Database Security: Lessons to Ward Off Cats

Written By Hang Ngo

The year 2020 brought with it some unusual and extremely stressful situations — distance from loved ones, global supply chain shortages, attempts to explain the Tiger King to your friends — but it also acted as an important reminder. That we should not forget the value of cybersecurity.

Beware of Cats
The notorious ‘meow’ attacks wiped almost 4,000 unsecured databases, including those of Elasticsearch and MongoDB. Threat actors targeted unsecured databases and destroyed all of their data.

What we have learned from these and other attacks is that in order to stay vigilant and proactive (especially if you easily miss telltale ‘meow signatures’ on server files) you should consider these easy steps:

  1. Start small by creating separate security credentials for each user when you need to grant administrative access to the database. Avoid distributing connection strings. Instead, assign each user their own login and set up the role-based access control feature.

    The latter allows you to restrict network access based on a person's role – whether it’s a database administrator or a BI tool. Those roles can be further customized to cater to the team needs, i.e. comically titled “Thingy Support Specialist.”

  2. Safeguard and consolidate your noble endeavors by limiting connections to the database, i.e. whitelisting. This security practice passes a limited number of client connections from IP addresses that respond to entries in your project’s IP whitelist.

    Once you tick this box, go over to encrypting network traffic. The data doesn’t transport to your database with a magic wand. Typically, it goes through a network connection. That’s when encryption comes into play.

  3. Make sure that you implement auditing. At the heart of any good security architecture is the ability to track user actions (similar to how you should manage your actual servers).

    Auditing allows you to filter the output of a particular user, database, collection, or source location. This creates a log for auditing any security incidents.

  4. Finally, do not stick with default settings! This is a recipe for disaster.

    Essentially, open-source databases have the toolbox to keep your data protected. All you have to do is to find your way around built-in settings and you are good to keep hackers and sneaky cats at bay.

Join us today to thank our newsletter sponsor, Couchbase. Couchbase offers an award-winning, distributed NoSQL cloud database. In a highly virtual world, big data is growing exponentially, so is our social presence on the Interweb. Let Couchbase help your business meet the demands of the modern world in a secure way.

Important Disclaimer: No cats were harmed during the production of this newsletter. We love cats too and hope all they all are safe in this stressful time.

***

"Join our writing contest and get a chance to win cool prizes".

***

Got a tech story to share with our readers? Everything you've ever wanted to know about how to get published on Hacker Noon - get it here.

Hang Ngo
Previous

$15M Lost Annually To Poor Data Quality
Next

Break The Invisibility Spell As A Developer