Is Your Database Security Weak?
|
Many businesses who self-host their data or who outsource to an unknown resource (such as that which comes with some lower-cost hosting plans) are often using only the built-in security that their server or services provide. This is usually the lowest common denominator in security options, leaving the company open to hackers and data thieves.
Testing by hacking professionals - those who get paid to attempt to break into systems in order to find their weaknesses so that developers can shore them up - has shown that the standard MD5 encryption many databases use as a built-in security feature can be cracked very quickly. In fact, even with a 7-character password made up of lower alphabet and numbers, the account can be cracked in only seven seconds.
Seven short seconds between everything being just fine and suddenly finding that all of your data is in the hands of an unknown thief. Most security systems, if they detected the breach, would have only just started sending alerts at that point. Let alone have anyone responding to them. Many companies don't know what to do even if they do receive the alert in time, wasting precious minutes and hours trying to figure out who should be doing what or who they need to call.
The testing done on MD5 found that even the average home computer can crack this encryption in under two hours. Using a more sophisticated, more technologically advanced encryption like SHA256 boosts that time to nearly 13 hours. Salting (adding random bits to the encryption keys) can make this much, much longer - moving it into several days or more.
Many small businesses do not have in-house IT that can install and implement heavier encryption methods like SHA256. Those who are outsourcing are often doing so to companies that are unable to use it, are not competent enough to be able to implement it, or do not offer it as part of their services at all. This is especially true when the outsourcing is bundled with hosting plans from a non-domestic hosting farm.
Whatever the company's source for database management and security, the company's internal management and officers need to take an active role in their database security. Many companies, even when they choose a reputable and expert outsource partner, then take a hands-off approach to their DBA and often just assume that everything is fine.
If the DBA outsource provider isn't aware that the company needs strong protection, then that protection may never get implemented.
They key is not in knowing what the options are, but knowing that you should ask about them. If your database and its security are important to you, take an active role in it - whether it's handled in-house or outsourced. Doing so will not only keep you appraised of your situation, but may enlighten you as to how expert your outsource choice really is.
It's your data and your reputation on the line, after all.
|
|
Author Resource:-
[About] The DBA Shoppe specializes in remote DBA services for clients with Oracle, DB2 and SQL Server databases. Providing certified Database Administrators for your day to day requirements, the DBA Shoppe saves you time and money. How healthy are your databases? Discover today at http://www.TheDBAShoppe.com
|
By :
Jacomus Beresford
Submitted
2011-11-25 07:02:29 |
Article From Article Mayhem
 Ezine ready view |
|
|
|
Related Articles
|
|
|
![[Valid RSS feed]](http://www.articlemayhem.com/images/icon_Rss.png "XML Feed For RSS"){kind=icon}
Category Rss Feed![[Valid RSS feed]](http://www.articlemayhem.com/images/rss.jpg "XML Feed For RSS")