It has been a relatively short time since I wrote my last post on database security but so many breaches have occurred since then that it seems like much longer.
In just the past few months, Sony’s gaming system was shut down for two weeks, a nuclear facility in Iran was physically damaged by nefarious code introduced into the system, the SecureId system at Lockeed Martin was compromised, and google’s mail system was hacked again. The list goes on and on.
Two things are becoming clear; With the current state of network security, no computer systems are completely safe from attack. And the reasons for attacks are becoming more varied.
Suspected reasons for recent attacks have ranged from personal vengeance against a company, to likely state-sponsored espionage, to the more common stealing information for personal or corporate gain.
Some recent attacks came from the outside. But others, notably, the attack on the Iranian nuclear facility, is believed to have been introduced inside the network, possible via an infected flash drive.
This tells us we must use a defense in depth approach whereby we secure the individual components of our information technology infrastructure in addition to the overall network and physical environment — if we want to protect data that is stored in a database, then we must secure the database directly!
Databases from every database software vendor are subject to database vulnerabilities caused by misconfiguration, poor security procedures, or bugs in the database software.
The first step in eliminating these vulnerabilities is to identify them. This can be done using database vulnerability scanning tools such as Application Security Inc’s AppDetective Pro, which we use at Buda Consulting, to help secure our client’s databases.
After the vulnerabilities are identified, they should be resolved or designated as acceptable risks, and then another scan should be performed to ensure that all of the vulnerabilities have been addressed.
Finally, we must audit database activity and monitor the audit logs on a regular basis to identify potential attacks. Database security is not a one-time activity. It is an ongoing process that must be performed on a regular basis.
Download our Database Security Roadmap to help guide you through the process of securing your database.