Firstly the servers used for hosting should be reliable with latest security patches available. Most of the providers are quick to patch and prevent any recent penetration attacks on other servers. In case of web application, deploy the database on a different server with private IP and access to it should be limited with fewer individuals from local machines.
The passwords used should be strong and default udp/tcp ports should not be used to reduce predictability by bots when connecting to database. Setting of HTTPS server would help to provide an extra layer of security as any request data that passes to database would be in encrypted form. Monitoring tools can be used for logging every request on real time basis and this data can be studied to track any potential attemp to breach db. Database audits on regular intervals with options like penetration testing would help to find the loopholes beforehand.
Firewalls can be used apart from the firewalls on web requests for extra level of protection, make sure the firewalls are in updated state always. Encryption can play a major role to prevent data mishandling even if it can be accessed, end to end encryption will make sure that the data cannot be read or used. With GDPR implementation and other protocols to be followed, sensitive data anyways has to be in encrypted form when passed across servers. To bring up the systems after data breach is a major concern and to handle scenario like this make sure to have backups of database on regular intervals stored on different server. The server should not be accessed publicly.
Following these steps, data breach can be avoided to a large extent.
Why you not post more on this blog?
ReplyDelete