Database Security and its 10 Steps

by Rizwan A
Summary:

Database security is a topic which is a big concern for any business. In this article Application Security, Inc. introduces 10 “Best Practices” for database security based on 1,000 installation experience.

1. Establish a baseline: In this they run an evaluation of the current security level which is used for future comparison. Also, it provides the ability to track and monitor progress which helps businesses to identify flaws such as unpatched systems, weak or default passwords, excessive privileges.

2.  Recognize Vulnerabilities and Exploitation Methodologies: This includes Vendor bugs, Poor architecture, and Misconfiguration.

3. Prioritize Vulnerability Remediation: This is done by analyzing the risk, asset classification, required fix effort, and likelihood of exploitation. Then it is to create a plan to achieve the best outcome with the least amount of resources. It is a vital step in easing the mitigation process.

4. Continuously Monitor & Maintain Systems: A good example for this would be by adding the Database Security Vulnerability Management Life-cycle.

5. Automate Activities: Such as security process to perform routine tasks and reports, issue notifications and alerts.

From 6-9 are self-explanatory:

6. Stayed Patched; 7. Audit Systems Regularly and Address issues as they arise. 8. Apply Real -Time Intrusion Detection to Critical Systems. 9. Avoid Relying Exclusively on Perimeter Security to Protect Your Systems

10: Trust and Verify: Since more entities such as customers, suppliers, contractors, and vendors are increasingly connected to the database and verifying their identity is crucial on system by monitoring any unauthorized activities.

Reflection:

In CIS 305 class we might not be studying database security but it is a very important concept to have while designing a database. In the article it was mentioned how the architecture of the database has crucial effect on the database security. Database designers should understand thoroughly how the application works before implementation them. It would be very ideal if the database developer has a strong sense of database security and design it at the same time while creating the database.

Source:

“Database Security Best Practices: 10 Steps to Reduce Risk.” Appsecinc.com. Apr. 2008. Web. 20 May 2012. <http://www.appsecinc.com/techdocs/whitepapers/right_nav/Database-Security-Best-Practices.pdf>.

5 thoughts on “Database Security and its 10 Steps”

  1. Thanks Rizwan, good information. I saved the URL for furture reference. The more informed we have the better. You’re right security is VERY important. Sometimes the most obvious is overlooked, like the changing the admin password basically not leaving them in the default password when installed.

  2. These are great tips for keeping your database secure. I think that keeping data from hackers and other people is so essential to most businesses, simply because information is so crucial and important. Giving information away to competitors can lead to loss profits, so keeping a tight lid of your database is a must. Thank you for sharing.

  3. With the importance of security in the 21st century this is a very helpful reference for us. It is very clear and to the point and the way you outlined every step makes it easy to understand and follow.

  4. Great article!! It is a very important topic and you did a good job summarizing this article. I think it is important to learn all the aspects of security whether it’s database security or internet security. I believe we as a student need to have better understanding of how to secure our data, because believe it or not our data is our life.

  5. I also think that this is an important article, and it is good to know things like this. For number six, the article says that the most important for patching is the timeliness. I can imagine how tough the job would be for those working to secure the database, since they would have to learn about the new exploits and vulnerabilities and patch them before the intruders try to take advantage of it. This would mean that in order to stay secure, they would have stay on top of this and learn about it before other people do.

Comments are closed.