Databases Reference
In-Depth Information
So now that you are (hopefully) convinced that you need to invest in the
security of your database, let's turn to the topic. The topic has two main
parts: Chapters 1 through 10 show you how to implement various facets of
database security, and Chapters 11 through 13 can help you with database
auditing implementations. Each chapter is focused on a certain aspect of
the database. For example, Chapter 3 is focused on the database as a net-
worked server, Chapter 4 on database authentication, and Chapter 10 on
encryption within the database environment. The only exception is this
chapter—Chapter 1. In this chapter you will get started by taking care of
the basics—various best practices in terms of hardening your database,
applying patches, and so on. This is also the most boring chapter of the
topic, specifically because it includes long lists of things you should remem-
ber when starting off. Don't skip this chapter, because it has many useful
snippets of experience, but remember that the rest of the topic is much
more elaborate and much more annotated than this chapter.
1.1
Harden your database environment
Hardening is a process by which you make your database more secure and is
sometimes referred to as locking down the database. When you harden your
database environment, you remove vulnerabilities that result from lax con-
figuration options and can even compensate for vulnerabilities that are
caused by vendor bugs. Although you cannot remediate these bugs, you can
form an environment in which those bugs cannot be exploited.
Hardening is also called hack-proofing. The essence of the process
involves three main principles. The first involves locking down access to
important resources that can be misused—maliciously or by mistake. The
second involves disabling functions that are not required for your imple-
mentation, which can be misused by their very existence. The third princi-
ple is that of least privileges (i.e., giving every user, task, and process the
minimal set of privileges required to fulfill their role).
Hardening is a process that is relevant to any resource within IT, and
hardening scripts are available for every operating system, server, and so on.
In many ways you can view the entire book as a hardening guide; in each
chapter you will focus on one aspect of the relational database management
system (RDBMS), learn how it can be misused, and what you should do to
avoid these cases. The lists presented below do not go into that level of
detail and do not cover the many dimensions of database security that are
covered by Chapters 3 through 10. Instead, this section provides a starting
point after which the lessons learned in later chapters can be implemented.
Search WWH ::
Custom Search