How do we secure a database? ....... by Alvaro Salcedo

It is very hard to keep track of how to really maintain your organization’s database safe 24/7. There are new versions and updates for operating systems and database packages almost every day. As a database administrator and network administrator, it is your duty to try to catch up with technology and keep your system safe.

The main database technologies used in companies in current days and the most popular ones are:

· MySQL
· Oracle
· SQL Server

The main strategies to secure a database are:

1. Database Package security accounts
2. Operating System user accounts
3. Operating System updates and patches
4. Operating System Protocol checking
5. Firewall installation


Database Package security accounts

The three main database packages mentioned above allow administrators to create accounts and provide different permission levels according to the organization’s necessities.

Here is a GUI example of MySQL, which now shows everyone is granted access because I have it running locally on my computer. This measure is not safe at all in a real world situation. However, this serves for sample purposes.

Operating Systems User Accounts

As an administrator, you have to be aware of hackers being able to brake into your system and the different vulnerabilities your server could have. It is very important to have user groups and user accounts specifying explicitly what privileges each users have. Many systems have by default anonymous or guest accounts created, so it is very important to delete these accounts or deny them of all privileges, since these are the first account

Here is a simple example of the accounts installed by default in an XP system. In servers with Active Directory, security can be more complex.


The most vulnerable systems are Windows Based Servers because of the easiness of installation. Of course an experienced administrator knows which security accounts to close and how to make secure their system. Linux and Unix based systems are by nature more secure because of their operating system’s backbone and structure.


Operating System updates and patches

It is very important to maintain your system with the most current updates and patches. Microsoft keeps their web page updated with patches as well as other operating systems. There have been many Windows vulnerabilities found on ODBC and other database related features, which if the administrator is not aware of, it becomes an attacker’s weak hole for intrusion.

Operating System Protocol checking

All servers have different services they offer. It could be web service, ftp service, etc. These services are accessed through protocols that are world wide assigned a number. For example, web service is offered through protocol 80, ftp service is through protocol 21, etc. It you have a database server you have to make sure you are only running those services pertaining to the ones you want to give. On Windows you can do this by going to the services section of the administrative tools.

In this example I am showing you how the MySQL service is running since I already showed you the administration section of MySQL and we know it is running in my PC. If I made my PC a server I would have to close and stop all the services that are opened that I know I do not want to offer as a server.

Firewall installation

Installing a firewall in the point of access to the Internet in your network is a very important and crucial measure for a company. This allows administrators to close all the desired protocols and specify incoming and outgoing measures. This will work independently of the servers’ operating system the LAN might have and therefore will make it more secure. This is an expensive measure, yet it is an essential measure in an organization to keep their data and service safe. There are many economic firewalls at approximately 350 dollars for small businesses, but the more complex ones for extreme security are starting at 3,000 dollars.

 

As we have seen, there are many issues that could jeperdize the security of your database system as well as your server. Implementing users account measure in the database system and operating system, netowrk security and protocol checking are startegies that will definitely get your organization's and database systems a safer environment from outside attack.