Database Security

Haris Sattar Ghurki

 Database
Systematic collection of data that
Social media CRM systems E-commerce
is set up for easy access,
websites websites
management and updating.
 Database
Threats 1 2 3

An object, person or other

Privilege Credential System
entity that represents a risk of
Threats Threats Threats
loss or corruption of sensitive
data to an asset.

.
 Separate Database

& Web Servers

Database Firewalls

Security Secure Privileges

The collective measures used

to protect and secure a Secure Passwords
database
Encrypt Data And
Backups

Audit And Monitor

 Firewalls
Cisco Umbrella pfSense Software Sophos XG
Firewall
• Denies access to traffic by
default.

• The only traffic allowed

through should come from
specific applications or web
servers. McAfee Firewall Fortinet Firewall Sonicwall Firewall
5
 Secure
Privileges
Least number of people possible
to have access to the database. Administrator
Object privileges
privileges
Administrators should have only
the bare minimum privileges they
need to do their job.
6
 Separate
Database &
Web Servers

Keeping the database on a

separate physical machine,
removed from the machines
running applications or web
servers.
 Secure
Passwords
• Secure computer systems store
users' passwords in an
encrypted format.
• Whenever a user logs in, the
password entered is encrypted
initially, then compared to the
stored encryption of the
password associated with the
user's login name.
 Encrypt Data &
Backups
• Method by which information is
converted into secret code that
hides the information's true
meaning.

• Should not store encrypted

backups alongside description
keys in plaintext. 
 Audit And Monitor
• Monitoring logins (and
attempted logins) to the
operating system and database.

• Create alerts to notify relevant

team members when potentially
malicious activity is identified.
ANY QUESTIONS?

THANK YOU!