It seems I
can't catch up with my news feeds. This morning I saw a recent post on Dark
Reading that caught my eye- Your First Three
Steps for database security. As these are supposed to be your first steps with database security, I
thought I’d relate the following stages to the capabilities inherent in DB
first stage -- locating the databases themselves.
second stage to securing your database environment is to enumerate the
data contained in the databases you found in the first stage.
third stage is to secure the database servers themselves and ensure they
comply with corporate configuration policies.
At SoftTree, we’re all about simplifying database security. DB
Audit Expert was designed with that objective in mind.
first stage -- locating the databases themselves
-- can be achieved through a couple of different methods. The easiest, but
often least accurate, method is to consult the documentation. If you're lucky there
will be an extensive, searchable repository containing all of he information
you require. For those lacking detailed documentation, DB Audit Expert provides
a Network Database Scanner
tool that can be used to discover hidden instances of database servers on
networked computers. The tool scans the network in the specified IP address
range or IP addresses list looking for database servers accepting network
connections on well-known or custom ports. It analyzes the received responses
and based on the contents of received data packets, it figures out type,
version, authentication mechanism and some other parameters of each found
database server instance. It is also capable of finding server management and
broadcasting services such as DB2 Administration Server, SQL Server Browsing
The second stage to
securing your database environment is to enumerate the data contained in the
databases you found in the first stage. Not all database servers will need the
same level of protection. Documentation, developers, and database
administrators (DBAs) aren't always capable of
providing an accurate representation of what's in your databases. For this
reason DB Audit Expert provides a PCI, PII and Banking Data Discovery tool to quickly find
and identify databases and database tables containing such confidential data
stored in database tables using pre-configured data pattern matching rules for
common PCI, PII and banking data formats or user-defined data patterns.
The third stage is to secure the database servers themselves and ensure they comply with
corporate configuration policies. Manually checking database server settings is
a monotonous, tedious task best-suited for automation. DB Audit provides a one-stop
multi-database solution for managing database logins, users, security settings
and permissions. It provides unified easy-to-use graphical interfaces for
managing database users across multiple server types and versions from one
central location. Using DB Audit's security management tools you can control
which users and user groups can access your database systems; which items and
activities in the database are available to which database users, application
and database user roles; identify inappropriate permissions and access levels; identity
effective security settings and data access paths; identify which user users
and user groups access files outside of the database using built-in database
file access and extended procedure.