Database SecurityDatabase security is known to be the collective measures that are usedto protect the database management software from the illegal activities and allkind of malicious threats.Databases that are contained all the companies have extremely sensitiveinformation and should be protected from security vulnerabilities. Even theorganizations having complete monitoring on their database constantly still theorganizations see a lot theft issues coming up. Every organization uses databases in some or the other manner tomaintain the records of their customers, their transactions and the informationof the financial records of all the customers and employee salaries. All theinformation of an organization is stored in single place called databases.
Because of high sensitive information like transaction details and thecustomers details are stored in the databases the risk factor will also be atthat level only. As if one tries to get inside the sever then he or she may getaccess to many files contain the customer passwords and details. Data breachesare a threat to every organization. According to Fran Howarth in his article “5key steps to Ensuring Database security” written on march 11, 2014 “the2012 databreach investigations report published by Verizon Business, 96% of records breached in 2011were taken from database servers. Of these, 55% exploited default or guessablecredentials and 40% the use of stolen login credentials”.
According to technologyvendor Application Security, Inc., the following are some of the threatsrelated to databases:1. Default or weak passwords2.
SQL injection3. Excessive user and group privileges4. Insufficientweb application security5. Unnecessary DBMS features enabled6. Broken configuration management7. Buffer overflows8. Privilege escalation9.
Unsecuredstorage media10. Denialof service11. Weak audit trails12. Un-patchedRDBMS13.
Unencrypteddata Let’s see some of the threats in detailed:1. Excessive user and group privilegesWhen a person is grantedwith more privileges he or she may exceed the requirements of their jobfunctions. They misuse the rights they are provided with. For example, a HRfrom an organization will be having a total details information on his or heremployees. So, in this scenario the HR can misuse his privileges in looking into the employee’s details regarding the salary and transaction and can do anunauthorized attempt on change of the employee’s salary.
In addition, he canalso access to the employee’s personal information and can be able to changethe roles within the organization. Most of the time the information of thecompany will be safe with the employer higher positions like CEO, CFO. But anorganization will be having only one CEO and a few higher positioned employees. So, these few members cannot look up on thewhole database.
2. Privilege AbusePrivilege abuse is also similarto the issues we discussed above but here the fault is among the privilegedusers. The privileged users are of two main categories are database systemsadministrations and developers.Database systemsadministrations: they will be having an unlimited access of data of theorganization. So, to ensure the best security of the organization the databasesystem administrators should not access to the data while they areadministrating the database.
Developers: they will be having completeaccess to the production databases. 3. Insufficient webapplication securityTheorganizations will be having many applications running on their databases withan interface with the customers. They have been many types of attacks on the organoizationapplications which expose data. Basically they are two types of applicationattacks that aims at the databases that are SQL injection and Web shellSQLinjection has been a top theft to the verizon databases from past multipleyears which was found on a reasearch.
Web shells is one of themost highly sensed theft of the database. Web shell attacks are totally ofstealth modes. The web shell attackers gain unauthorizedaccess in to the organizations in order to disturb the working of the company.The web shell attackers enter through the backdoors of organizations accessingremotely in the server. Most often the web shell attackers attack the server ofthe organizations in order to steel the credentials. The web shell attackersmay not gain full access in to the sever, even they get a limited access toothey will be able to access to the credentials of the organization. Theabove shown are some of the threats that we have commonly in this presentscenario.
Now let’s see some of the factors that can keep our databases frombeing stolen. Wemost often see the issues faced in the databases to protect them from beingmisused. So, we do have some practices in order to keep the organizationsdatabases away from misuse.
Theseare some of the database security practices:1. Ensure physical database security2. Use web application and database firewalls3.
Harden your database to the fullest extent possible4. Encrypt your data5. Minimize value of databases6. Manage database access tightly7. Audit and monitor database activity Let’ssee some of the practices to what they could be used in the organizations formaintaining the databases safe.
1.Ensure physical database security:Inthe view of an organization they think that the database server they have issecure but that could be hacked at any time. Physical security means keepingthe whole database of an organization in to one whole new machine so that noemployee will be having access to that machine. Only higher authorities likeCEO and CFO’s will be having the access to that machine the remaining employeeswill be having only limited access only as per their job requirement. In thismanner by using a physical.2.
Use web application and database firewalls:Theserver can be protected from the threats by using database security firewalls. Thefirewall denies the access to traffic by default. The firewall does not allowother connections except the connection that is already associated to thedatabase system of the organization. These firewalls reduce attacks from theweb application. Because the attacks such as SQL injections are directed at aweb application.3. Encrypt your data:Mostof the organizations now a day encrypt the stored data, so that the data is notshowed up on the databases, but it is made as back up data.
In general, thebackup data is created so that when the data is lost or misplaced the backupdata can be retrieved. But to be safe from the database thefts the data isinitially stored as a backup data so that unauthorized employees will not beable access the data.4. Minimize the value of your Database:Itwould be difficult create firewalls for huge amount of storage. Securityfirewalls can be applicable to its 100% efficiency if the data is less inamount. So, minimizing the values of the database will make it easy on buildingfirewalls. Works cited1. Fran Howarth.
“5 key steps to EnsuringDatabase security”. March 11, 20142. Reference from www.
imperva.com. 21063. Paul Rubens, “7 Database security best practices”.August 23, 2016 Details:Vamsidhar KellaZ1828940Section-1