MI-80

Here's something else I did for work recently. Again it's heavily commercial, but skip the parts about “yay SonicWALL!” for plenty of good advice. In the future I'm going to rework my writing style so it's unbiased, but then summarize in a separate area how SonicWALL's can take care of the point being discussed. Then with only minor revising I'll be able to toss it up here without all the commercial hoo-ha. ------ Many organizations keep their most important information in databases. Customer records, private business information, trade secrets, it's all there. A database compromise can go beyond downtime to the loss of customers and consumer trust, legal risks, and failure to meet industry regulations opening up the possibility of huge Government penalties and lawsuits. As with any other risk, databases can be largely protected through a combination of technology and policy. Following is a basic list of both the threats and how to mitigate them. 1. Weak Authentication and Access Control This boils down to the ability to both verify who someone is and to properly restrict what they can do once they're in. To start a solid policy must be in place regarding who should have access to what. This paired with keeping access to absolutely the minimum required to perform ones job is the foundation for securing a database. Query-level access control is a start. Outside of the database server itself you can use other technologies, such as SonicWALL's to help lock down database access and monitor use. By enforcing policies regarding what sites and machines have access to what database servers, as well as things like who should have access during what time of the day, helps shrink the window for possible abuse. Viewing the logs and data collected by SonicWALL's also provides a good footprint of who's doing what such as application usage and data transfer volume, helping spot possible abuses of privileges. It's also important to make sure users don't extend their privileges where they shouldn't be. Privilege escalation deals with utilizing a security vulnerability to gain higher levels of access. Regular auditing along with routine patching helps prevent this, but especially during periods of inevitable vulnerability (such as the window between when a patch is released and when it's been tested and verified by IT) an Intrusion Prevention System (IPS) such as SonicWALL's can prevent and report such attempted attacks. Query-level access control is also useful here in spotting when users suddenly gain new privileges. Another good idea is investing in user authentication technologies. Utilizing appliances such as SonicWALL's and applications such as Linux which easily interface with more advanced verification technologies such as RADIUS and physical tokens can defeat many of the most common methods of illicit access, such as stealing login credentials. 2. Software Vulnerabilities All software should be kept updated. Especially important for a database server is anything and everything that is reachable from the outside, including drivers, the operating system, and the database software itself. With record breaking numbers of vulnerabilities in mainstream products such as Microsoft Windows and SQL, and major new threat vectors attacking them such as worms and SQL injection, keeping software updated is absolutely critical. Not all is lost however. Putting a modern IPS between a vulnerable server and the Internet can act as a barrier buying precious time while patches are in testing or unavailable from the vendor. It's also helpful in the spotting of attackers. While many companies rightfully so are afraid of outside intruders, statistically over 70% of attacks come from the inside. Having a clear audit trail of an insider trying to launch an attack can stop the problem early on and give clear justification if disciplinary action is needed. 3. Denial-of-Service Denial-of-Service (DoS) attacks are too often associated only with the exhaustion of available bandwidth. It's just as easy, and common, for DoS attacks to take advantage of things like buffer overflows, data corruption, and system resource consumption. It's important to note that if an attacker can crash your server or consume all of its CPU power, it's just as effective as a bandwidth consumption attack. Patching and operating systems can help here. Certain operating systems, such as Linux, hold technologies at their core which make them fundamentally more resilient, but not invincible, against DoS attacks. The deployment of an IPS is crucial in this scenario, detecting and preventing known attacks at the perimeter. Using other technologies available in SonicWALL's such as connection limiting can control how much traffic is allowed to hit any one host helping stop an attack before it even reaches the target. 4. Database Protocol Vulnerabilities Some of the hardest hitting exploits such as the SQL Slammer worm have exploited weaknesses in database protocols. Collectively they've allowed for things such as complete system compromise, data loss, or system unavailability. Defenses here revolve heavily on patching. The parsing and validating of traffic to remove malformed content, such as a modern IPS can do, is also invaluable during times of exposure. 5. Backup Compromise The loss of database information in its backed up state has made huge headlines in recent history. Besides the millions lost directly as a result of lost consumer faith and Government penalties, ongoing class-action lawsuits risk putting the cost of lost backups well beyond what was thought possible until recent years. In-use databases should if possible be encrypted. Their backups should be no matter what. All remote uses such as mobile workers or off-location sites should also utilize encryption. The use of purpose-built backup appliances, such as the new SonicWALL CDP line, allow for automated backups without user intervention that already secure data using military grade encryption. The CDP line especially also offers deeper abilities such as moving the data in an encrypted format to a remote location or appliance, eliminating the need for human-held backup media entirely thus eliminating the possibility of a laptop or tape walking off. ------ Obviously databases hold great value. They're invaluable assets to the modern business which are vulnerable to a slew of internal and external threats. Luckily with some smart policy and technology it's entirely possible to almost completely eliminate these risks. While nothing is perfect by addressing these threats you'll be meeting the requirements of the most regulated industries in the world.