|
|
| |
|
Here we have listed ten most common vulnerabilities which are found in database driven systems.
|
|
|
|
|
|
Tuesday, November 04, 2014:
Databases are the primary targets of cyber-criminals as most of the
valuable and sensitive data are kept on databases only. Hence, database
security is a necessity. There have been several incidents when users'
personal data have been compromised through database hacking. Security
measures for databases are taken for data protection and these measures
don't allow hackers get access to any document available on online
databases. Though several security measures are adopted in databases,
but still there are some failures which occur repetitively. These gaps
can be present at any development stage, during integration of
applications and updating the database system. Here we have listed ten
most common vulnerabilities which are found in database driven systems:
|
|
1. Failure in Deploying:
The biggest weakness lies
in a database is carelessness during the deploying process. Search
engine optimisation is valued for success of businesses and when
database is sorted, SEO can be successfully completed. A functionality
test is a must to make sure about the performance level but these tests
cannot make sure if the database is doing something which it's not
expected to do. Hence, before deploying the database, its advantages and
disadvantages should be thoroughly checked.
2. Broken databases:
If
there is any bug in the server database software then most of the
vulnerable computers are attacked as soon as the database is deployed.
These bugs exploit through buffer-overflow vulnerability and these bugs
demonstrate the difficulties in security patches and fixes. Due to lack
of time and resources, businesses are always not able to maintain
regular patches on their systems. That's the reason why databases are
left vulnerable.
3. Excessive permissions:
Most
of the databases have users who are configured with excessive
permissions. User accounts mostly have unnecessary default advantages
and excessive access to functionalities.
4. Leaked Data:
Network
security is mostly not in focus while deploying a database system.
Databases are usually thought to be in back office which is mostly kept
away from Internet access, and there is no encryption in data
communications in databases. But the networking interface of the
database should not be ignored. If the network traffic is accessed by
any cyber-attacker, then it's very easy to get access to user data.
Transport Layer Security should always be enabled. Network performance
is not very affected by Secure Sockets Layer but it makes very difficult
to collect any data from the database system.
5. Insider risks:
Databases
face two kinds of threats including external and internal. There are
some people inside an organisation who can steal information for
personal profits. This is one of the most common issues in large
organisations. In order to encounter this problem, data archives should
be encrypted so that insider risk is reduced.
6. Abuse of database features:
In
last few years, database exploits have been done mostly from misuse of
standard database feature. Hackers are able to gain access through
legitimate credentials which can be caused through simple flaws. These
flaws allow bypassing of the systems. Some unnecessary tools need to be
removed to stop or limit abuse of database features. The surface area,
which hackers usually study before attacking, should also be shrinked
for the purpose.
7. Weak passwords:
Users on
databases use weak and sometimes default passwords. If systems don't
enforce stronger passwords then databases can easily be compromised. If
there are weak passwords, it also proves that other systems inside the
network must have weak credentials. These passwords are easily assumed
and hacked and attackers get access to the database,
8. SQL Injections:
This
problem is a major one when it comes to protection of databases. SQL
injections attack applications and database administrators clean up all
the mess which are created by malware, inserted into the strings. Web
facing databases are best secured by enabled firewalls.
9. Sub-standard key management:
Key
management systems are aimed to keep keys safe but encryption keys are
commonly stored on company disk drives. These keys are sometimes
believed to be left on the disk which is caused by database failures and
if the keys are left in such locations, then databases are left
vulnerable to attacks.
10. Database irregularities:
The
most important thing is lack of consistency in databases, which is both
a administrative and database technology problem. System administrators
and database developers should maintain consistency in databases,
always stay aware of threats and make sure that vulnerabilities are
taken care of. Proper documentation and automation are needed to track
and make changes so that all information in enterprise databases are
secure.
|
|
0 comments:
Post a Comment