News Stay informed about the latest enterprise technology news and product updates.

Four simple steps to a more secure database

Refresh your knowledge for securing your customer database and make sure no vulnerabilities are being overlooked.

Although IT managers know they should do everything they can to maintain secure databases for their business and customers, experts say it's important to regularly review some simple but effective steps that sometimes get forgotten in the daily hubbub.

First, don't forget the patches. IT managers should keep current with the latest security patches for the network's operating system and databases, said Gerhard Eschelbeck, chief technological officer and senior vice president of engineering at Webroot Software Inc., a Boulder, Colo.-based developer of Internet security products.

More on database security:
Protecting your database: Who's looking at your sensitive data?

Database-related security policies to think about

Enhance your SQL Server security skills with five quick steps

Meet compliance with improved database security practices

"Unpatched security vulnerabilities are frequently used by attackers to compromise systems and databases," he said.

And weak or default passwords should be weeded out, as should unused login accounts, Eschelbeck said. "Unsecured login accounts or permissions lead to unauthorized access of your data," Eschelbeck said.

Limiting physical and network access to the database system is another crucial security step, according to Serdar Yegulalp, an author and editor of Windows Power Users Newsletter.

"Treat a database like any other computer asset that you want to protect. Don't just let anyone get to it," he said.

Database contact should be limited to machines that have to talk to it while ensuring standard protections are in place, he said.

Also, if a company uses a Web application to access its database -- with such scripts in Active Server Page, or ASP.NET technology -- and the scripts crash, it can potentially reveal its source code when it makes an error report, Yegulalp said.

In a case like that, limiting database access to the correct users is essential. If through proper security measures the database access is already limited to the right users, any script crashes will not reveal database connection information to the wrong users, Yegulalp said.

"I've seen this happen more than a few times -- the database connection name and password for all the world to see," he said, adding that he recommends rotating the password for the database connection regularly, which adds just one more layer of security to the process.

Finally, sensitive data, such as credit card or social security numbers, should be encrypted when they are stored in a database, not just when the data is in transit, Eschelbeck said.

Dig Deeper on Enterprise infrastructure management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.