In the digital realm where data breaches have become all too common, affecting both colossal enterprises and individual users alike—such as the OPM and PlayStation Network incidents—vigilance in data protection is paramount. Interestingly, the foundational practices recommended to safeguard against such breaches are often overlooked or underutilized, despite being recognized as standard protocols across the IT industry.
Do Not Reuse Passwords: This "common sense" policy, while seemingly simple, is a crucial linchpin in securing databases. If one database uses a root password, say "P@ssW0rd123!!", it should be unique, never replicated across other systems. This practice significantly narrows the breach impact, as compromised credentials from one system won't unlock the doors to others. However, it's astonishing how often this practice is neglected, especially within extensive networks with innumerable servers and workstations. The habits we cultivate in personal computing often seep into our professional practices, highlighting the need for diligent password hygiene everywhere.
Two-Factor Authentication (2FA): The second pillar of a robust defense strategy involves 2FA. This isn't just for personal accounts with multiple logins but is critically applicable in hardening enterprise databases. If a database administrator (DBA) can implement 2FA for database management systems (DBMS), it should be a non-negotiable default. This level of authentication fortitude could have preempted the lax security that led to Verizon Enterprise's databases being exposed with no authentication. A solid authentication policy lays the groundwork for more comprehensive access control measures, ensuring only authorized eyes have access to sensitive data.
Regular Updates and Upgrades: Keeping server software up to date is the third practice that cannot be overstated. Updates may arrive in various forms, such as information assurance vulnerability alerts or directly from the manufacturer. For example, updates from RDBMS software like Sybase’s Adaptive Server Enterprise (ASE) must be diligently applied. The responsibility lies with the system administrators (SAs) and DBAs to stay informed and act promptly, especially if a product is nearing its end of life and a more secure version is available.
Encryption: Finally, the linchpin of data security is encryption. Full-disk encryption (FDE) of database drives protects data at rest, while transport encryption protocols safeguard data in motion. The concept is akin to securing credit card information during an online transaction. Both the transmission of the data and the medium where it's stored must be encrypted to ensure confidentiality. Additionally, depending on the trust infrastructure in use, integrity checks (like SHA-2 on PKI certificates) can add another layer of security, covering two-thirds of the CIA Triad.
These measures are just the beginning of hardening a database against intrusions. By applying these and other industry-recommended practices, DBMS—whether distributed or not—become far more resilient to cyberattacks. It's a continuous process, much like strengthening the walls of a fortress, ensuring that the treasure trove of data within remains secure.
By embracing these recommended practices, we can significantly improve the security posture of our digital assets. Whether for personal use or within a sprawling enterprise, these strategies form a critical defense against the ever-evolving threats in cyberspace.
Reach out to Modernize: Consulting and Technology to learn how to improve your company's security practices.
References
The sources cited offer further reading on the importance of robust security measures and the consequences of inadequate practices. They provide a wealth of information on how to implement these security strategies effectively.
Baccam, T. (2009, November). Sponsored by Oracle Making Database Security an IT ... Retrieved July 5, 2016, from http://www.virtualization.co.kr/reference/SEC_US_EN_WP_SANS_SecurityPriority.pdf
Cluley, G. (2013). 55% of Net Users Use the Same Password for Most, If Not All, Websites. When will they learn? Retrieved July 05, 2016, from https://nakedsecurity.sophos.com/2013/04/23/users-same-password-most-websites/
Coy, S. P. (1996). Security Implications of the Choice of Distributed Database Management System Model: Relation vs. Object- Oriented. Retrieved July 4, 2016, from http://csrc.nist.gov/nissc/1996/papers/NISSC96/paper072_073_074/SCO_.PDF
Davis, J. S. (2016, April 19). Hacker Behind Hacking Team Breach Publishes How-To Guide. Retrieved July 05, 2016, from
Honan, M. (2014, September 5). Three Essential Steps to Make Yourself More Hack-Proof. Retrieved July 05, 2016, from
Setty, H. (2001). System Administrator - Security Best Practices. Retrieved from https://www.sans.org/reading- room/whitepapers/bestprac/system-administrator-security-practices-657
Shulman, A. (2006). Top Ten Database Security Threats. Impreva Inc. Retrieved from:
Comments