Database Storage Flashcards
What is Database Security?
keeping databases secure because the management of massive amounts of data in databases makes them a prime target for cyberattacks.
Best Practice: Database Servers and Web Servers
This means keeping databases servers in a secure, locked, keeping unauthorised people out.
Also means keeping database on a separate physical machine as a web server is more likely to be attacked since it is located in a buffer (demilitarised zone) - publicly accessible.
If a web server is compromised and a database runs on the same machine, the attacker has access to the database and data.
Best Practice: Web Application and Database Firewalls
A database server should be protected from security threats by a firewall which denies access to traffic. The only allowed traffic should be specific applications or web servers.
Firewall should also protect database from initiating outbound connections unless needed to do so.
Web application firewall can be deployed as well to protect against SQL injection attacks.
Why would a database firewall not prevent SQL injection attacks?
Because if the SQL injection attack comes from an application that is an allowed source of traffic, the firewall would not stop the requests and data could be withdrawn/deleted.
Best Practice: Secure Database User Access
The least number of people possible should have access. Admins should only have the bare minimum privileges and only during periods where they need access.
In larger organisations, automatic access management should be considered, providing users with a temp password with privileges they require each time. It also logs activities carried out and prevents password sharing.
Best Practice: Updating OS and Patches
Very important to keep all OS and software up to date to protect against recent vulnerabilities. Particularly important for databases with a large number of third-party applications that each require their own updates.
Best Practice: Audit and Monitor Activity
Logging logins, attempted logins, reviewing logs regularly. Alerts to notify personnel when malicious activity is identified.
DAM software can help with this functionality - spot compromised accounts, when users are carrying out suspicious activity or when a DB is under attack.
Best Practice: Encrypt Data and Backups
Encrypt data both stored and in-transit. A database should be backed up with any backups encrypted and stored separately. Protects against hackers and also problems with physical hardware/damage.
Best Practice: Avoid Default Ports
When setting up Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), they automatically use default network ports. Default ports are often seen in brute force attacks due to their common occurrence. Attackers must use trial and error when default ports are avoided.
