If there is one thing I have learned in my years in the online security business, it is that database security is a dynamic thing. I have lived in cities all around the world and have met a lot of different kinds of people, but it is the people involved in hacking through computer privacy programs that I found to be the most creative. Their creativity at trying to crack open databases always inspires me to be more creative about securing them.
I keep a log of the many different ways that hackers have tried to compromise databases, and that log has become extremely important to me. Let me reach into that log and pull out 10 of the most common areas where database vulnerability is an issue.
Ten Most Common Security Vulnerabilities
- Deployment Failings – As a database security expert, I have learned the hard way that it is not enough to make sure that a deployed database is performing its programmed tasks. I have also learned that you have to test for unexpected operations after the database is put in place. In other words, what is the database doing that it should not be doing, and how is that compromising the data?
- Not Plugging Data Leaks – Your database may reside on a server that is not connected directly to the Internet, but that does not mean the data are safe. The first time I ever deployed a database, we had a huge data leak within a week. The hacker got in by weaving through the company network from an open Internet port. Close the leaks by always assuming that the database server is online and in need of additional security.
- Inside Jobs – Companies get so caught up in preventing people outside the organization from breaking into their databases that they forget about the people who are already inside. You need to keep a close watch on your archived data and make sure they never leave the building.
- Data Corruption – I tell my customers all of the time that data are very delicate. One encrypted file on a database server, or any server that accesses the database server, can wipe out almost all of your data.
- Overwhelming The System – One of the more frustrating issues in database vulnerability that I run into is when customers try to get their database software to do something it is not supposed to do. When you ask your software to do too much, you will have problems with your database.
- Not Segregating Data – Segregating your database means separating the data and giving each segment its own physical volume to occupy. This will enhance your database security by preventing corrupted volumes from spreading. It can also help ensure computer privacy by requiring separate passwords for each segment.
- Varying Standards – A hacker will poke around in your database until a weakness is found. That is why you need to consider all of your data to be critical and have the same security standards for the entire network.
- Access Issues – In order to protect your data, you must maintain strict control over who has access to them. While working with one customer on their database security issues, I was horrified to find out that the customer had no idea exactly how many employees had the database passwords. Allowing random access to your network is one of the worst things you can do to your database.
- Enabling Unnecessary Database Features – Before you enable a feature on your database software, analyze any kind of long-reaching effects it may have. Any feature you enable has consequences, and you need to know those consequences before you click that box.
- Ineffective Usernames and Passwords – Your database usernames and passwords need to be complex if you want to protect your database. I have seen more than one frustrated client who thought they had done everything right with their database, but they were undermined by “password123” for an admin username.
Your computer data is the most important asset your company has. Always make sure that your database is not left vulnerable by something that could have easily been prevented.