Since no database product comes configured securely out of the box it is necessary to harden databases to prevent attacks from exploiting known vulnerabilities. Sahaa Solutions uses specific database platform checklist to minimize organization’s risk exposure.  Following are the general guidelines used for DB hardening:

Procedure:

• Complete server hardening checklist. Ideally, run on latest supported version (or at least a supported version) of the Operating System.
• Use the latest generation of database server.
• Install the latest vendor-provided patches for the database. Be sure to include patches for database support software that isn’t directly bundled with the database.
• Remove default usernames and passwords
• Manually reviews installed stored procedures and delete those that aren’t going to be used. In many cases, most or all stored procedures can be deleted.
• Where possible, isolate sensitive databases to their own servers. Databases containing Personally Identifiable Information, or otherwise sensitive data should be protected from the Internet by a network firewall, and administrative/DBA access should be limited to as few individuals as possible.
• Ensure that application access to the database is limited to the minimal access necessary. For example, reporting applications that just require read-only access should be appropriately limited.
• Manually validate that logging of successful and failed authentication attempts is working.
• Use complex names for database users. Use especially complex passwords for these users.
• Use IPSec or SSL to protect access to databases from other network servers. IPSec is particularly easy to setup on Windows hosts using MSSQL, and both Oracle and MySQL provide SSL-based access methods.
• Create alternative administrative users for each DBA, rather than allowing multiple individual users to regularly use the default administrative account.