10 steps to consider for database security

by Dean H
Summary:

Database security should be one of the top concerns for any business. This article introduced 10 “Best Practices” for database security from their over 1,000 installation experience.

1. Establish a baseline: The main is to run a evaluation of the current security level and used for future comparison. It provides the ability to track and monitor progress. It helps businesses to identify flaws such as unpatched systems, weak or default passwords, excessive privileges.. etc.

2.  Recognize Vulnerabilities and Exploitation Methodologies: Including Vendor bugs, Poor architecture, and Misconfiguration.

3. Prioritize Vulnerability Remediation: First by analyzing the risk, asset classification, required fix effort, and likelihood of exploitation, then to create a plan to achieve the best outcome with the least amount of resources. It is a vital step in easing the mitigation process.

4. Continuously Monitor & Maintain Systems: A good example would be adding the Database Security Vulnerability Management Life-cycle.

5. Automate Activities(Such as security process to perform routine tasks and reports, issue notifications and alerts.

6-9 Are rather self-explanatory:

6. Stayed Patched ; 7. Audit Systems Regularly and Address issues as they arise. 8. Apply Real -Time Intrusion Detection to Critical Systems. 9. Avoid Relying Exclusively on Perimeter Security to Protect Your Systems

10: Trust and Verify: Since More entities(Customers, suppliers, contractors, and vendors) have become more increasingly connected to the database, verifying their identity is crucial on system by monitoring any unauthorized activities.

Reflection:

Although database security may not be what we will be learning from CIS 305, I feel it is an important concept to have while designing a database. After all just like the article has mentioned, the architecture of the database has crucial effect on the database security. As database designers we should fully understand how the application works before implementation. It would be ideal if the database developer has a strong sense of database security and design it while creating the database.

Source:

Applicaiton Security (2008, April). Database security best practices: 10 steps to reduce risk . Retrieved from http://www.appsecinc.com/techdocs/whitepapers/right_nav/Database-Security-Best-Practices.pdf