Database security is known to be the collective measures that are used
to protect the database management software from the illegal activities and all
kind of malicious threats.
Databases that are contained all the companies have extremely sensitive
information and should be protected from security vulnerabilities. Even the
organizations having complete monitoring on their database constantly still the
organizations see a lot theft issues coming up.
Every organization uses databases in some or the other manner to
maintain the records of their customers, their transactions and the information
of the financial records of all the customers and employee salaries. All the
information of an organization is stored in single place called databases.
Because of high sensitive information like transaction details and the
customers details are stored in the databases the risk factor will also be at
that level only. As if one tries to get inside the sever then he or she may get
access to many files contain the customer passwords and details. Data breaches
are a threat to every organization. According to Fran Howarth in his article “5
key steps to Ensuring Database security” written on march 11, 2014 “the
breach investigations report published by Verizon Business, 96% of records breached in 2011
were taken from database servers. Of these, 55% exploited default or guessable
credentials and 40% the use of stolen login credentials”.
According to technology
vendor Application Security, Inc., the following are some of the threats
related to databases:
Default or weak passwords
Excessive user and group privileges
web application security
Unnecessary DBMS features enabled
Broken configuration management
11. Weak audit trails
Let’s see some of the threats in detailed:
Excessive user and group privileges
When a person is granted
with more privileges he or she may exceed the requirements of their job
functions. They misuse the rights they are provided with. For example, a HR
from an organization will be having a total details information on his or her
employees. So, in this scenario the HR can misuse his privileges in looking in
to the employee’s details regarding the salary and transaction and can do an
unauthorized attempt on change of the employee’s salary. In addition, he can
also access to the employee’s personal information and can be able to change
the roles within the organization. Most of the time the information of the
company will be safe with the employer higher positions like CEO, CFO. But an
organization will be having only one CEO and a few higher positioned employees.
So, these few members cannot look up on the
Privilege abuse is also similar
to the issues we discussed above but here the fault is among the privileged
users. The privileged users are of two main categories are database systems
administrations and developers.
administrations: they will be having an unlimited access of data of the
organization. So, to ensure the best security of the organization the database
system administrators should not access to the data while they are
administrating the database.
Developers: they will be having complete
access to the production databases.
organizations will be having many applications running on their databases with
an interface with the customers. They have been many types of attacks on the organoization
applications which expose data. Basically they are two types of application
attacks that aims at the databases that are SQL injection and Web shell
injection has been a top theft to the verizon databases from past multiple
years which was found on a reasearch.
Web shells is one of the
most highly sensed theft of the database. Web shell attacks are totally of
The web shell attackers gain unauthorized
access in to the organizations in order to disturb the working of the company.
The web shell attackers enter through the backdoors of organizations accessing
remotely in the server. Most often the web shell attackers attack the server of
the organizations in order to steel the credentials. The web shell attackers
may not gain full access in to the sever, even they get a limited access too
they will be able to access to the credentials of the organization.
above shown are some of the threats that we have commonly in this present
scenario. Now let’s see some of the factors that can keep our databases from
most often see the issues faced in the databases to protect them from being
misused. So, we do have some practices in order to keep the organizations
databases away from misuse.
are some of the database security practices:
1. Ensure physical database security
2. Use web application and database firewalls
3. Harden your database to the fullest extent possible
4. Encrypt your data
5. Minimize value of databases
6. Manage database access tightly
7. Audit and monitor database activity
see some of the practices to what they could be used in the organizations for
maintaining the databases safe.
Ensure physical database security:
the view of an organization they think that the database server they have is
secure but that could be hacked at any time. Physical security means keeping
the whole database of an organization in to one whole new machine so that no
employee will be having access to that machine. Only higher authorities like
CEO and CFO’s will be having the access to that machine the remaining employees
will be having only limited access only as per their job requirement. In this
manner by using a physical.
Use web application and database firewalls:
server can be protected from the threats by using database security firewalls. The
firewall denies the access to traffic by default. The firewall does not allow
other connections except the connection that is already associated to the
database system of the organization. These firewalls reduce attacks from the
web application. Because the attacks such as SQL injections are directed at a
3. Encrypt your data:
of the organizations now a day encrypt the stored data, so that the data is not
showed up on the databases, but it is made as back up data. In general, the
backup data is created so that when the data is lost or misplaced the backup
data can be retrieved. But to be safe from the database thefts the data is
initially stored as a backup data so that unauthorized employees will not be
able access the data.
4. Minimize the value of your Database:
would be difficult create firewalls for huge amount of storage. Security
firewalls can be applicable to its 100% efficiency if the data is less in
amount. So, minimizing the values of the database will make it easy on building
1. Fran Howarth. “5 key steps to Ensuring
Database security”. March 11, 2014
2. Reference from www.imperva.com. 2106
3. Paul Rubens, “7 Database security best practices”.
August 23, 2016