Академический Документы
Профессиональный Документы
Культура Документы
Sponsored By:
E-Guide
Sponsored By:
Page 2 of 7
Sponsored By:
Page 3 of 7
One problem that is often overlooked when building a database application is data leakage. This is where sensitive data is transferred or made available unintentionally. The classic mistake is failing to secure and control access to database backup tapes. A less obvious leak is via data inference. Often more sensitive data can be inferred from answers to valid queries on the data, such as an illness from prescribed medication. A common solution is to monitor query patterns to detect such activity. Closely related to data leakage is the improper handling of errors when an error occurs at the database. Many applications display a detailed message. These error messages can reveal information about the structure of the database, which can in turn be used to stage attacks. By all means, log the error for your own records, but make sure your application doesn't return any specific details about the error to users or to attackers. To fully secure your database, split the task into the following four areas in order to ensure a comprehensive check: Server security Application security Database connections Database and table access control A database server needs to be hardened in the same way as any other server to ensure that malicious hackers cannot attack the database via vulnerabilities in the operating system. Preferably, the database should sit behind its own application-layer firewall. To help with the process of securing database connections and defining access controls, create a data flow diagram that tracks how data flows through the application. Next, identify the places where data enters or exits another application and review the trust levels assigned to these entry and exit points. Also define the minimum privileges any external user or process requires to access the system. Configuring and building your database application with security as a key driver will ensure your data stays secure.
Sponsored By:
Page 4 of 7
Sponsored By:
Page 5 of 7
approach administrators for permission changes limits the likelihood of unnecessary change requests. Apply the principle of least privilege. In our last tip, we discussed the importance of only granting users the minimum set of permissions necessary to complete their jobs. This is also true for the administrative accounts used to execute application code. Ensure that these accounts have only the specific permissions they need to execute authorized functions. These basic tips will help you get started down the road toward ensuring the security of your database. Encourage the developers in your organization to review these principles and think "Security First!" when writing code.
Sponsored By:
Page 6 of 7
AR report: The Forrester Wave: Database Auditing and Real-Time Protection, Q2 2011 IBM InfoSphere Guardium Data Sheet Gartner Report: Ten Database Activities Enterprises Need to Monitor
About IBM
At IBM, we strive to lead in the creation, development and manufacture of the industry's most advanced information technologies, including computer systems, software, networking systems, storage devices and microelectronics. We translate these advanced technologies into value for our customers through our professional solutions and services businesses worldwide.
Sponsored By:
Page 7 of 7