How to secure database server
From credit card details to health records, everything is stored in a database these days. For a hacker, a database is a gold mine. In fact, the purpose of a majority of cyber attacks is to get access to a database.
The security of a database server depends a lot on operating system hardening, network security and physical security. It’s a big list, but since we’ve already covered it in a previous post, today, we’ll take a more focused look at how to secure database server.
1. Enforce a strong password policy
Configure your database to REQUIRE a strong password while creating a user. Some servers like MSSQL has built-in password validation features, while others like MySQL requires you to install additional plugins (eg. validate_password plugin).
Enforce a password policy that sets a password length of 20+ characters, and blocks dictionary words.
2. Remove all default users and demo/test databases
Almost all database servers come with a few demo databases and users. These details are public information. So, anyone can login to your server using these details to collect database or user information.
Delete these users and databases as soon as you create your databases.
3. Change the name of the admin user
If attackers know the administrator username, they only need to guess the password. For many database servers, the administrator username is set by default. For eg. for MySQL it’s “root”.
Change the admin username for additional security.