If the backup files are transferred to another server, make sure that the network traffic is encrypted.
- If the database supports encryption backup – turn it on, if not, then use third party solutions to encrypt the backup files.
- Limit network access to the database. Access should be allowed only to those machines, which communicate with this database. If for example, only the application server uses the database, it would be a good idea to allow access to it only from the application server.
- Many databases support encryption of the network traffic between the client machine and the RDBMS. If it is the case – turn it on.
- Database users should have the minimum required set of privileges. Try to avoid giving administrative role to the application users. Run scripts on the regular bases, which track users with administrative privileges for future analysis.
- Using database profiles, limit the possibility to setup weak user’s passwords. Configure the database profile that requires users to periodically change their login password.
- Analyze database access logs. Analyze not only failed login attempts, but also successful ones. There may be situations when a user logs in from his workplace under the credentials of another user.
- The application must be built in such a way as to store all sensitive data in encrypted format. If an application stores user’s passwords in the plain text and the user, due to some circumstances, gets access to this table, this can make a big problem for the database security.
- Like any software, databases can have security vulnerabilities that allow data to bypass specified rules. Periodically update database software. Track security patches and apply them immediately once they are published.
By following these guidelines you can protect your database and very significantly reduce the chances of losing or stealing data.