5 tips for keeping your database secure 0 259

Secure database

5 tips for keeping your database secure

Of all East African countries, Kenya has the highest recorded monetary loss from cyber crime totaling $171 million last year. When it comes to database protection, there are steps and procedures that can be taken internally to minimize the risk of cyber crime. Over and above strong passwords, backing up data and using security applications, there are a number of additional precautions that can be taken.

Here are 5 key tips for keeping databases secure

  1. Control access to the database

Give access only to those who really need it and then limit their permissions and privileges.

THE MORE YOU LIMIT PERMISSIONS AND PRIVILEGES, THE BETTER

In addition to basic system permissions, you should also consider:

  • Limiting access to sensitive data for both users and procedures—in other words, only authorizing certain users and procedures to make queries relating to sensitive information.
  • Limiting the use of key procedures to specific users only.
  • Whenever possible, avoid simultaneous use and access outside normal or office hours.

It is also recommended to disable all services and procedures that are not in use, in order to prevent them from being attacked. In addition, whenever possible, the database should be located on a server that is not directly accessible from the internet, to avoid information being exposed to remote attackers.

  1. Identify sensitive and critical data

The first step, before considering protection techniques and tools, is to analyze and identify what important information must be protected. To do so, it is important to understand the logic and architecture of the database, to make it easier to determine where and how sensitive data will be stored.

Not all of the data we store is critical or needs protection, so it makes no sense to spend time and resources on this type of information.

We also recommend keeping an inventory of the company databases, being sure to take all departments into account. The only way to effectively administrate and avoid losing information is to know about all of the company’s instances and databases and keep a record of them.

What’s more, an inventory is particularly useful when doing an information backup, to avoid leaving critical data out of the scheme.

  1. Encrypt information

Once the sensitive and confidential data have been identified, it is good practice to use robust algorithms to encrypt that data.

When an attacker exploits a vulnerability and gains access to a server or system, the first thing they will try to steal is the databases. These are a valuable treasure, as they usually contain many gigabytes of valuable information; the best way to protect a database is to make it illegible to any person who accesses it without authorization.

  1. Anonymize non-productive databases

Many companies invest time and resources in protecting their productive databases, but when developing a project or creating a test environment, they simply make a copy of the original database and start to use it in environments that are much less tightly controlled, thus exposing all the sensitive information.

Masking, or anonymization, is a process through which a similar version is created, maintaining the same structure as the original but modifying the sensitive data so that it remains protected. With this technique, values are changed while maintaining the format.

The data can be changed in different ways: mixing it together, encrypting it, mixing up the characters or substituting words. The specific method used and the rules and formats that need to be respected will be up to the administrator, but whatever method is used, it must ensure that the process is irreversible; that is, no amount of reverse engineering will enable anyone to obtain the original data again.

This technique is especially used – and recommended – for databases that are part of a testing and development environment, because it allows you to preserve the logical structure of the data while ensuring that sensitive client information is not available outside the production environment.

  1. Monitor your database activity

Being aware of auditing and recording actions and data movement means that you know what information has been handled, when and how, and by whom. Having a complete history of transactions allows you to understand data access and modification patterns and thus avoid information leaks, control fraudulent changes and detect suspicious activity in real time.

Remember to follow these tips and be very careful when managing and protecting your databases. The information they hold is very valuable to the company and a very attractive prize for attackers, so it definitely deserves your full attention.

Previous ArticleNext Article

Meltdown and Spectre 0 136

 Microsoft released Security Advisory 18002 on Wednesday, January 3, 2018 to mitigate a major vulnerability to Windows in modern CPU architectures. ESET released Antivirus and Antispyware module 1533.3 the same day to all customers to ensure that use of our products would not affect compatibility with Microsoft’s patch.

The first few days of 2018 have been filled with anxious discussions concerning a widespread and wide-ranging vulnerability in the architecture of processors based on Intel’s Core architecture used in PCs for many years, as well as processors from AMD, and even affecting ARM processors commonly used in tablets and smartphones.

The good news is that ESET can help protect against the types of malware that could take advantage of these vulnerabilities.

And, ESET was one of the very first security vendors to allow the Microsoft patch against the flaw to be enabled.

While ESET protects against potential malware infection, you should also take these steps to secure your computers and data:

  • Make sure your browser is up to date. For Chrome or Firefox users:
    • Mozilla has released information describing their response, including how Firefox 57 will address these security flaws.
    • Google has stated, “Chrome 64, due to be released January 23, will contain mitigations to protect against exploitation.” In the meantime, you can enable “Site Isolation” found in current stable versions of Chrome to provide better protection.
  • Make sure you update your ESET software, then update your Windows OS to protect against this exploit. To update ESET:
  • Customers should review ESET’s Knowledgebase article for important updates.
  • See this great collection of tips, articles and recommendations from the Google Project Zero team.
  • If you have a cloud-based server or have a website hosted by hosting provider, check to see what mitigations they have implemented already to prevent Meltdown.

Security trends to look out for in 2018 0 247

After a turbulent 2017 with Cyber Security making regular headlines, looking ahead to the coming year, there will no doubt be further discussions about the threat landscape.

Ransomware Revolution  – Ransomware of Things

Technological advances and their accelerated use have led to a number of scenarios considered unlikely just few years prior, are now within the realm of possibility. The advice going into 2018 from ESET researchers is to back up everything that matters to you, often, by keeping at least some backups offline – to media that aren’t routinely exposed to corruption by ransomware and other malware – in a physically secure location. As the Internet of Unnecessarily Networked Things becomes less avoidable, the attack surface increases, with networked devices and sensors embedded into unexpected items and contexts: from routers to fridges to smart meters, from TVs to toys, from power stations to petrol stations and pacemakers. As everything gets ‘smarter’, the number of services that might be disrupted by malware becomes greater.

Criminals following the money

With data being the most valuable asset, ransomware is set to remain in great demand among cybercriminals. It is important to note that many ransomware attacks are not sophisticated enough or never intended to recover the victim’s data once the ransom has been paid. For these reasons we suggest not only backing up of data online and offline but also implementing proper security measures such as proactively training staff on what phishing emails entail and how to avoid clicking on them and entering any credentials.

Critical infrastructure attacks on the rise

Cyber attacks on the Ukrainian power companies resulted in electricity service being turned off in hundreds of thousands of homes. The implications of this for future attacks of this kind include more than just the power grid but also includes critical manufacturing and food production, water and transport and the defence and healthcare sectors.

Safer for all

This year has seen ESET’s malware analysts continue to help law enforcement crack down on malicious campaigns and, by extension, the criminals spewing them. We are confident that 2018 will bring further successful investigations as we will continue to lend a hand to authorities so that, ultimately, the internet can become a safer place for everyone – except cybercriminals.

Download the full Security Trends 2018 report here