Databases often serve as repositories of the most vital company data, but are often one of the least protected systems in IT environments. Here's a look at the top database vulnerabilities that IT shops tend to ignore, according to experts over at Application Security, Inc's Team SHATTER.
of
1. Default, Blank and Weak Username/PasswordsThe same organizations that wouldn't think of ever leaving their router log-ins at their factory settings very frequently allow hundreds of databases to stand with default username-password combos.
2. SQL InjectionsDBAs and developers must work in tandem to ensure that Web applications aren't putting the databases they're tied to at risk of being breached via attacks utilizing SQL injections, a favorite among hackers.
3. Extensive User and Group PrivilegeAllowing users to have unnecessary privileges or to share privileges among large groups is asking for trouble. Failing to keep a reign on privileges makes it difficult to track use and greatly increases insider risk.
4. Unnecessary Enabled DB FeatureOften times the most effective attacks are made possible because a DBA failed to turn off an unneeded package or a feature that was enabled by default. A great deal of database risk can be mitigated by only enabling the features an organization actually uses.
5. Broken Configuration Management5.Broken Configuration ManagementUnnecessary features are left on as a result of poor configuration and change management at the database level. Setting and enforcing database configuration policies will make it easier for an organization to prevent misconfigurations from putting important data at risk.
6. Buffer OverflowsAnother problem that needs attention from DBAs, security personnel and developers working as a cohesive team, buffer overflows are another very common attack technique used to break applications and gain access to data.
7. Privilege EscalationCertain vulnerabilities can be attacked using SQL injections and other attack techniques to escalate privilege and potentially take over the database server. Not only does this give access to data, but it makes it possible to leapfrog into other IT assets.
8. Denial of Service Attack DoSSQL injection attacks can also be leveraged to conduct database-specific DoS attacks-potentially wiping out important data and bringing mission critical systems to a grinding halt.
9. Unpatched DatabasesBecause database environments are extremely prolific, complex and the linchpin to mission-critical applications, many DBAs are loathe to patch them regularly. This is a very common mistake--and a costly one at that.
10. Unencrypted sensitive data – at rest and in motionSo many privacy and compliance issues can be solved if an organization endeavors to encrypt or mask data.
Intel Technology Provider Program
Intel Technology Provider Program (ITP) helps resellers better understand Intel products which power the technology they sell, and enables value-add services such as remote manageability or anti-theft tracking. Learn More
WindowsForDevices.com
WindowsForDevices.com is the comprehensive news site covering Windows embedded technologies. Visitors get news, technical white papers, opinion columns and extensive directories covering the products and companies in the marketplace. Click Here
10 Key Ingredients That Have Made Apple So Successful
10 Reasons RIM`s New CEO Won`t Fix the Company
Eight IT Jobs Skills That Win Six-Figure Salaries
Social Media Best Practices to Land that Dream Job
Channel Executives On The Move: 2012
Why SOPA Is Such A Big Issue
See All Slideshows
