Thus far, 2005 has proven to be the year of database security breaches gone public. No organization seems too large or too small to feel the effects of database intruders and thieves. You need only look at the front page of your local newspaper to know the threat is real – Citigroup, LexisNexis, Polo Ralph Lauren, Tufts University, DSW, MasterCard – unfortunately, the list of victims reads like a laundry list of well-known enterprises.

The effects of a publicized security breach are palpable – business reputations are dragged through the mud, while consumers are growing more wary that their private data is being pilfered, spurning concerns of identity theft and credit fraud. While it is important to be wary of sensationalism in the media and among vendors, it is also important to ensure you are implementing the best security practices to ensure that your databases are kept safe and secure.

Data theft protection

What can an organization do to ensure that they don’t make the data theft headlines? Fortunately, there are several steps a security practitioner can take to help ensure his or her databases remain secure. Implementing the suggestions below will help keep you on the fast track to security success.

1. ESTABLISH A BASELINE.

An important first step is to assess your current level of database security and to establish a baseline for future comparisons.

2. UNDERSTAND VULNERABILITIES.

In order to understand vulnerabilities, it is important to be aware of the different kinds:

A. Vendor bugs are buffer overflows and other programming errors that result in users executing the commands they are allowed to execute. Downloading and applying patches usually fix vendor bugs. To ensure you are not vulnerable to one of these problems, you must stay aware of patches, and install them immediately when they are released.

B. Poor architecture is the result of not properly factoring security into the design of how an application works. These vulnerabilities are typically the hardest to fix because they require a major rework by the vendor. An example of poor architecture is when a vendor utilizes a weak form of encryption.

C. Misconfigurations are caused by not properly locking down databases. Many of the configuration options of databases can be set in a way that compromises security. Some of these parameters are set insecurely by default. Most are not a problem unless you unsuspectingly change the configuration. An example of this in Oracle is the REMOTE_OS_AUTHENT parameter. By setting REMOTE_OS_AUTHENT to true, you are allowing unauthenticated users to connect to your database.

D. Incorrect usage refers to building applications utilizing developer tools in ways that can be used to break into a system. SQL INJECTION is an example of incorrect usage.

3. MONITOR & MAINTAIN.

Monitor your progress to ensure baseline compliance and to evaluate the threat environment. Review permissions granted into the database and limit access.

4. STAY PATCHED.

Rest assured that possible intruders are paying attention to known vulnerabilities; are you? A crucial part of securing your database is to ensure that you are up to date with all patches and are monitoring any known vulnerabilities that could affect your security efforts.

5. REGULAR AUDITS.

Conducting regular audits will ensure your security policies are on track and will help you identify any irregularities or potential breaches before it’s too late.

6. VULNERABILITY ASSESSMENT & SECURITY AUDITING.

Utilizing security auditing tools will assist you in monitoring and recording what is happening within your database and alert you to suspicious or abnormal activity. With these practices you are not just guarding your database from the outside, but from any inside intruders.

7. REAL-TIME INTRUSION DE-TECTION.

While audits and vulnerability assessment serve as a great base-lining tool, the best offense is real-time detection. Implementing an alert system in real-time ensures you up-to-the-minute security awareness.

8. ENCRYPTION.

Encryption is considered the last line of defense against an intruder. If security auditing and vulnerability assessment practices have somehow failed to protect your database from potential abuse, an encryption tool can protect your most critical data from being exploited.

9. MAINTAIN PERIMETER SE-CURITY.

Steps one through eight are meant to protect data at its source, the database, but they are not intended to replace more traditional perimeter security measures. Firewalls and other perimeter security measures are still an important aspect of your security strategy. It is important to remember that today’s threats are more dynamic and thus require a multi-tiered approach to prevention. To put it another way, just because you have guards in the castle it doesn’t mean you want to skimp on the moat.

10.INSULATE THE DATABASE FROM THREAT SOURCES.

Last but not least, don’t overlook the obvious. Make sure that all passwords have been changed from their defaults and that they are updated regularly. Lock user accounts that aren’t being used, and educate your employees. Ensuring that everyone on your team understands the necessary steps and expectations for proper security will help your security policies run smoothly.

Maintaining regulatory and security best practices is not an easy task, but with a well thought out security plan, you and your security team can keep your organization’s sensitive data out of harm’s way.