Article

Four simple steps to a more secure database

Eileen Kennedy, News Writer
Although IT managers know they should do everything they can to maintain secure databases for their business and customers, experts say it's important to regularly review some simple but effective steps that sometimes get forgotten in the daily hubbub.

First, don't forget the patches. IT managers should keep current with the latest security patches for the network's operating system and databases, said Gerhard Eschelbeck, chief technological officer and senior vice president of engineering at Webroot Software Inc., a Boulder, Colo.-based developer of Internet security products.

    Requires Free Membership to View

More on database security:
Protecting your database: Who's looking at your sensitive data?

Database-related security policies to think about

Enhance your SQL Server security skills with five quick steps

Meet compliance with improved database security practices

"Unpatched security vulnerabilities are frequently used by attackers to compromise systems and databases," he said.

And weak or default passwords should be weeded out, as should unused login accounts, Eschelbeck said. "Unsecured login accounts or permissions lead to unauthorized access of your data," Eschelbeck said.

Limiting physical and network access to the database system is another crucial security step, according to Serdar Yegulalp, an author and editor of Windows Power Users Newsletter.

"Treat a database like any other computer asset that you want to protect. Don't just let anyone get to it," he said.

Database contact should be limited to machines that have to talk to it while ensuring standard protections are in place, he said.

Also, if a company uses a Web application to access its database -- with such scripts in Active Server Page, or ASP.NET technology -- and the scripts crash, it can potentially reveal its source code when it makes an error report, Yegulalp said.

In a case like that, limiting database access to the correct users is essential. If through proper security measures the database access is already limited to the right users, any script crashes will not reveal database connection information to the wrong users, Yegulalp said.

"I've seen this happen more than a few times -- the database connection name and password for all the world to see," he said, adding that he recommends rotating the password for the database connection regularly, which adds just one more layer of security to the process.

Finally, sensitive data, such as credit card or social security numbers, should be encrypted when they are stored in a database, not just when the data is in transit, Eschelbeck said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: