How to Secure Your Database

Database security is a major concern for any business and one of the most important assets to protect against unauthorized access. All too often, the major focus of database security is placed on the server layer rather than the database itself. 

This article looks at why protecting your databases should receive equal attention as other aspects of your network.

Priority of Network Security

The primary goal for many companies is to make their network completely impregnable. Investments are made in firewalls, Intrusion Detection Systems (IDS), and anti-virus software. The network boundary becomes a fortress that nobody can penetrate without authorization from an administrator or by checking in through an IDS scanner.

Unfortunately, simply locking down the boundaries will not ensure that everything inside is safe from intruders who have identified employees, found holes in web applications, and have exploited the vulnerability of poorly configured services.

The network is just one component of a business that needs to be tightly controlled in order to minimize exposure. Many times, when information has been stolen from a company, it was not due to an external hacker attacking through the wire, but rather by someone accessing this data while they are inside the office. This is where database security must play its part for any organization that values their assets and reputation.

Protecting Databases from Unauthorized Access

Databases hold vital information about all aspects of your company’s operations—from customer accounts to sales volumes to inventory levels. Treating these databases with care will ensure that no unauthorized access or modification takes place on the server itself or within the database structure. The following methods should be used for protecting a database:

• Utilize a strong password policy. 

If passwords are not complex enough, or even worse reused over time, then an intruder will have the opportunity to leverage the information gained from guessing one password against another service that has been compromised.

• Restrict Database Logins – 

Only people who require access to these databases should be given database login credentials, and only those who need it should be able to establish a connection with the database. Never leave default logins available as these can be easily guessed by automated scripts, especially public ones such as SA which is rarely changed on fresh installs of Microsoft SQL Server 2008 R2. 

• Check for any network scans or probes. 

If someone is trying to attack your database remotely, you probably won’t see them until they gain administrative access and make the necessary changes. Therefore, taking measures such as scanning logins and passwords can provide an early warning that a possible intrusion has occurred.

• Implement Database Access Control – 

Many organizations choose to limit the access to selected databases based on their location within the corporate network using routers and firewalls, but this does not always prove effective and could potentially waste valuable resources attempting to establish connections with these restricted servers from inside or outside of your company’s LAN.

The best way to combat this is by limiting any outbound traffic through your firewall so only specific ports are allowed for SQL Server communication (default port 1433 for TDS traffic). This will prevent any connections that are not predefined, even if you give express permission to an IP address.

• Ensure Database Backups Are Complete and Accessible – 

A database backup does not need to contain sensitive information about your business; rather it is the act of making the information available to unauthorized individuals or tampering with this data due to its default permissions which can pose a threat. If backups are left insecure, then an intruder would be able to make changes without leaving any trace since they could always be overwritten by restoring the proper backed-up version.

Conclusion

Databases must be protected alongside other critical components of your business’ network security procedures because letting them fall into the wrong hands will only lead to decreased productivity and potential data loss or breach. Remember that databases hold the information of every single person who interacts with your organization, whether it be sales figures, personal information such as addresses and phone numbers, credit cards for customers paying online, usernames, and passwords used to log into business-related websites…the list goes on.

Protecting databases is an integral part of safeguarding any company’s assets because they also house the information needed to perform a multitude of day-to-day operations within a particular company. If a hacker gains access through these servers to modify the records stored inside them, then it becomes much easier for them to achieve their goal without having to actually hack anything else since they have already gained complete control over what they need to get to the next step.

In the event that an intruder does manage to gain administrative access from within your network, then it is extremely important that you have a recovery plan in place before disaster strikes. This can save valuable time and resources when trying to recover lost data, and ultimately will help save your company from going under.