Passwords are keys, they give access to content meant for you and no one else. So hackers take an interest in this data. Passwords can allow hackers to view personal info or restricted data in a company’s system. It is important for companies to store this data safely to keep their customers data safe. Data breaches happen daily and leave lots of data open to anyone. The responsibility to prevent data breaches falls upon the service since they failed to keep it secure. One of the best ways to keep that information safe would be databases. They are remote, private, and fast. Databases have one main function, store data in the most secure way possible.
Breaches are a common event that can show how secure a service can be. There are multiple ways to address the mass breach. First we need to find if the breach is really happening (no false alarms). In most cases when data is breached, we notice unusual activity in the server logs.
These are a few ways to avoid breaches, one way is with the use of strong protocols, for example: instead of Hypertext Transfer Protocol (HTTP) use Hypertext Transfer Protocol Secure (HTTPS) with a stronger protocol and with a better cipher and minimum of 4096 bit encryption (SSL Certificate. It provides authentication for a website and enables an encrypted connection) or setting up the server in a demilitarized zone (DMZ) which acts as the exposed point to an untrusted networks. Servers setup in DMZ cannot communicate with other peer servers (computer systems connected to each other via the Internet) and/or any other network components. Any communication should go through a strong RISK and Security team approval after a thorough review process.
Eliminating Default Password
Eliminating default passwords on all layers is another simple step companies can take. For example, switching OS Raspberry for a pi/raspberry (a smaller and cheaper version of a computer) can help keep hackers out. Next design the system which should have at least 3-tiers (proxy/web, application and database) for the best security. In addition, this action requires a quality assurance team to find the security glitches before it goes live. As well as ensure the development and QA team are up-to-date with latest vulnerabilities and hacks on other industries (lessons learned).
Over a long period of time, the service would have to perform common penetration tests and address the vulnerabilities on the application/platform to stay secure as well as add additional tools to continuously monitor the application/database/os logs. Any unusual activity should be reported to the Security team (Tools like Splunk/ELK can be used for constant monitoring).
Although we follow strong processes/protocols, hackers find a way to break the system and fetch sensitive information. It is crucial that procedures are followed when breach is confirmed.
First, strong data encryption on sensitive data is helpful during a breach scenario. Even though hackers get the information, they cannot decrypt it because they don’t have the key). Second, in the event of breach, lock the database passwords purposefully . This will not allow any connections to the database unless the database admin resets the password. This step will create an outage for the Application/site, but will protect the data.
Designing a strong archival process to store data longer in use is another solution. For example: Storing Employee information in a company database is common. However, HR rarely does it. HR can store data in tapes for better security.
Create Automatic Triggers
Finally, it is important to create automatic triggers to cut the network when breach is identified(unusual log activity, heavy disk reading on theserver). The last resort is to abruptly power off – This will lead to customer dissatisfaction.Ungraceful server shutdowns may lead to data corruption. However, these are acceptable for business when compared to data breach.
Read about some of the biggest breaches in U.S. history here.