Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • 10 Database Security Best Practices You Should Know
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

10 Database Security Best Practices You Should Know

5 years ago Tripwire Guest Authors
10 Database Security Best Practices You Should Know

According to Risk Based Security’s 2020 Q3 report, around 36 billion records were compromised between January and September 2020. While this result is quite staggering, it also sends a clear message of the need for effective database security measures.

Database security measures are a bit different from website security practices. The former involve physical steps, software solutions and even educating your employees. However, it’s equally important to protect your site to minimize the potential attack vectors that cyber criminals could exploit.

Let’s look at 10 database security best practices that can help you to bolster your sensitive data’s safety.

1. Deploy physical database security

Data centers or your own servers can be susceptible to physical attacks by outsiders or even insider threats. If a cybercriminal gets access to your physical database server, they can steal the data, corrupt it or even insert harmful malware to gain remote access. Without additional security measures, it’s often difficult to detect these types of attacks since they can bypass digital security protocols.

When choosing a web hosting service, make sure it’s a company with a known track record of taking security matters seriously. It’s also best to avoid free hosting services because of the possible lack of security.

If you house your own servers, adding physical security measures such as cameras, locks and staffed security personnel is highly suggested. Furthermore, any access to the physical servers should be logged and only given to specific people in order to mitigate the risk of malicious activities.

2. Separate database servers

Databases require specialized security measures to keep them safe from cyberattacks. Furthermore, having your data on the same server as your site also exposes it to different attack vectors that target websites.

Suppose you run an online store and keep your site, non-sensitive data and sensitive data on the same server. Sure, you can use website security measures provided by the hosting service and the eCommerce platform’s security features to protect against cyberattacks and fraud. However, your sensitive data is now vulnerable to attacks through the site and the online store platform. Any attack that breaches either your site or the online store platform enables the cybercriminal to potentially access your database, as well.

To mitigate these security risks, separate your database servers from everything else. Additionally, use real-time security information and event monitoring (SIEM), which is dedicated to database security and allows organizations to take immediate action in the event of an attempted breach.

3. Set up an HTTPS proxy server

A proxy server evaluates requests sent from a workstation before accessing the database server. In a way, this server acts as a gatekeeper that aims to keep out non-authorized requests.

The most common proxy servers are based on HTTP. However, if you’re dealing with sensitive information such as passwords, payment information or personal information, set up an HTTPS server. This way, the data traveling through the proxy server is also encrypted, giving you an additional security layer.

4. Avoid using default network ports

TCP and UDP protocols are used when transmitting data between servers. When setting up these protocols, they automatically use default network ports.

Default ports are often used in brute force attacks due to their common occurrence. When not using the default ports, the cyber attacker who targets your server must try different port number variations with trial and error. This could discourage the assailant from prolonging their attack attempts due to the additional work that’s needed.

However, when assigning a new port, check the Internet Assigned Numbers Authority’s port registry to ensure the new port isn’t used for other services.

5. Use real-time database monitoring

Actively scanning your database for breach attempts bolsters your security and allows you to react to potential attacks.

You can use monitoring software such as Tripwire’s real-time File Integrity Monitoring (FIM) to log all actions taken on the database’s server and alert you of any breaches. Furthermore, set up escalation protocols in case of potential attacks to keep your sensitive data even safer.

Another aspect to consider is regularly auditing your database security and organizing cybersecurity penetration tests. These allow you to discover potential security loopholes and patch them before a potential breach.

6. Use database and web application firewalls

Firewalls are the first layer of defense for keeping out malicious access attempts. On top of protecting your site, you should also install a firewall to protect your database against different attack vectors.

There are three types of firewalls commonly used to secure a network:

  • Packet filter firewall
  • Stateful packet inspection (SPI)
  • Proxy server firewall

Make sure to configure your firewall to cover any security loopholes correctly. It’s also essential to keep your firewalls updated, as this protects your site and database against new cyberattack methods.

7. Deploy data encryption protocols

Encrypting your data isn’t just important when keeping your trade secrets; it’s also essential when moving or storing sensitive user information.

Setting up data encryption protocols lowers the risk of a successful data breach. This means that even if cybercriminals get a hold of your data, that information remains safe.

8. Create regular backups of your database

While it’s common to create backups of your website, it’s essential to create backups for your database regularly, as well. This mitigates the risk of losing sensitive information due to malicious attacks or data corruption.

Here’s how to create database backups on the most popular servers: Windows and Linux. Also, to further increase security, ensure that the backup is stored and encrypted in a separate server. This way, your data is recoverable and safe if the primary database server gets compromised or remains inaccessible.

9. Keep applications up to date

Research shows that nine in 10 applications contain outdated software components. Furthermore, analysis on WordPress plugins revealed that 17,383 plugins hadn’t been updated for two years, 13,655 for three years and 3,990 for seven years. Together, this creates a serious security risk when thinking about software that you use to manage your database or even run your website.

While you should only use trusted and verified database management software, you should also keep it updated and install new patches when they become available. The same goes for widgets, plugins and third-party applications, with an additional suggestion to avoid the ones that haven’t received regular updates. Steer clear of them altogether.

10. Use strong user authentication

According to Verizon’s most recent research, 80% of data breaches are caused by compromised passwords. This shows that passwords alone aren’t a great security measure, primarily because of the human-error aspect of creating strong passwords.

To combat this issue and add another layer of security to your database, set up a multi-factor authentication process. (This method isn’t perfect because of recent trends.) Even if credentials get compromised, cyber criminals will have a difficult time going around this security protocol.

Also, consider only allowing validated IP addresses to access the database to mitigate the risk of a potential breach further. While IP addresses can be copied or masked, it requires additional effort from the assailant.

Enhance your database security to mitigate the risks of a data breach

Keeping your database secure against malicious attacks is a multi-faceted endeavor, from the servers’ physical location to mitigating the risk of human error.

Even though data breaches are becoming more frequent, maintaining healthy security protocols lowers the risk of being targeted and helps to avoid a successful breach attempt.

About the Author: Kristina Tuvikene is an editor at ONLINE ONLY, an agency that works with cloud services brands among others. You can find her on LinkedIn.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” 10 Database Security Best Practices You Should Know” appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags: Cloud, Exploit, Linux, Microsoft, TripWire

Continue Reading

Previous Tax Season Ushers in Quickbooks Data-Theft Spike
Next Russian Hackers Targeted Ukraine Authorities With Supply-Chain Malware Attack

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists

5 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

1 day ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

1 day ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

1 day ago [email protected] (The Hacker News)

Recent Posts

  • German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT