Answer:
Security is very crucial for any system. Vulnerability can be exposed on different levels which includes database breach, network level attacks and application level attacks. Different kinds of attacks can be carried out for different components. Attacks carried out on databases are different from other kinds of attacks.
Attacks on databases can be because of any of the following exposed vulnerability.
- Poor system design and weak architecture
- Incorrect configurations
- SQL injection attacks
- Weak Authentication
- Brute Force attacks on user credentials
- Improper privilege mechanisms
- Privilege abuse and excessive access.
- Poor design and flaws in programming
- Data loss and information corruption
Security of database systems should be designed by considering best database security design practices. Network security will ensures that all the networks level attacks are detected and mitigated which includes DDOS attacks, Syn flood attacks, Session Attacks, DOS attacks and web security will focus on detecting and protecting attacks on web applications and on application layer attacks. This includes XSS attacks, XML attacks DOS attacks, DDOS attacks, Slow DDOS attacks, JSON violations, Protocol violations etc. However, Security of database will be different than the rest of security and should be based on following best practices
- Physical and Network Access Security.
- Access control by managing the database access strictly.
- Encryption of Data
- Authentication
- Web Application Firewalls
- Controlling Database Integrations
- Manual and Scheduled Backups through secured channels.
- Auditing and Logging
- Reporting and Monitoring
Explanation:
<em>Physical and Network Access Security is essential </em>as the database will be hosted on many physical servers or cloud servers. If the databases are hosted on web or cloud servers and gaining access to such servers will eventually give out root user permissions.
Attackers can have control access of databases as root users if they succeed in getting into physical servers.Use of network firewalls and Intrusion detection and prevention systems will provide security against physical system access.
<em>Access control </em> will allow only specific users to access the database. User Based access control will give restricted or policy based privileges to different users. An user will be allowed to perform only certain actions in such cases which will avoid user-access abuse.
<em>
</em><em>Data encryption</em><em> </em>will make sure that eves dropper will not be able to read any data during transmission or during inter process calls. Authentication mechanisms will help to use strong cryptic authentications for users. Use of great encryption, key exchange and hashing algorithms will harden the security and will make databases robust.
<em>
Web Application firewalls</em> will provide a strong security against SQL injection attacks, database connection flood attacks, other web related attacks which will safeguard the databases at the cloud storage and also will block the attacker by flagging them.
<em>Best coding practices</em> and vulnerability scanning and assessment will secure all the database integrations. <em>Database integrations</em><em> </em>with other components needs to be carried out with utmost care by making sure to analyse all the impacted areas.
It is always a good practice to have <em>scheduled and manual backup of databases</em> which will be useful against data corruption because of erroneous user actions. This will ensure that data is safe and can be recovered during toxic situations. This will help to control the damage.
<em>
Auditing of logs</em> to verify all the actions performed on the database by different users is necessary as it will help to analyse any misbehavior or compromised user access. <em>Monitoring and reporting</em> will make sure that only the right user has the right access and also it will alert any attacks on the database system.
