Database security, whether as a topic of discussion or a set of tools, has been around for several years now. It is only in the last couple of years, however, that it has begun to draw more attention from industry analysts, as well as security and database professionals. The following are seven effective strategies that security professionals can use to secure their databases.
Strategy No. 1: Think security in everything you do
Constantly examine your actions with security goggles on, starting with application development all the way through to everyday tasks such as user management and data management. Do not think of security as something you do once a month. Educate your users to think the same. Most security gaps are there due to ignorance and lack of awareness more than any other reason.
Strategy No. 2: Use the principle of least privilege
The principle of least privilege calls for users and applications to have the minimal privileges they require to function properly. This entails not only applying restrictions when first granting users access to the database, but also remembering to review those access privileges periodically and change them if necessary.
Many organizations grant deep privileges to consultants and developers who work for them on a temporary basis, but then forget to remove or change those privileges when the work is done. Note that even seemingly innocent privileges can be used by some attack vectors to gain access privileges through vulnerabilities. Therefore, carefully consider granting every kind of privilege.
Strategy No. 3: Minimize the attack surface
It is more difficult to secure a large house with many windows than a small house with few windows. Database systems are the same; the more complex they are, the larger the attack surface. Strive to reduce the attack surface by eliminating components that are not in use, and avoid installing them in the first place.
Strategy No. 4: Manage passwords
One of the first and easiest targets a hacker will attack is known accounts with default or weak passwords. Lists of default accounts and passwords are freely available on the Web, and many tools exist to help the hacker do rainbow tables, brute force attacks, dictionary attacks and authentication attacks. Be sure to use the same tools to periodically check for weak and default passwords in your database.
