One reality of managing large organizations involves collecting massive amounts of sensitive data that is stored and managed in databases. This makes databases a prime target for cyberattacks.
In this article, we cover some database security best practices that can help keep your databases safe from attackers.
Separate database servers and web servers
In the traditional sense, this means keeping your database server in a secure, locked environment with access controls in place to keep unauthorized people out. But it also means keeping the database on a separate physical machine, removed from the machines running application or web servers.
See our picks for the top database security tools.
A web server is more likely to be attacked since it is located in a DMZ and therefore publicly accessible. And if a web server is compromised and the database server runs on the same machine, the attacker would have access as a root user to your database and data.
Use web application and database firewalls
Your database server should be protected from database security threats by a firewall, which denies access to traffic by default. The only traffic allowed through should come from specific applications or web servers that need to access the data. The firewall should also protect your database from initiating outbound connections unless there is a specific need to do so.
In addition to protecting the database with a firewall, you should also deploy a web application firewall. That’s because attacks such as SQL injection attacks directed at a web application can be used to exfiltrate or delete data from the database. A database firewall won’t necessarily prevent this from happening if the SQL injection attack comes from an application that is an allowed source of traffic, but a web application firewall may. For more on SQL injection attacks, see How to Prevent SQL Injection Attacks.
Secure database user access
You should aim for the least number of people possible to have access to the database. Administrators should have only the bare minimum privileges they need to do their job, and only during periods while they need access. For smaller organizations, this may not be practical, but at the very least permissions should be managed using groups or roles rather than granted directly.
If yours is a larger organization, you should consider automating access management using access management software. This can provide authorized users with a temporary password with the privileges they require each time they need to access a database. It also logs the activities carried out during that period and prevents administrators from sharing passwords. While admins may find sharing passwords convenient, doing so makes proper database security and accountability almost impossible.
On top of this, it is wise to ensure standard account security procedures are followed:
- Strong passwords should be enforced
- Password hashes should be stored encrypted and salted
- Accounts should be locked after three or four login attempts
- A procedure should be put in place to ensure that accounts are deactivated when staff leave or move to different roles
For information on how to improve password security and some recommendations on what tools can help, check out our article on the best password managers.
Regularly update your operating system and patches
It’s important to regularly update your operating system and database software with all security patches installed to protect against the most recently discovered vulnerabilities. You should also ensure that all database security controls provided by the database are enabled (most are enabled by default) unless there is a specific reason for any to be disabled. This is particularly important for databases connected to a large number of third-party applications that each require their own patches.
Audit and continuously monitor database activity
This includes monitoring logins (and attempted logins) to the operating system and database and reviewing logs regularly to detect anomalous activity. You can also create alerts to notify relevant team members when potentially malicious activity is identified.
Effective monitoring should allow you to spot when an account has been compromised, when an employee is carrying out suspicious activities or when your database is under attack. It should also help you determine if users are sharing accounts, and alert you if accounts are created without your permission (for example, by a hacker).
Database activity monitoring (DAM) software can help with this by providing monitoring that is independent of native database logging and audit functions; it can also help monitor administrator activity.
Test your database security
After you’ve constructed your database security infrastructure, you should put it up against a real attack. Hacking or auditing your own database will put you in the mindset of an attacker and help you find vulnerabilities you may have missed. To ensure the test is comprehensive enough, there are third-party services and white hat hackers that specialize in penetration testing you can hire to do the job for you.
Encrypt data and backups
It is standard procedure in many organizations to encrypt stored data. However, it’s equally important to encrypt data-in-transit as well.
You should also regularly backup your database and ensure that any backups are encrypted and stored separately from the decryption keys. For example, you should not store encrypted backups alongside description keys in plaintext. Regularly backing up your system not only protects against hackers but other failures as well, such as problems with physical hardware.