Last night we spent a decent amount of time discussing the database level of a database server as well as the operating system level of a database server. Why do you think we spent so much time discussing this? What are two main levels of security that affect a database server (hint: there are tables within the db itself, but these tables all boil down to files in a folder in windows) How do we ensure both levels are secured?
Reader Interactions
Comments
Leave a Reply
You must be logged in to post a comment.
Shuyue Ding says
In order to security organizations’ data, IT auditors need to secure data from database level of a database server (application: MySQL) as well as the operating system level of a database server. In database server level, IT auditors ensure to create users with a strong password under a strong password policy and remove users when they quit their jobs. In the operating system, users can delete/edit tables/folders under MYSQL folder under the hidden folder called programData. Even the folder is hidden, it does not mean it safe. IT Auditors need to create two main groups of users which are users and administrators. For regular users, remove the authorization of programData folder and give them password access to the database server in order to operate work. IT auditors should give people access to perform their work, but secure data by applications, operating system, and individual basis because every level needs its own security.
Haixin Sun says
Good sharing
Sarah Puffen says
Databases are important to companies because they typically contain valuable information that generates revenue. These databases contain sensitive material that needs protection from unauthorized or falsified users, so extensive precautions should be taken for security. A system’s administrator should ensure that that database is secure with certain authorization and authentication requirements, on top of select user access (general users v. administrators) to certain parts of the database itself. On an OS level, we need to ensure that the computer is secure with proper preventative applications, such as a firewall or maybe SSH key. It is important to note that many databases collect and store information via the internet- one example being online purchases. While this information isn’t an SSN, the database will still hold a credit card number, address, and purchaser name, which can easily be used for identity theft or to make fraudulent purchases if the database is breached. Our discussion stressed the importance of having multilayer security when dealing with databases, security for the OS itself, and security for the database.
Yuqing Tang says
The companies need to protect the information from both operating system and database server. The operating system should definitely be protected because it manages the computer’s memory, processes and all the software and hardware run on the computer. Therefore, the companies need to secure the operating system considering it’s the basis of running a smooth business. Last week, we got touched on one of the database servers, MySQL. The database server provides data service for client applications and has various functions. The database servers have database management function include system configuration and management, data access and update management, data integrity management and data security management. In addition, the database servers also have database maintenance functions, including data import/export management, database structure maintenance, data recovery function and performance monitoring. IT auditors need to check the security from both users and administrator perspective. For users, it’s critical to appropriately limit the users’ authorization to access different levels of database, and this is also the administrators’ jobs to assign the group.
Jason M Mays says
Databases are essentially the safes of the information age. They contain gold in the form of stored information to be analyzed. Security and proper function of databases are one of the highest priorities of maintaining the integrity that exists. The two levels of DB’s could be looked at as
Security in the database: security can be provided by encrypting PII and sensitive info in the table down to the column. Maintaining access management and providing administrative access to a select few individuals and monitor changes in write one logs. Secure coding practices should also be observed to mitigate SQL injection attacks.
Security at the server: The database is not magically isolated. The physical server and OS should be hardened as well to protect the database. network access should be limited and preventative measures should be taken. Data in motion should be encrypted. Passwords and keys should be rotated often.