In today’s world, the risks associated with adequate data security is a growing concern. Data leaks pose major security concerns and can have devastating implications. No longer is it a matter of which user accounts have access to the database. Careful consideration must be given to aspects such as physical & network security; server configuration; database backups and password usage to name a few.
2. 59%The percentage of employees
who steal proprietary corporate
data when they quit or are fired
3. In today’s world, the risks associated with inadequate data security
is a business critical concern.
4. Data leaks pose major security concerns and can have devastating
implications.
5. Based on our extensive experience in the Real Estate industry we
have compiled a list of 7 things you should be thinking of to ensure
your data security.
7. Physical breaches can take on such as
unauthorised individuals gaining access to the physical sever itself;
into the office network;
or individuals using an unattended employee workstation to access
the
various forms
individuals connecting their own devices
company network.
9. how your database server reside
topology. Is it directly accessible publically; is it isolated from
external facing application servers; are communications to/from
itself and is a firewall being used to
restrict communications.
within the network
using SSL for data exchange
Understand
12. . Is the SQL instance
discoverable on the network; are the SQL services using a
; are unnecessary services disabled; is the
SQL administrator account (sa) disabled and which authentication
methods are used, Windows,
Know your server configuration
non-standard port
SQL or both.
14. can severely compromise your data. Ensure
password complexity is configured; be sure to enforce the use of
and within applications,
passwords instead of storing them in plain text.
Weak passwords
password complexity encrypt
17. can bring systems to their knees. Ensure
absolute minimum privileges are granted to application accounts;
restrict inter-application access when sharing a database server;
and where possible, parameterize
application input values.
SQL injection attacks
encrypt sensitive data
19. Database backup security is often overlooked, but vital.
are adequately secured; use
encryption when performing backups and be sure to restrict access
local/remote backup locations
Ensure
to certificates/keys used by encryption processes.
21. , if left unresolved can be exploited. Stay
current, ensuring critical operating system updates are applied regularly;
ensure database server software is regularly updated independently and
where feasible
Known vulnerabilities
enable automatic updates.
22. Securing your data requires one to think beyond just the immediate
scope of the database server in order to ensure data security
continuity.
23. The management of data security is a process requiring continual
review. After all, can you afford not to ensure the safety of your
data?
24. WE DELIVER CUSTOM SOFTWARE SOLUTIONS AND SERVICES TO OWNERS AND
OPERATORS OF REAL ESTATE
WWW.OPENBOXSOFTWARE.COM
Click here to discuss your requirements in more details
Reference
Cherry, Denny. (2012) Securing SQL Server: Protecting
your Database from Attackers, 2nd edition
By Craig Rynhoud