Auditing Tools - Why do we need database security?

By: Asna Ishrat Nizam Click author's name for more of his/her articles

The common factor in today’s global economy where most of the business is done electronically via B2B [Business to Business] or via B2C [business to consumer] or other more traditional methods’ is electronic transfer and storage of data. This very electronic data is the organization main information assets. A compromise of this data could knock the business out or delay in the processing this data could lead to customer satisfaction issues and loss of market share.

No matter how we look into this conundrum, it is utmost important from the viewpoint of the custodian of that electronic data to have it in a secure form that is readily accessible to the applications that are authorized to access and manipulate it.

In the interest of best practice as well as to keep this electronic data secure in the databases, here is a tool that adds value and highlights issues before they could be exploited. We are talking about Secure Audit. Rest of this paper will talk about the challenges in this area and how Secure Audit could be used to mitigate those.

Compliance with Regulation

In the United States, the Gramm-Leach-Bliley Act requires companies to notify consumers of their privacy policies and to provide opt-out provisions for consumers who do not want their personal information distributed beyond the company. In addition, the Gramm-Leach-Bliley Act protects nonpublic financial data. Data stored on a computer that has even a remote possibility of containing information such as social security numbers, credit card and financial account numbers, account balances, and investment portfolio information must be protected.

The use and disclosure of patient medical information originally was protected by a patchwork of U.S. state laws, leaving gaps in the protection of patients’ privacy and confidentiality. The United States Congress also recognized the need for national patient record privacy standards in 1996 when it enacted the Health Insurance Portability and Accountability Act of 1996, protecting all medical records and other individually identifiable health information used or disclosed by a covered entity in any form, whether electronically, on paper, or orally. In addition to the legal ramifications of a security breach, independent research firm, Computer Economics has substantiated that malicious attacks result in actual financial costs, decreases in revenue, and an incredible impact on productivity.

In the last several years, there has been a substantial growth in crimes. Now days more and more hacker are targeting enterprise applications and database servers. Most large organizations have already installed anti-virus software, firewalls and even intrusion detection systems (IDS) to protect their networks and host operating systems, but fail to give proper attention to enterprise database servers, on the assumption that they are protected by firewalls and other defenses at the network perimeter. Yet these databases are the major reason enterprises invest in IT in the first place, and the data they contain are often the enterprise’s most valuable assets. Indeed, an enterprise without database security is like a bank with locks on the doors and armed guards by every entrance, but no vault.

Why hackers attack database servers

If we look closely we will see why the hackers love to hack the database server.

• Most of the database servers are configures with default user names and passwords. Etc user Scott password Tiger or user system password manager.

• Most of the database servers are using default setting which was set by manufacturers. Etc by default public have privilege to execute.

• Database servers are not patched properly.

Article Source: ABC Article Directory

About The Author: Test database using Database Auditing tools,try Secure Ora Auditor it detects the vulnerabilities of your database according to their categories and risk types and then recommends the fixes for each security hole. Regulatory Compliance We offer Information Security Software Solution for System Auditing, Risk Management Tools, Vulnerability Scanners and much more.