by Rizwan A
Database security is a topic which is a big concern for any business. In this article Application Security, Inc. introduces 10 “Best Practices” for database security based on 1,000 installation experience.
1. Establish a baseline: In this they run an evaluation of the current security level which is used for future comparison. Also, it provides the ability to track and monitor progress which helps businesses to identify flaws such as unpatched systems, weak or default passwords, excessive privileges.
2. Recognize Vulnerabilities and Exploitation Methodologies: This includes Vendor bugs, Poor architecture, and Misconfiguration.
3. Prioritize Vulnerability Remediation: This is done by analyzing the risk, asset classification, required fix effort, and likelihood of exploitation. Then it is to create a plan to achieve the best outcome with the least amount of resources. It is a vital step in easing the mitigation process.
4. Continuously Monitor & Maintain Systems: A good example for this would be by adding the Database Security Vulnerability Management Life-cycle.
5. Automate Activities: Such as security process to perform routine tasks and reports, issue notifications and alerts.
From 6-9 are self-explanatory:
6. Stayed Patched; 7. Audit Systems Regularly and Address issues as they arise. 8. Apply Real -Time Intrusion Detection to Critical Systems. 9. Avoid Relying Exclusively on Perimeter Security to Protect Your Systems
10: Trust and Verify: Since more entities such as customers, suppliers, contractors, and vendors are increasingly connected to the database and verifying their identity is crucial on system by monitoring any unauthorized activities.
In CIS 305 class we might not be studying database security but it is a very important concept to have while designing a database. In the article it was mentioned how the architecture of the database has crucial effect on the database security. Database designers should understand thoroughly how the application works before implementation them. It would be very ideal if the database developer has a strong sense of database security and design it at the same time while creating the database.
“Database Security Best Practices: 10 Steps to Reduce Risk.” Appsecinc.com. Apr. 2008. Web. 20 May 2012. <http://www.appsecinc.com/techdocs/whitepapers/right_nav/Database-Security-Best-Practices.pdf>.