Database Security Tips
With the wide spread of the activity by hacktivist groups and nation-state attacks, data breaches incident once again hit the industry headlines.To ensure you are well prepare or have preventive initiative or system in place to protect you being one of them showcase in the media.
Below is the quick checklist how ready you are or you need to have initiative to work on as part of your overall database defense strategy, or for your database security audit, risk and compliance management.
- Devise a Database Security Plan (scan it with the latest database security scanner to know your overall security posture in term of database security risk, you can always contact E-SPIN consultant for the advisory on this).
- Fix Default, Blank, and Weak Passwords (based on the database security scan and audit result)
- Regularly Patch Databases (based on the database security audit recommendation and cross check with the database vendor, whether they have up to date patch available for the security patch or fix)
- Minimize Attack Surface (based on the database security audit and follow the recommendation to perform the recommended change or best practices)
- Review User Privileges (based on the database security audit based on the user right review to get the complete insight or detect abnormal user privileges – no all the generic or open source database security scanner can perform this, you need purpose built database scanner for the in depth user right review)
- Locate Sensitive Information (based on the purpose built database security scanner scan, it will auto discover which database contain sensitive information and need to take special care due to regulatory compliance – with the commercial market leading database security scanner E-SPIN represented, you can discover it on the fly)
- Encrypt Sensitive Data at Rest and In Motion (good commercial database security scanner can advice based on your scan result what should do or in place for encrypting data in motion and retain in the database or storage).
- Train and Enforce Corporate Best Practices (based on the database security scan result and recommendation to work out the standard operating procedure, best practices or attain database security training or subscribe for the E-SPIN tailor made database security training class or workshop to gain first hand experience how to perform database security best practice).
If you want to access to the full detailed topic over of the above information, please feel free to subscribe for our free newsletter and get access to the professional reading book: database security. The book is cater for database activity monitoring, database vulnerability assessment, auditing and scanning absolutely free for subscriber.