Database Security: Lessons to Ward off Cats

The year 2020 brought with it some unusual and extremely stressful situations — distance from loved ones, global supply chain shortages, attempts to explain the Tiger King to your friends — but it also acted as an important reminder.

That we should not forget the value of cybersecurity.

Beware of Cats

The notorious ‘meow' attacks wiped almost 4,000 unsecured databases, including those of Elasticsearch and MongoDB. Threat actors targeted unsecured databases and destroyed all of their data.

What we have learned from these and other attacks is that in order to stay vigilant and proactive (especially if you easily miss telltale ‘meow signatures’ on server files) you should consider these easy steps:

1. Start small by creating separate security credentials for each user when you need to grant administrative access to the database.

Avoid distributing connection strings. Instead, assign each user their own login and set up the role-based access control feature.

The latter allows you to restrict network access based on a person's role – whether it’s a database administrator or a BI tool. Those roles can be further customized to cater to the team needs, i.e. comically titled “Thingy Support Specialist.”

2. Safeguard and consolidate your noble endeavors by limiting connections to the database, i.e. whitelisting.

This security practice passes a limited number of client connections from IP addresses that respond to entries in your project’s IP whitelist.

Once you tick this box, go over to encrypting network traffic. The data doesn’t transport to your database with a magic wand. Typically, it goes through a network connection. That’s when encryption comes into play.

3. Make sure that you implement auditing.

At the heart of any good security, architecture is the ability to track user actions (similar to how you should manage your actual servers).

Auditing allows you to filter the output of a particular user, database, collection, or source location. This creates a log for auditing any security incidents.

4. Finally, do not stick with default settings! This is a recipe for disaster.

Essentially, open-source databases have the toolbox to keep your data protected. All you have to do is to find your way around built-in settings and you are good to keep hackers and sneaky cats at bay.

Important Disclaimer: No cats were harmed during the production of this newsletter. We love cats too and hope all they all are safe in this stressful time.

Click Here to Sponsor A Newsletter by Hacker Noon