Data Security

Dr. Assem Khalaf

gu.edu.eg
4. Harden The Database
Just as the server must be hardened, the database
should also be hardened to prevent simple attacks
and exploits.

2
Database hardening varies according to the type of
database platform, but the common steps include
strengthening password protection and access
controls, securing network traffic, and encrypting
sensitive fields in the database.
All unused or unnecessary services or functions of
the database should be removed or turned off to
prevent unrecognized exploitation.

3
5. Audit And Continuously Monitor Database
Activity
DevOps designs with certain expectations, but after
integrating databases with applications and moving
them into a production environment, some
unexpected access, user queries, or data behavior
may occur. Admins need to continuously monitor
and audit database logs, data, and activity including:

4
• User login logs, especially attempted and failed
logins
• Locked accounts (from excessive failed login
attempts)
• Database privilege escalation
• Database data extraction, copying, or deletion
(particularly large-scale changes or extractions)
• Access to sensitive or regulated data (may be
required for compliance)
• New account creation

5
6. Test Your Database Security
Although audits can catch malicious activity in progress,
organizations should not wait for attacks to test their
database deployments. Database vendors should be
monitored for updates and patch management processes
should update databases with minimal delay.

6
Yet patching only addresses publicly announced
vulnerabilities. Some database vendors will offer security
and configuration testing tools, such as Oracle’s Database
Security Assessment Tool, that can help identify risks.
However, these tools should not be assumed to provide
100% assurance and should be complemented by
subsequent testing using vulnerability
scans and penetration tests that simulate potential attacks
to expose misconfigurations, inadvertently accessible
data, and other issues.

7
7. Database Data Best Practices
Databases structure data, but the data contained within
the database also needs to be protected. The first step
requires an organization to store only the protected data
required for the business function. Eliminating excessive
data or purging unnecessary historical information can
minimize risk exposure.

8
Next, the data must be intentionally controlled.
Redundancy of protected data should be eliminated
throughout the system, and shadowing of protected
data outside the system of record must be avoided
wherever possible. Hashing functions can be applied to
protected data elements before storing data required for
matching purposes outside of the system. Wherever
possible, protected data such as health information or
credit card numbers should be dissociated from
personally identifiable information (PII).

9
Related System Security Best Practices
If a security practice does not apply specifically to
databases, it cannot be considered solely a
component of database security. However, this does
not diminish the importance of these practices or
that these security practices should be in place to
ensure database security.

10
Related System Security Best Practices
1. Physical Security Best Practices
Although it can sometimes be overlooked, physical
security must not be assumed. An attacker’s physical
access to a data center can undermine even the best
cybersecurity practices and technology. Securing a
physical environment containing servers and
network equipment should be the first best practice
for fundamental IT security.

11
Related System Security Best Practices
Onsite data centers require physical security
measures such as cameras, locks and staffed security
personnel, and any physical access servers should be
controlled, logged, and regularly reviewed. If regular
access is not typical, then alerts should be
generated.

12
2. Use Web Application And Network Firewalls
Firewalls provide foundational protection for all IT
assets. In addition to deploying a firewall for the
database, organizations need to deploy next
generation firewalls (NGFW) to protect their networks
and web application firewalls to protect the websites
and applications accessing the database.

13
These more general firewalls protect the organization
as a whole against attacks that affect databases as well
as other systems, such as SQL injection
attacks and distributed denial of service (DDoS)
attacks.

14
3. User Authentication
When databases authorize users for access, the
inherent assumption is that the user has already been
authenticated and proven their identity. Security best
practices require the authentication or identity
verification of all types of users such as guests,
employees, customers, and administrators. User
authentication security sub-categories include insider
threat management, user verification, and privileged
access management (PAM).

15
4. Device Security
All devices that access the database, and the
network in general, need to be verified and
continuously monitored for potential
compromise. Antivirus protection provides the
minimum level of protection, but for more
protection organizations often deploy endpoint
detection and response (EDR) tools or extended
detection and response (XDR) tools that provide
more proactive detection.

16
4. Device Security
Admin devices should be further constrained by the
use of IP and MAC address
constriction, whitelisting, or network access
control (NAC). These measures limit the number of
devices allowed to access sensitive areas to prevent
stolen credentials from being as useful to a hacker.

17
5. Application And API Security
Applications and APIs connecting to the database or
other IT resources must be secured. DevOps should
begin by applying vulnerability scanning tools to
internally developed websites and applications.
Larger organizations will deploy application security
tools and API security tools to further protect and
monitor systems.

18
6. Regularly Update Your Operating System And
Patches
The best security tools and strategies will be
undermined by poor maintenance. All systems,
applications, tools, and firmware should be monitored
for newly released patches or disclosed vulnerabilities.

19
6. Regularly Update Your Operating System And
Patches
Critical systems, such as those connecting to database
systems, should be prioritized for regular patch
management and vulnerability management. Software
supply chain components, such as open source
libraries, should also be tracked and addressed for
vulnerabilities and updates.

20
Thank You

gu.edu.eg