Question

Write these considerations in the form of a database design security checklist that includes your top six to eight security implications for the database design. A security assessment checklist is a common practice in the industry and proves to a CIO or IT auditor that you are following best practices in securing a database. It also serves as a living document to assist you in your design process. For example, on the networking side of IT, Cisco provides this checklist: https://www.cisco.com/c/en/us/solutions/small-business/resource-center/secure-my-business/network-security-checklist.html for small and medium business to evaluate their network infrastructure. You will use the information from this website to assist you in creating your own checklist.

Answer 1

Following is the checklist for database security design :

1. PHYSICAL ACCESS CONTROL

• No one should be able to enter the facility without identity or authorisation.
• This is the first step in protecting the data and the staff against malicious intrusions and attacks.
• This makes observation, copying or stealing of data.
• Various security controls such as internal keys, keycodes, badge numbers or badges can be used.

2. SELF SECURITY

• Personal security is a critical factor of the total database security. The staff must be must be well aware of the security concerns and consideration security concerns and consideration.
• Proper selection, interviews comma observation and reference checking for background verification must be done before hiring the people for a database centre.
• Security is highly dependent on the personnel and bridges can happen when they become careless, or vengeful against the organisation.
• The staff must be given basic information security training to avoid online attacks and breaches on to their systems.

3. INSTALLATION AND CONFIGURATION SECURITY

• Always a custom installation should be carried out and no software that is not required must be installed installed. Any option which is not required is to be unchecked during the installation. If irregular installation is followed, the options not required must be removed later.

• The default user passwords must must be changed along with those for administrative users after installation. A very strong password management must be enforced.

• The practice of least privilege privilege least privilege should be followed along with enabling data dictionary protection.

• Unnecessary privileges must be revoked and permissions on runtime facilities must be restricted.
• Access control must be enforced effectively along with restricting operating system access and network access.

4. NETWORKING SECURITY

• Secure SSL communication and https must be used along with a Firewall. This must be consistent for both ends of every communication related to the database.
• The client encryption cypher suites must be supported by the server along with the key algorithm and its certificates in use.
• A certificate authentication for clients and servers must be set along with configuring the connections to use SSL.
• Privileges of background listeners must be reduced so that cannot read or write in the database. This can be done by protecting the listener with a password, preventing online administration and removing any and all external processor configuration.
• Listening to to, interfering with and creating Communications with the network must be restricted. Network access points must be protected against unauthorised access.
• Also encryption should be used to encrypt the data while transferring it over the internet along with use of firewalls.
• The firewall should be well maintained and there should not be any loopholes.
• The host operating system must be hardened by disabling all unnecessary operating system services. Also communication quotes for the disabled services must be closed.