Database security is one of the most valuable and safest places in the system. According to the researches, it is seen that the importance given to the security of databases in the world is low. When database security is not provided properly, it jeopardizes financial data, customer information, health records, intellectual property treasures, and more.
When we look at recent database vulnerabilities;
In November 2016, 2 vulnerabilities occurred that affected MySQL, causing them to run code or root privileges on the server. At the beginning of 2017, MongoDB asked for money in the database because of configuration errors or deficiencies.
According to the surveys, data leaks caused by database weaknesses increased more than one hundred percent in 2012-2016.
In 2016, MySQL ranked first with 32%, while Microsoft had 26% and Oracle ranked third with 14%.
It is one of the key steps for organizations to close the weaknesses that affect the databases as soon as possible.
If we look at a few steps that can be made without the databases being attacked;
- Get instant backups of database systems without a fully updated vulnerability.
- Sort the patches of weaknesses according to CVSS scores.
- Pay attention to the vulnerabilities of the code that will exploit the weakness.
- Prioritize vulnerabilities that can run code on the system and that can be upgraded on the system.
Database Configuration Errors
The other biggest enemies of the databases are incorrect configurations. Due to carelessness or ignorance, databases may be attacked.
- Generating common users and authorizing more than necessary
- Keeping header information and error messages open to cause information to be collected on the system
- Disable security protection the most common configuration errors.
A few security measures that can be taken on MySQL;
- Create discrete and as little authorized accounts as possible.
- Disable the interactive input.
- Only give full access to database administrators and make sure that unnecessary permissions are removed from other users.
- Activate the logging mechanism.
- Ensure that the traffic between the Client and Server is encrypted with TLS.
- To avoid brute force attacks, set up your password policies with strict rules, enable mechanisms such as password protection, and block connections to clients from outdated authentication systems.
- Make sure that passwords are created for all accounts.
- Make sure that users are only connected via the system they specify.
- Don’t let anonymous accounts exist.