While illness sometimes occurs because someone is blatantly flagrant with the rules, it is usually a lack of awareness. Sometimes it is because one simply is unaware of the potential dangers, and sometimes it is because they simply don't care. Other times, despite doing what one would think would be sufficient to maintain health, something out of the blue happens that makes a mess of things. So let us consider this from a digital perspective and look at something widespread today: database exposure.
Now databases, by their nature, are a place where people store and access data. Because of that nature, they have to be hardened so that only authorized users can access the data. At a minimum, almost any database must be accessible by the internal network organization. However, we have become more global, and the growth of technology facilities better remote access by internal and external users such as customers. Securing databases becomes increasingly critical to prevent unauthorized access and data manipulation.
So what are some of the common ways you can inadvertently expose and leak data? Truth be told, there are many ways, and more are discovered and created every day. It may be challenging to try to stay ahead of the curve. But, some methods that are well known and low-hanging fruit to be addressed to help minimize the risks of exposure. Let us look at some examples:
- Catch errors of database connectivity. Mistakes are widespread and unavoidable, and thousands of examples are visible every day on the internet. When connecting a database to a network, it is essential to determine who needs to access it. If the only people needing access are internal, then it makes no sense to connect it to a network that also has remote access or is accessible from the internet in general.
- Cloud access should be disabled. Often tied with the previous point, unauthorized access is commonly caused by a cloud database that has access either by default or temporarily and is left in an accessible state by mistake.
- The database should not use a default configuration. I sincerely hope that, at a minimum, an access policy exists that requires the disabling of default settings (which are easily discoverable in product manuals). However, many databases discoverable online are still using default credentials and insecure default settings. Moreover, it is sometimes difficult to determine what systems use default credentials because administrators may set up more than one interface with default settings.
- Apply proper change control and impact studies. It is expected that reconfiguring a system and implementing a change can inadvertently expose something to the outside world. These need to be caught, and the changes need to be trackable. Change control measures and proper communication about the changes are the solutions.
- Properly set up and well-credentialed database systems still have vulnerabilities. Everyone in the organization may be following the best practices but are not aware that the system now has a known vulnerability. Proper security controls may no longer protect you when a vulnerability allows an attacker to bypass the protections you put in place. It is vital to stay updated on all the software you use and look for any problems.
Of course, this list could go on and on, but simply considering and addressing these five points may be enough to avoid the more common types of attacks bad actors love to launch. Many of these misconfigurations and vulnerability issues can be discovered by subscribing to Arctic EWS, which may be worth considering.
This blog series about digital pathogens includes five earlier entries that you may find interesting!