Hardening Database – Prevent Information Theft

Your database contains all information about your server, website or application. A well-designed database will have all sorts of information, from billions of dollars to a piece of junk data, all can be found in a database. Therefore, making sure that your database is fully locked down is an essential part of developing any kind of application. As long as your database remains perfectly secure, even if your website gets hacked, your data is still safe and rebuilding your website from your database’s data is a piece of cake. With that in mind, we have to make sure that we follow all security guidelines important in making a database as hard as possible.

First thing’s first, you need to have a common sense; this is one of the most important security mechanism not only in the IT world but also virtually about anything. If it seems fishy, don’t do it. Now, let’s focus on how to secure your database.

What are the security risks?

  1. Unauthorized access or misuse by authorized database users, admins, system managers and the like. This may lead to inappropriate access to sensitive data such as personal information.
  2. Malware infections that can cause unauthorized access, leakage, damage, deletion or corruption of data, denial of access and attack to other systems.
  3. System overload causing abhorrent disruptions and keeping authorized users to access the database as intended.
  4. Bugs that can be used as a potential security hole that can access all sensitive data on a database.

Avoiding These Risks

  • Physical security – make sure that the database server is located or housed on a secure facility and is locked and monitored in order to prevent any unauthorized entry, access or theft
  • Keep Application Server and Database Server Separate – do not put database and application server into one machine, it is always a good idea to separate them
  • Firewalls – make sure that the database server is using an up-to-date firewall protocol, which has a default rule to deny all traffic. This firewall should only be accessible of open to the applications that use the server
  • Database software – make sure that the database software is up-to-date and that the vendor currently supports it. Also, make sure that all unnecessary services or functions of the database are turned off. Default accounts that are unneeded should be removed and default passwords should be changed
  • Receiving Application – a receiving application or a software that accesses the database should have a secured connection and should not allow any eavesdropping. All servers, tools and applications that access the database should be logged and monitored and all application code must be reviewed for SQL injection and vulnerabilities
  • Accounts – all accounts should have a proper and secure password and all database user accounts should know their responsibility