5 Best Practices for Securing Databases

Most organizations, whether public or private sector, are facing exponential increases in the
amount of information and data that they need to continuously track, manage, and protect to
ensure organizational success, continuity of operations and long-term viability.
While many attackers still focus on denial of service attacks, cybercriminals often target the
database because that is where sensitive information resides that would interest someone looking
to steal credit card information or personal identities. With so much at potential risk, those
involved with responsibility and control over the resources required to secure the databases must
assume the role of stewards of the data and ensure that business operations are not threatened.
Here are a few best practices that can assist all organizations, regardless of industry or size, to
secure their databases to make potential attackers move on to an easier target:
1. Separate the Database and Web Servers
Always keep the database server separate from the web server.
Most vendors try to make things easier by having the database created on the same server that
the application is installed. This also makes it easier for an attacker to access the data because
they only need to crack the administrator account for one server to have access to everything.
Recommendation: Install the database on a separate database server located behind a firewall,
not in the DMZ with the web server. While this makes for a more complicated setup, the security
benefits outweigh the additional technical efforts required.
2. Encrypt Stored Files and Backups
The stored files of a web application often contain information about the databases that the
software needs to connect to. This information, if stored in plain text like many default
installations do, provide the keys an attacker needs to access sensitive data.
Not all data theft or destructions happen as a result of an outside attack. Sometimes employees
who were once trusted can be compelled to steal or destroy data as well. In addition, data that
contains regulated information (HIPAA, SOX, DoD, etc.) must be encrypted if the storage media
is ever out of your security authority.
Recommendation: Encrypt any files that have value to the organization and are stored on the
application or database server. If they have value to your organization, they are of value to an
attacker.
3. Use a Web Application Firewall (WAF)
Many people are under the misconception that protecting the web server has nothing to do with
the database. This is not true. In addition to protecting a site against cross-site scripting
vulnerabilities and website vandalism, a good application firewall can thwart SQL injection
attacks as well. By preventing the injection of SQL queries by an attacker, the firewall can help
keep sensitive information stored in the database away from attackers.
Recommendation: Employ web application firewalls.
All web applications are available to customers/constituentsas well as attackers24x7x365.
For this reason, traditional IT security systems, such as firewalls or IDS/IPS, may be unable to
guard against these attacks or do not offer comprehensive protection.
4. Keep Patches Current
Websites that utilize third-party applications, components, and various other plug-ins and add-
ons are more susceptible to an exploit than those that have been patched.
Recommendation: Keep patches current to the most recent release.
5. Enable Security Controls
Though most databases enable security controls by default, administrators should always check
the security controls to ensure that this is the case. It is important to remember that though most
organizations may rely on a web developer to create a secure system, the DBA is ultimately
responsible for ensuring that security is maintained once development and the implementation
are complete.
Recommendation: Enable security controls on all databases and do not assume that this is the
default. Ensure that there are corresponding business processes in place.
DBAs Play a Key Role in Security
DBAs play an increasingly crucial role in security. The consequences of not safeguarding data or
failing to comply with regulations for data security can include significant fines and jeopardize
business operations and the reputation of your organization.
We address this challenge of our customers with Database Security solution from DataSunrise Inc.
DataSunrise Database Security delivers Software to Secure Data Across the World it is a cross-platform, high-
performance software solution for real-time databases protection. DataSunrise powerful software helps
securing the corporate databases from many types of external and internal threats such as SQL injections or
unauthorized access attempts. DataSunrise Dynamic Data Masking obfuscates and masks the entire or partial
sensitive data set returned from the data store.

DataSunrise can be deployed easily in the cloud or on-premises.

DataSunrise Database Security supports all major vendors of databases and data warehouses. DataSunrise
secures databases running on most operating systems (Windows, Linux, UNIX) and features a user-friendly,
comprehensive user interface.

DataSunrises Discovery of Sensitive and Privacy Data enables the visibility into security intelligence,
classification of the data and empowers organizations to mitigate the risks.

DataSunrise is integrated with third-party SIEM systems such as Splunk, HP ArcSight, IBM QRadar, McAfee or
other security solutions.

DataSunrise helps in ensuring the compliance with security standards such as HIPAA, ISO 27001, PCI or
GDPR.

Real-Time
DataSunrise Database Security protects your data and databases both from external and
internal threats while performing database audit, activity and traffic monitoring in real-time
with high performance.
Cross-Platform
DataSunrise Database Security is actively available on the spot to protect data in Oracle, DB2,
Teradata, MySQL, MSSQL, PostgreSQL, MariaDB, Greenplum, Amazon Redshift, Amazon
Aurora and Netezza databases. Due to its cross-platform capabilities, DataSunrise database
firewall is compatible with databases running on most popular platforms such as Linux,
Unix(AIX, Sun Solaris, HP UX, etc.) and Windows. The wide heterogeneous support and
unified security control is especially important when enterprises and organizations run
different database and operating system platforms in their environments, both on premises and
in cloud.
Self-Learning
DataSunrise includes highly efficient Data-Centric security governance policies and controls.
The database firewall enables its user to customize the security rule set to easily adapt it to
specific application requirements. Moreover, DataSunrise can configure itself automatically
due to integrated self-learning algorithms. During the learning period DataSunrise utilizes its
Learning Mode functionality to research database users behavior and create a White List of
typical SQL statements.