Which Accounts Do Attackers Often Target on a Database Application?

• Default accounts in databases are frequently targeted by hackers. piratage image by dead_account from Fotolia.com

  Databases frequently store data critical to the operations of a company. For this reason, they are often the target of attacks from thieves. No matter how secure a website or computer accessing the database, the database itself is vulnerable to attack. Certain accounts are more vulnerable to attack then others.

System Admin Accounts

• Commonly attacked accounts in databases are accounts that may grant full access to the data in the database or to the computer on which the database runs. In Microsoft SQL, for example, the SA account gives the user not only full control over the database, but access to the computer operating system as well. It is easy to see why a hacker would target these types of accounts.

Default Accounts

• Another commonly attacked account is any default account built in to a database. While these accounts may not provide full access to the database or computer, they are easy targets because of the availability of the user name and password combinations. A simple Web search for default passwords on a specific database will likely yield a narrow list of results for a hacker to try. A recent article suggests that there may be as many as 1,000 default accounts with publicly available credentials.

Preventing Compromise

• Protecting the essential data in your database should be a top priority. An article in Dark Reading suggests that the steps involved in protecting databases involve basic hardening tasks. These include applying security patches to the database and computer, protecting the transmission of credentials using secured protocols and removing default credentials from the database system.

Additional Steps for Preventing Compromise

• After going through the basic hardening steps, the next logical step is to audit the current accounts and passwords in use. Here is a list of questions to ask yourself:

  Are there accounts still set up for users that no longer have a business need to access the data or who no longer work for your company?

  Is the database enforcing strong password use or will it allow blank passwords?

  Are accounts appropriately restricted to allow only those tasks that are necessary by the user? For instance, a Web application probably doesn't need the ability to perform a drop table command.

  Careful review of the security of the computer, the database application and the database accounts and passwords won't guarantee that a hacker won't get in, but they are steps in the right direction.