In today’s technology-centric era where information is vital, databases and their security have become a challenging task for every organization. Databases can contain crucial information such as personal identities, credit card information, financial transactions, and system or application passwords that can be valuable to hackers and cybercriminals. According to Gemalto’s Breach Level Index, the first half of 2018 witnessed breaches of around 3.5 billion records, an increase of 72 percent over the first half of 2017. The consequences of such data breaches are expensive for the victim organization. Even a small loophole or error can allow the attackers to take hold of the database systems that can cost up to millions. To prevent themselves from such consequences, organizations should always consider “everything will be broken” threat model to secure databases and prevent valuable information from getting compromised.
In the case of complex backend systems and also where the database contains crucial data such as customer credit card information, the organization is highly prone to cyberthreats. Below are a few best practices that can assist the organizations to secure databases to a great extent to make the potential attackers move on to an easier target:
- Isolation of web servers and databases
- Set up web application firewalls (WAF) and anti-malware solutions
- Implement data encryption and backup
- User account management
- Regularly update and implement patches
1. Isolate web servers and databases
Implementing applications and databases on the same machine makes it easier for the attackers to break into the system and crack the administrator account of only one server to gain access to the entire database. This is the big security hole that invites any attacker who is sitting backstage and is looking to capture the vital information from the system.
Best practice: To protect the organization’s sensitive information from unauthorized access, IT admins should strictly keep both the servers (application and database) on different physical machines. A high-performance hosting server for the application can be the right choice, but for storing customers’ valuable data, organizations must choose a separate database server with support for a high level of security features (like multifactor authentication) and proper access permissions.
2. Set up web application firewalls (WAF) and anti-malware Solutions
Setting up a firewall is another robust way to keep attackers at bay. While firewalls ensure database security by denying traffic entering through an unauthorized source, it is also a useful way to monitor the access to the server by company employees, if required. For example, SQL injection is the most common attack that is carried out by cybercriminals to intrude into the system. But this can be checked by proper configuration of the firewall.
Best practice: Once organizations set up the database, they should ensure that the machine is fully protected with a firewall that is capable of filtering any outbound connections and any requests (aside from those that are necessary) that are meant to access useful information. Also, organizations should make sure that the database server is also protected from any malicious files by installing anti-malware and anti-ransomware software. The traffic should be allowed only from a trusted source or a specific web server. Firewall rules on the database server should be reviewed regularly. Machine hardening and firewall rules should be periodically tested via network scans or by allowing ISP scans. Any unused or unnecessary services on the database server that are not frequently required should be turned off.
3. Implement data encryption and backups
The threat model “everything will be broken” says that the organization should always be prepared for implementing an extra layer of security to prevent data from being compromised. This extra layer of protection can be implemented via encryption. This removes the cherry from the cake for the attackers, because they need to make extra efforts to break the cipher even if they gain access to the database.
Best practice: The first phase of encryption entails protecting the data with a private key on the application server or the database server. So, even if attackers gain access to the database, they cannot decrypt or read the data easily. The second phase entails encryption of data in transit, which means the data is encrypted before it starts moving over the network from the application server to database server and vice-versa.
4. Establish user account management
It’s not only cybercriminals you need to worry about: employees of the organization can also be a significant threat to valuable data. It is likely that many users, with different roles, may access the database frequently. Despite good intentions, it is possible to leak confidential information on a large scale. That’s why it becomes vital to manage user accounts carefully.
Best practice: Organizations should aim for the least number of users to gain access to the database. The authorized users should be provided access to the database by using the one-time password (OTP) technique, only when required, to avoid any unauthorized access at odd times. Only a limited number of clients should be allowed to access the database. Use of strong passwords should be enforced to access the database. Database credentials should be stored in a hashed and salted format so they are unreadable. Activity logs should be maintained regularly to monitor all the activities pertaining to the queries and requests. Auditing and logging can help investigate suspicious activities if the organization has experienced a data breach.
5. Patch the operating system and applications
Many backend systems use third-party APIs, apps, and plugins in their applications, and this can be a vulnerable target for cybercriminals. To cope with this, the organization should establish a robust patch management system to avoid exploitation of any known vulnerabilities.
Best practice: Keep all the third-party software, APIs, and plugins updated to their latest versions. These updates should be carried out at regular intervals or whenever the new patches are released by the API or plugin vendors. This ensures that the latest release or versions are capable of immunizing the system with recently discovered cyberthreats. Not only this, the plugins or APIs or services that are not in use in the application should be removed entirely from the system or should be deactivated.
Additional recommendations to secure databases
No matter how strongly the database server is protected, there is always a chance for an attacker to infiltrate the system. Taking regular backups of the encrypted copy of the database frequently should also be involved in the daily routine tasks. A cron job may help any organization achieve this at regular intervals. This ensures the sigh of relief and that the data can be restored even if it is compromised in the worst-case scenario.
Setting up a database proxy may also prove to be a good solution as it sits between the application and the database. It parses queries and only accepts requests from the application server and blocks any other requests that are not identified to be generated through a trusted source.
Secure databases mean a more secure organization
It is an obligation for the organization to keep the customer’s valuable data secure to the extent where it does not cost any legal ramifications and lose customer confidence. These five best practices, if adopted and implemented appropriately, not only help secure databases and reduce the risk of valuable information being mishandled but also ensure that the organization is prepared to face any unforeseen attack that may wreak havoc.
Featured image: Pixabay