Check the Security of Database of Your Enterprise to protect Important Information Asset

In the database of an enterprise, there is much important data of the company, such as the product's price, order, and customers' data and so on. More completely data system an enterprise has, more important the information is. To protect precious information asset, MIS/IT managers should take the security of database seriously. However, in some companies, the program designers manage the data server and may not have related information of data security. Therefore, they may neglect the security of database. Here, we provide some security advices-some may be commonplaces-for MIS/IT managers. The most important is to take action.

Nine advices to assist MIS/IT managers to strengthen the security of databases
  • Use A Dedicate Database Server.
    Avoid installing Web Server and Database together in one computer because it makes hackers could get the authority easily. Then, they could get your data, and moreover they could stole and destroy the whole database system.
  • Do Not Put Database Server In DMZ.
    In the DMZ, most services the server provides are for the outside. If Web Server needs to get information and serve the exterior form Database, we advise that putting your Database in the Intranet of the Firewall. Through Firewall, only those Web Servers could connect to the Database to obtain or save the information.
  • Use Encryption While Transmitting Data
    When transmitting data through Web Server and Database, you could use encryption, such as Secure Sockets Layer (SSL) to protect information from Eavesdropping. The Database Systems (IBM, DB2, MSSQL, MySQL, Oracle and so on) could support the function of SSL.
  • Establish An Access Control List
    The purpose of access control lists is to control what servers could connect with database to access the information is just like disallow strangers to get information from your house easily.
  • Establish The System of Authentication
    Authentication is a basic function that uses logon mechanism to check the users' identities to avoid unauthorized users accessing database. Moreover, we suggest that start the logging function to record every action.
  • Set The Permission Right of The Database
    Different users have different authorities. For confidential information, it should provide to those who have authority to examine or revise. Besides, some databases offer stored procedures that could utilize the underlying operating system functions hence are more dangerous; therefore, the establishment of authority should be concerned or considered.
  • Update The Patch Program of The Database System
    As Windows systems, the programs of database have their shortages; therefore, you should patch and update the system regularly and precisely.
  • Change The Default Password
    Many database programs have default IDs and passwords, for examples, Oracle's "SYS and SYSTEM" and MSSQL's "sa". We suggest you to change the default password and use strict one.
  • Notice The Security of The Operating System
    " No matter what kinds of databases have to be set up on the operating system, it should be noticed not only the security of database itself but also is there any related patch program for the operating system. Moreover, in Windows operating system, we advise that adopt NTFS file system and establish the appropriate file permission.
How to use DragonSoft Secure Scanner (DSS) to evaluate the risk of vulnerability of enterprises' databases

DSS would inspect defects of your databases, fix connections and help to repair your secure vulnerabilities soon. Relate Links:
  1. First, start a new scan session, select security audit policy of "database" and input the ID addresses of scan targets.
  2. Second, click "start" button on tool bar to examine.
  3. Third, after examining, click "report" button on tool bar and produce a report.
  4. Fourth, through systemic audit report, you could proceed patching and improve the security of host of database in company.
About DragonSoft Security Associates, Inc.
DragonSoft Security Associates is a leading developer in Taiwan for network security software and an active contributor to network security education. Founded in 2002, DragonSoft offers vulnerability management olutions, including vulnerability assessment, System Security Management and intrusion prevention.