The database: the mother lode of sensitive data

Being the heart of any corporate application means that your database technology must be implemented and configured for maximum security. While the desire to ‘make the database as secure as possible’ seems to be a clear goal, what does ‘as secure as possible’ mean?

Whether you use Oracle 10g, Oracle 11g, DB2, Microsoft SQL Server, or even MySQL or PostgreSQL, a contemporary database is at least as complex as any modern server operating system. The database system will comprise a wide range of configuration parameters, each with security implications, including:

  • User account and password configuration
  • Roles and privileges assigned
  • File / Object permissions
  • Structure diagram
  • Audit functions
  • Networking capabilities
  • Other security defense settings, for example, the use of encryption

Hardened building standard for Oracle, SQL Server, DB2, and others

Therefore, as with any Windows or Linux operating system, it is necessary to derive a hardened compilation standard for the database. This security policy or hardened building standard will be derived from best practices gathered in configuring security and vulnerability mitigation / remediation, and as with an operating system, the hardening checklist will include hundreds of settings to verify and set for the database.

Depending on the scale of your organization, you may need backup checklists for Oracle 10g, Oracle 11g, SQL Server, DB2, PostgreSQL, and MySQL, and perhaps other database systems as well.

Automated Compliance Audit for Database Systems

Potentially, there will be a requirement to verify that all databases meet their reinforced build standard, which involves hundreds of checks for hundreds of database systems, so automation is essential, especially since the lists of Reinforced verification is complex and time-consuming to verify. There is also some conflict to handle as the user doing the checklist tests will necessarily require admin privileges to do so. Therefore, to verify that the database is secure, you may need to loosen security by granting administrator rights to the user performing the audit. This provides an additional push to move the audit function to a secure and automated tool.

In fact, since security settings can be changed at any time by any user with privileges to do so, checking compliance with the hardened building standard should also become a regular task. While a formal compliance audit can be performed once a year, ensuring security 365 days a year requires automated monitoring of security settings, providing ongoing assurance that sensitive data is being protected.

Internal Threat and Malware Protection for Oracle and SQL Server Database Systems

Finally, there is also the threat of malware and insider threats to consider. A trusted developer will naturally have access to the system and application files, as well as the database and its file system. Controlling the integrity of system files and settings is essential to identify malware or the ‘back door’ of an insider-generated application. Part of the answer is to perform rigorous scrutiny of the organization’s change management processes, but automated file integrity monitoring is also essential if disguised Trojans, zero-day malware, or modified application files are to be detected. tailored.

File Integrity Monitoring – A Universal Solution for Hardening Database Systems

In summary, the most comprehensive measure to protect a database system is to use automated file integrity monitoring. File integrity monitoring or FIM technology is used to analyze configuration files and settings, both for vulnerabilities and for compliance with a hardened building standard based on security best practices.

The FIM approach is ideal as it provides instant auditing capability for any database, providing an audit report in a few seconds, showing where security can be improved. This not only automates the process, simplifying a large-scale wealth audit, but also disables the hardening exercise to some extent. Since the best practice knowledge on how to identify vulnerabilities and also which files should be inspected is stored in the FIM tool report, the user can get an expert assessment of the security of their database without the need to fully investigate and interpret the reinforcement checklist materials.

Finally, file integrity monitoring will also identify Trojans and zero-day malware that may have infected the database system, as well as any unauthorized application changes that may introduce security weaknesses.

Of course, any good FIM tool will also provide file integrity monitoring functions to Windows, Linux, and Unix servers, as well as firewalls and other network devices, performing the same malware detection and reinforcing audit reports as described for those. database systems.

For fundamentally secure IT systems, FIM is still the best technology to use.