Database security and threats
Database security can be broken into the following key points:
SERVER SECURITY
Limit the actual access to the database server itself. That is hiding the server from the
world. A database server should not be
visible at all by any other systems except for an assigned web server in case
the database is connected to web pages.
We can restrict access to a database server based on IP addresses. It really depends on the database server configuration when you make the decision of which IPs to grant access to. If the database server is the back end for a web server, then only the web server’s IP address should be given access. If the database server has to be access by an application used at an Intranet, then only computers within the internal network should be given access to the database.
DATABASE CONNECTIONS
We need to make sure that we do not allow unauthenticated database updates. If the user needs to update a database via a web page, ensure that users are authenticated first to ensure that updates are safe.
TABLE ACCESS CONTROL
Properly using Table access control will require the system administrator and database developer to work closely to achieve tighter security. For example, if a table is just used for system reference then it should have read permissions only.
RESTRICTING DATABASE
ACCESS
Let’s look into the network access of the system. The most vulnerable databases systems are those that are Internet based. All web-enabled applications have ports that they listen to. One of the first things you can do is to change the default port numbers used by many database systems. This step prevents intruders from associating listening ports to applications. The first thing that an attacker does is to find out which machines are connected to the Internet and therefore reachable. They do this by pinging computers by their IP address. A ping is just an ICMP packet and system administrators should disable ICMP packets from reaching their systems. Another way to protect database servers from Internet access is to disable accounts after so many password attempts. Without user id suspension, an attacker can try millions of passwords until access is granted.
Oracle Authentication methods:
QUESTIONS
How can we configure database servers to respond queries from a specific computer(s) only?
a. Using role based security
b. With table access permissions
c. Configuring trusted IPs (CORRECT)
d. Disabling ICMP packets
Why is good to disable ICMP packet replies at database servers?
a. For faster query responses
b. It changes default port numbers
c. It disables account after multiple password attempts
d. It makes the server hard to find on the Internet (CORRECT)
Q. What are some of the steps we can take to secure our databases server?
A. Configure Trusted IPs, establish user identity by using authentication, table
access permissions, any deny
any ICMP requests.