Tips on How to Secure a Database System


Database security concerns the use of a broad range of information security controls to protect databases (potentially including the data, the database applications or stored functions, the database systems, the database servers and the associated network links) against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic within the broader realms of computer security, information security and risk management.

Security risks faced by database systems includes:

Malware infections caused by unauthorized access, disclosure of personal data, deletion or damage to the data or programs, interruption or denial of authorized access to the database, DOS (Denial of Service Attack) to the database and the unanticipated failure of database services.

Unauthorized or unintended activity or misuse by authorized database users, database administrators, or network/systems managers, or by unauthorized users or hackers (e.g. inappropriate access to sensitive data, metadata or functions within databases, or data integrity or inappropriate changes to the database programs, structures or security configurations)

Overloads, performance constraints and capacity issues resulting in the inability of authorized users to use databases as intended.

Physical damage to database servers caused by computer room fires or floods, overheating, lightning, accidental liquid spills, static discharge, electronic
breakdowns/equipment failures and obsolescence

Data Integrity

The goal of database security is to protect your critical and confidential data from unauthorized access. Access in this context means not only changing or deleting the data in your database, but also just reading or disclosing it. Database security should provide controlled, protected access to the contents of your database and, in the process, preserve the integrity, consistency, and overall quality of your data. The integrity of all data within a DBMS is the prime concern of the DBA, IAO, and the application designers. Application design, development, and implementation are key factors in ensuring data integrity. Without the appropriate attention to data integrity enforcement from the DBA, IAO, and application designers, the entire application could be rendered unreliable to the
customer. To ensure data integrity, it is important to perform database administration correctly, regularly, and reliably. Some of the duties that will be performed to promote data integrity are as follows:

- Correct and successful physical backup of all database data
- Correct and successful logical backup of all database data
- Recovery operations
- Database performance analysis
- Auditing enabling
- Audit data analysis

Information security control that are appropriate in secured databases includes:

    Access control
    Integrity controls
    Application security

Processes and Procedures in securing your database and database systems:

A database security program should include the regular review of permissions granted to individually owned accounts and accounts used by automated processes. The accounts used by automated processes should have appropriate controls around password storage such as sufficient encryption and access controls to reduce the risk of compromise. For individual accounts, a two-factor authentication system should be considered in a database environment where the risk is commensurate with the expenditure for such an authentication system.

In conjunction with a sound database security program, an appropriate disaster recovery program should exist to ensure that service is not interrupted during a security incident or any other incident that results in an outage of the primary database environment. An example is that of replication for the primary databases to sites located in different geographical regions.

After an incident occurs, the usage of database forensics should be employed to determine the scope of the breach, and to identify appropriate changes to systems and/or processes to prevent similar incidents in the future.