Recently, some customers reported that the self-built MongoDB database was blackmailed by hackers and were required to pay 0.005 bitcoin. Hackers’ attacks are mainly reflected in tampering, deleting and stealing databases, which have a serious impact on the core data assets and business development of enterprises.
Seeing this, you can’t help but ask, why does the database suffer from Bitcoin extortion? Database security in what aspects exist hidden dangers?
In fact, the reasons are manifold, but generally speaking, the safety work did not achieve a. On the one hand, the attacked are often weak in security awareness and do not take necessary security precautions. For example, the password setting is too simple and they are basically in the state of running naked. On the other hand, the product itself has unclear authority, weak protection system and other defects, hackers take advantage of the vulnerability of the product, through SQL injection, Trojan attacks and other forms of damage.
Although the current bitcoin extortion database cases, are negligent security awareness to hackers can take advantage of the opportunity, but one after another success, also from another side of the database security education is heavy and far. So, in the light of hacker blackmail, what kind of protection measures should we take to the database?
Common preventive measures are as follows: 1. Update system and service patches in time. 2. Disable unnecessary services and ports. 3. Set strong passwords for system and service accounts and use policies to limit the number of incorrect accounts. 4. Use vlans to divide different network segments for different services. The server uses its own firewall to enable network access restriction to prevent viruses from spreading on the internal network. 5. Strictly regulate onsite server operations to prevent viruses from entering servers through mobile storage media.
Huawei cloud database provides multiple protection measures to ensure high data security
Security service is no small matter, huawei cloud database always attaches great importance to the database security, and developed a full range of security solutions, provides perfect safety control mechanism and audit tracking, high availability disaster long-distance environment, regular backup recovery and recycle bin function such as ability, comprehensive security data safe and reliable, to eliminate the risk of data loss.
- Establish a complete security management and control mechanism: DAS enterprise edition separation of rights solves the problem of DBA authority concentration, provides minimum authorization according to different business requirements, and restricts the server IP addresses of visiting databases through the whitelist mechanism. For high-risk operations, strict three-level permission approval control is required.
- Ensure audit compliance data security: conduct strict audit and monitoring of database behavior, and send audit reports to the responsible person regularly. Use DBSS to protect the database from abnormal behavior attacks. Set desensitization rules for different user roles to desensitize queries.
- Setting up a high availability and remote Dr Environment: Compared with self-built databases, huawei cloud databases enable you to quickly have a secure management and control system, high availability, and cross-region Dr Capability.
- Perform regular backup and recovery drills: Perform full and incremental backup and archive of the database every day. Perform restoration drills periodically to verify the validity of the backup and restoration process.
- Save the last straw: Huawei cloud database service provides a recycle bin function within 7 days to retrieve deleted instances in time.
The security of the database not only depends on the protection ability provided by the cloud service provider, but also requires enterprise personnel to establish a good security awareness, provide double protection from both products and personnel, and cover the database with “golden bell jar”, so as to easily resist hackers, viruses and other network attacks. Huawei cloud database will continue to provide more reliable, high security database services, all-round escort for enterprise database security!