Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Links Database Forum

» Database Journal Home
» Database Articles
» Database Tutorials
MS SQL
Oracle
DB2
MS Access
MySQL
» RESOURCES
Database Tools
SQL Scripts & Samples
Links
» Database Forum
» Sitemap
Free Newsletters:
DatabaseDaily  
News Via RSS Feed


follow us on Twitter
Database Journal |DBA Support |SQLCourse |SQLCourse2
 

Posted Feb 8, 2010

Errors in Database Account Provisioning Can Lead to Major Breaches

By DatabaseJournal.com Staff

Some of the greatest threats to databases come not through hackers, dangerous as they are, but instead through account-provisioning errors, such as old accounts that are still able to be accessed and through which information can be stolen. Unfortunately, in many organizations the process of database account provisioning and validation never quite happens. Even if a company has a form of identity and access management tool, database accounts sometimes never get worked in because of their integration complexity. Consequently if accounts are tracked it is done manually which often leads to the number of accounts or who has access being unknown. Pooled application accounts can complicate matters even more since user identity can be lost when web applications access a database.

To begin, organizations with database account provisioning problems can begin to correct things by finding out:

  • Where accounts are and everything they’re used for
  • When the passwords to these accounts were last changed
  • What access control list system is being used and when it was last checked
  • If the audit logs the databases generate are being analyzed.

Additional steps include such things like native database logging, log management, security information, and event management tools etc. to make sure accounts are properly provisioned and not abused. Though there has to be some sort of logging mechanism, it’s not always enough, but it’s a start into tracking users and their access of information.

View Article

Daily News Archives

Comment and Contribute

 


(Maximum characters: 1200). You have characters left.