Database security for MySQL – MySQL Database Firewall

1

Looking at breaches in information systems and Cyber Crime the focus of the perpetrators is always aimed at our data. The goal is to copy, modify or even destroy the core of our business.  Data protection serious business and you need to take serious measures to prevent unauthorized access.

Almost half of all organizations experience data breach in the past year. And a lot of these breaches originated from within the companies network. (the exact numbers vary a bit but the rough idea stays the same). This means that unauthorized people gain access to this data via the (mis)use of privileges or by gaining access through the account of someone with more privileges. It is an illusion to shield a database via one point of access and prevent breaches by guarding the “official” data connection string used by the “official” application. Over the life-cycle of the application new connections get added, external sources gain access to the database and even the financial controller connects to the system via a direct JDBC connection in his personal Excel spreadsheet ( I know from personal experience).

Protect your data via a solid solution

MySQL is the second most popular used database system.  These systems contain critical and vital information supporting the primary activities of an organization.  Let alone the privacy and compliance consequences when this data is breached. How can you ensure that your MySQL databases are protected against external attacks and misuse of information while achieving regulatory compliance?  You can write code to secure your connection and protect your data or have a very strict access protocol in place. These measures rely unfortunately on enforcing the rules passively. You have to be aware of them to use them. What we need is an implicit solid solution to protect our data. A system that is always available and shields the whole system from access. Oracle has developed a lot of best practices and techniques for shielding off your data against breaches and security threats. Similar options are now available for MySQL database. The most important is the database firewall.

Database Firewall

The most impressive feature of MySQL security is the Database Firewall. The firewall works with a fairly simple process. You record the queries on a certain database system for a certain time-frame and then add the queries to a white-list. After this period you lock the firewall and the system only allows these queries and rejects all others. This means that the spreadsheet Controllers are less a threat to data leakages. Since they only allow them to get the data they need and not the whole schema. (It is my personal opinion that connecting excel to a database via JDBC is fundamentally wrong).

Via the database firewall you limit the queries executed on the system to the legitimated list and avoid SQL injection. Technical background about the MySQL Database Firewall is available in this excellent blog by Tony Darnell.

MySQL Database firewallSource:https://dev.mysql.com/doc/refman/5.6/en/firewall.html

Do you want additional information on MySQL security. Then I can advise the following documents from Oracle and the video by Mike Frank of the MySQL team.

Source: http://www.mysql.com/why-mysql/

About Author

Robbrecht van Amerongen is Business Innovation Manager at AMIS Services. He has a vast experience in managing software development and delivery projects and growing the development unit of AMIS. He is able to utilize new technologies and methodologies to valuable products and services for his customers. His expertise lies in all aspects of software engineering; ranging from continuous delivery, provisioning, cloud computing, user experience and wearables.Robbrecht is also an Agile coach and Certified Agile Master. He has experience in managing Agile projects with Scrum (first with DSDM) ranging back to 1999. Robbrecht is a strong proponent of the agile principles. Robbrecht is agile examiner for the agile foundation, practitioner and master certificate.

1 Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.