Database Security

Database Security

To sustain a successful viable business, Databases are at the heart of any organizations.

As a result, maintaining a secure database environment has become integral to maintaining productive technology environments.

Caresoft Security Practice can assist your organization in this area with its industry leading database security assessment capability. Our well documented methodologies can provide the level of coverage and assurance that today's security conscious organizations are striving to achieve.

Depending on your specific needs, our database assessments can comprise any combination of:
  • Assessment of Servers
  • Assessment of Codes
  • Requirements Validation
  • Assessment of Configuration
Assessment of Servers: A Relational database management system (RDBMS) is only as secure as its underlying host system. This type of test seeks to ascertain the security posture of the database server operating system and supporting applications.

Assessment of Codes: A secure server and RDBMS configuration provides the platform for the implementation of custom code. This type of test seeks to review any database code, typically SQ, for security weaknesses that may expose the database to attack.

Requirements Validation: Once the technical implementation of the database has been secured, it is important to ensure that all security requirements have been met. This type of test seeks to verify that all compliance, business, and process rules have been and will be followed appropriately.

Assessment of Configuration: Having secured the host system, the configuration of the RDBMS is the next line of defense against attacks. This type of test seeks to verify the security of database specific configuration & access control and ensure the lowest possible exposure to any application attacks.

Traditionally databases have been protected from external connections by firewalls or routers on the network perimeter with the database environment existing on the internal network opposed to being located within a demilitarized zone. Additional network security devices that detect and alert on malicious database protocol traffic include network intrusion detection systems along with host-based intrusion detection systems. As networks have become more open Databases provide many layers and types of information security, typically specified in the data dictionary, including:
  • Access control
  • Auditing
  • Authentication
  • Encryption
  • Integrity controls
Caresoft pragmatic approach to Database security begins with the process of in-depth Assessment, and then based on the analysis we can suggest and provide help in creation and publishing of appropriate security standards for the database environment. The standards may include specific controls for the various relevant database platforms; a set of best practices that cross over the platforms; and linkages of the standards to higher level polices and governmental regulations.