10 ways to secure your databases

10 ways to secure your databases

Henry Dalziel | General Hacking Posts, Information Security Conferences | November 2, 2012

Hackers, ethical hackers, call them what you want – we prefer Information Security Professional, united this past weekend to help create technology that will aid in storm recovery.

Hackivism, long been tainted by a negative brush, came out good this weekend. Post Superstorm Sandy devastation a “Sandy CrisisCamp” took place in Boston, cities on the West Coast, and even New Zealand.

This is not the first time that this has happened. By definition, a “CrisisCamp” is a gathering of IT professionals, software developers, and computer programmers that all collaborate to help with relief efforts of a major crisis such as those caused by earthquakes, floods, tsunami or hurricanes. These projects typically include setting up social networks for people to locate missing friends and relatives, posting maps of affected areas online and also in and creating inventories of needed items such as food, water and clothing. So, all in all, an excellent initiative – and one particularly needed in light of the devastation that Sandy caused to the North-East USA.

Among some of the projects CrisisCampers will be working on post-Sandy are crowdsourcing tools to allow for images to be organized thus allowing FEMA to prioritize its efforts, and a simple Google doc that attempts to keep track of all the sources of Sandy recovery data in a single place.

The November 3-4th weekend CrisisCamps was free and open to the public. Volunteers are encouraged to attend in person, and those who can’t show up but are involved in other ways are also invited to get in the e-mail bulletin to coordinate with the hacking efforts.

The camps are related to a group called Hurricane Hackers which was started a while back at MIT’s Media Lab that has been helping to coordinate community aid efforts via Twitter.As we already posted, we were at Hacker Halted in Miami which was from October 25th – 31st 2012. One of the presentations we particularly thought was good was Josh Shaul’s “Hacking The Big Four Databases.”

Josh’s presentation identifed essential steps IT managers can take to securely configure, maintain databases, and defend against malicious breaches entirely.

Here are his suggestions:

1. Inventory databases so as an IT manager you know what it is that you protecting
2. Tag critical systems to enable priorities
3. Change default passwords
4. Ensure strong password controls, force users to use a mix of characters
5. Enact and enforce patch management
6. Maintain and enforce configuration standards and test regularly
7. Document and enforce least privilege controls
8. Audit privilege access – monitor users
9. Monitor for attacks and audit the response for future reference
10. Encrypt sensitive data.

That’s it! Simple summary – hope it helps. If anyone reading this thinks that we could add to this list please drop a comment below! Thanks.

Leave a comment or reply below...thanks!