Database Security Assessment

Database security is a specialised area within the wider realm of information security. It deals with the use of a broad range of information security controls in order to protect the database systems, including the data, the database applications, the database servers, and the associated network links against compromises of their confidentiality and integrity.

While many organisations appreciate the importance of information security, most of them do not have adequate measures in place in relation to database security. This can expose them to various types of risks.

Database Security Risks

The following can pose a risk to the security of database systems:

• Issues emanating from inactive accounts, shared account credentials, use of easy to guess passwords, inconsistent processes, default database settings, inadequate access permissions, unused and unmaintained logs.
• Abuse by authorised database users, such as database administrators, network/systems managers, or unauthorised users, such as hackers.
• Malware infections causing incidents of data breach or denial and the unanticipated failure of database services.
• Design flaws and programming bugs in databases and the associated programs and systems, creating various security vulnerabilities, such as unauthorised privilege escalation, data loss or corruption, and performance degradation.
• Data corruption or loss caused by the entry of invalid data or commands, mistakes in database or system administration processes, including sabotage or criminal damage.

Our Database Vulnerability Assessment Method

Besides periodic security reviews, it is imperative to assess database security during database upgrades and migration to new platforms.

Our database vulnerability assessment method includes sequential steps starting with preliminary interviews to analyse security requirements. It further consists of database artefact collection for detailed assessment, reporting essential assessment findings and discussing ways to strengthen security.

Preliminary interviews are conducted to understand current issues, the current setup and settings, security policies, operational methods, and future updates.

After the interviews are completed, database artefacts, including network structure and settings, operating system settings, log configuration, database accounts, and database settings are collected for a detailed assessment.

The initial assessment report includes primary database assessment metrics, current issues and proposed improvements. These will help in addressing the findings of the assessment considering data attributes, system attributes, and current issues.

Finally, a proposal gets submitted for recommending measures to address database security vulnerabilities.

We support the following databases: Oracle, Microsoft SQL Server, MySQL, PostgreSQL.