Databases are arguably the most important and, unfortunately, also the most complex of our servers these days. The SQL (or NoSQL) language is richer than any other server command language. You can connect to databases using a great many networking libraries and authentication methods. There are many thousands of packages and procedures in any database. There are often even a Java virtual machine and an HTTP server. You can call out from the database using external procedures or various utility packages. All these are functionality that is great when you look at productivity and building applications. But from a security standpoint, the more options and capabilities a server has, the harder it is to secure and monitor it properly (the bigger the surface area). Each such option can be used by an attacker to gain unauthorized access or misuse authorized access. Couple that with the fact that there is a rich history of data breaches that included a database attack and the fact that the database always contains your crown jewels and you get to a point that protecting the database is an imperative.
There is a large body of knowledge by now on what activities are required in order to secure databases and in order to comply with regulations and requirements. There are checklists you can follow – at least for some of the mainstream databases. This is good – it means you can adhere to a set of best practices and achieve security and compliance by investing in the following:
- Discovery – you can’t secure that which you don’t know. You need to have a good mapping of your assets – both of your instances and of your sensitive data. Plus, you need to automate discovery since the state of this “asset map” six or twelve months into the future will be different from what it is today.
- Vulnerability and configuration assessment – you need to asses the configuration of your databases to ensure that they don’t have security holes in them. This verification includes both the way the database is installed on the operating system and the configuration options within database itself. You need to verify that you are not running versions of the database with known vulnerabilities.
- Hardening – the result of an assessment is often a set of recommendations. This is the first step in hardening the database. Other elements of hardening involve removing all functions and options that you do not use.
- Change auditing – once you have a hardened configuration you must continually track it to ensure that you don’t digress from a secure configuration. You do this using change auditing tools which compare snapshots of the configurations (at both the operating system level and at the database level) and alert you when a change is made that may affect the security of the database.
- Database activity monitoring – while changes can and should be tracked using change auditing, you can also use database activity monitoring to alert on changes made through a SQL (or NoSQL) interface. Additionally, database activity monitoring lets you detect intrusions and misuse, detect fraud, and discover problems at real-time, limiting your exposure considerably.
- Auditing – audit trails must be generated and maintained for database activity that may have an impact on security, integrity or on access to sensitive data.
- Authentication, access control and entitlement management – not all data and not all users are created equal. You must authenticate users, you must ensure full accountability per user, and you must manage privileges to limit access to data. You need to enforce these privileges even for the most privileged database user. You also need to review entitlement reports periodically as part of an audit process.
- Encryption – use encryption to render sensitive data unreadable. Use encryption so that an attacker cannot gain unauthorized access from outside the database. This includes both encryption of data-in-transit so that an attacker cannot eavesdrop at the networking layer and gain access to the data when it is sent to the database client as well as encryption of data-at-rest so that an attacker cannot use the media files and extract the data there.