Database Journal
MS SQL Oracle DB2 Access MySQL PostgreSQL Sybase PHP SQL Etc SQL Scripts & Samples Links Database Forum

» Database Journal Home
» Database Articles
» Database Tutorials
MS SQL
Oracle
DB2
MS Access
MySQL
» RESOURCES
Database Tools
SQL Scripts & Samples
Links
» Database Forum
» Sitemap
Free Newsletters:
DatabaseDaily  
News Via RSS Feed


follow us on Twitter
Database Journal |DBA Support |SQLCourse |SQLCourse2
 

Posted Mar 4, 2010

Database Security - Necessary But No Easy Task

By DatabaseJournal.com Staff

A recent survey showed that 80% of businesses do not have a database security plan which should include information regarding migration, patching schedules, databases needing encryption and more. Of course, before you can decide what to protect, you need to know what you have in the way of databases and the information they contain which ends up being quite complex. And the process of configuring parameters then checking them even more so.

However, resources like the Defense Information Systems Agency, and others, have checklists to guide you in securely configuring your databases. A database vulnerability tool can then be used to check if your database has met the list’s requirements. Some things to look for first are:

  • Missing patches
  • Misconfiguratioins such as Oracle directory and file pemissions
  • Default passwords

Default passwords are considered a major reason for why attacks happen. Making sure that users have hard to guess passwords, and changing them periodically reduces the risk of security breaks. Another big risk is the ANY system privileges, equivalent to ROOT user in Unix or ADMINISTRATOR for Windows. Monitoring these users is a top security challenge, and they need to be very controlled and validated. One last security help is virtual patching, a tool offered by Guardium and other security vendors, that detects and blocks new exploits, offering a degree of protection while waiting for the actual patch.

View Article

Daily News Archives

Comment and Contribute

 


(Maximum characters: 1200). You have characters left.