Home > Windows News > Four simple steps to a more secure database
Windows News:
EMAIL THIS LICENSING & REPRINTS

Four simple steps to a more secure database

By Eileen Kennedy, News Writer
26 Jun 2007 | SearchWinIT.com

News on enterprise Windows platforms and applications
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Although IT managers know they should do everything they can to maintain secure databases for their business and customers, experts say it's important to regularly review some simple but effective steps that sometimes get forgotten in the daily hubbub.

First, don't forget the patches. IT managers should keep current with the latest security patches for the network's operating system and databases, said Gerhard Eschelbeck, chief technological officer and senior vice president of engineering at Webroot Software Inc., a Boulder, Colo.-based developer of Internet security products.

More on database security:
Protecting your database: Who's looking at your sensitive data?

Database-related security policies to think about

Enhance your SQL Server security skills with five quick steps

Meet compliance with improved database security practices

"Unpatched security vulnerabilities are frequently used by attackers to compromise systems and databases," he said.

And weak or default passwords should be weeded out, as should unused login accounts, Eschelbeck said. "Unsecured login accounts or permissions lead to unauthorized access of your data," Eschelbeck said.

Limiting physical and network access to the database system is another crucial security step, according to Serdar Yegulalp, an author and editor of Windows Power Users Newsletter.

"Treat a database like any other computer asset that you want to protect. Don't just let anyone get to it," he said.

Database contact should be limited to machines that have to talk to it while ensuring standard protections are in place, he said.

Also, if a company uses a Web application to access its database -- with such scripts in Active Server Page, or ASP.NET technology -- and the scripts crash, it can potentially reveal its source code when it makes an error report, Yegulalp said.

In a case like that, limiting database access to the correct users is essential. If through proper security measures the database access is already limited to the right users, any script crashes will not reveal database connection information to the wrong users, Yegulalp said.

"I've seen this happen more than a few times -- the database connection name and password for all the world to see," he said, adding that he recommends rotating the password for the database connection regularly, which adds just one more layer of security to the process.

Finally, sensitive data, such as credit card or social security numbers, should be encrypted when they are stored in a database, not just when the data is in transit, Eschelbeck said.



Tags: Windows IT Problem ManagementVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google




Windows IT Solutions: SharePoint, Client Virtualization, Enterprise IT
HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersIT DownloadsBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 1999 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts