How to Build Robust Database Security: Logical and Physical Protection Strategies

Overview

Databases store accounts, passwords, personal privacy, and other sensitive information that constitute the core assets of enterprises. Establishing a comprehensive information security system to protect these assets from internal and external leaks has become a consensus among many organizations.

As IT security evolves, focus has shifted from traditional network, desktop, system, and application security to strengthening the core database layer. Databases are increasingly targeted, with 92% of severe IT security incidents in 2010 involving database intrusions, 89% using SQL injection, and 84% exploiting poorly managed user privileges.

Security Situation Analysis

Surveys show that 92% of breach records originate from compromised database servers, highlighting database security as the key to overall data protection.

Typical data leakage pathways include:

Storage layer: stealing data files or backups.

Data access: obtaining high‑privilege DBA passwords or exploiting privilege‑escalation vulnerabilities.

Application layer: cracking or extracting database user passwords from applications to bypass business‑level restrictions.

Common attack methods include brute‑force password cracking, default password exploitation, privilege escalation, PL/SQL injection, management‑level credential theft, and copying database files from compromised servers.

Logical Security Measures

3.1 User Management

Classify database accounts by function (default, program, maintenance, etc.) and configure security rules for each user/group.

Use user profiles to apply attribute‑based controls tailored to different user types.

3.2 Permission Management

Assign the minimum permissions required for business needs.

Manage object permissions via database roles (ROLE).

Enable data‑dictionary protection so only SYSDBA can access base tables.

Limit the number of OS users in the DBA group, typically to the Oracle installation user only.

Follow the principle of least privilege and authorize users through roles.

3.3 Log Management

Record login logs: capture account, success/failure, timestamp, and remote IP.

Record operation logs: capture account creation/deletion, permission changes, configuration changes, and sensitive data accesses, including account, time, operation, and result.

Record system security events at the OS level.

Define database audit policies based on business requirements.

3.4 Database Auditing

Audit types include:

Mandatory audit: writes audit records for every instance start/shutdown to OS files.

Standard audit: records user actions on objects, statements, or privileges; stored in OS files, XML, or the AUD$ table.

Fine‑grained auditing (FGA): records row‑level access, stored in FGA_LOG$ or XML.

Example of SQL statement audit: SQL> AUDIT TABLE BY hr WHENEVER NOT SUCCESSFUL; Oracle Audit Vault can provide real‑time audit of database activity.

3.5 Sensitive Data Management

Protect sensitive fields (name, phone, ID, bank account, passwords) through masking, irreversible data‑masking, and encryption. Oracle Database Vault can enforce internal security policies, and Oracle Data Masking can irreversibly mask production data for non‑production use.

3.6 Database Vulnerability Management

Regularly apply Oracle security patches released in official patch sets.

Physical Security and Disaster Recovery

4.1 Overview

Physical security focuses on emergency and disaster‑recovery measures. Statistics show that only 6% of companies survive after data loss, and 75% of businesses would halt if unable to recover within 14 days.

4.2 DR Planning Considerations

Risk analysis: probability and impact of each risk.

Business criticality classification and RPO/RTO targets.

DR strategies: same‑city/remote sites, multi‑level (system, data, application, business).

DR scale: active‑passive, dual‑center, downgrade options.

4.3 DR Backup Technology Standards

Key goals: ensure data safety of critical systems, reduce planned downtime, enable rapid takeover by remote sites, and reuse hardware/software.

Metrics: Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

Seven‑tier DR solution levels (SHARE 78):

No off‑site backup.

Backup media stored off‑site.

Backup media off‑site plus standby site.

Backup media off‑site plus backup center.

Scheduled data backup with backup center.

Real‑time data backup with backup center.

Zero data loss.

4.4 Common Data Protection Techniques

Tape backup (local or off‑site).

Remote disk‑mirroring (vendor‑provided or virtual storage).

Volume‑group replication (host‑level).

Database‑log‑based replication (Oracle Data Guard, GoldenGate).

Application‑level solutions.

4.5 Log‑Based Data Replication

Oracle Data Guard/Active Data Guard transmit and apply archived/online logs over the network, offering synchronous (RPO = 0) or asynchronous replication. Synchronous provides full data consistency but requires high‑speed networks; asynchronous reduces impact on production at the cost of potential data loss.

Active Data Guard benefits include hot‑standby query offloading, simple implementation, transparent application support, efficient network transfer, and fault isolation.

GoldenGate enables table‑level replication, allowing selective synchronization of critical tables, suitable for lightweight emergency systems.

Summary and Recommendations

To achieve deep defense and precise blocking of data threats, organizations should ensure:

Sensitive data is invisible (masking/encryption).

Core data cannot be exfiltrated (access controls, encryption).

Operational actions are fully auditable (logging, audit policies).

Three‑stage data‑security defense:

Monitor threats and block them before reaching the database.

Track changes and audit database activity.

Control data access and prevent non‑database users from accessing the database.

Additional best practices include strict account management, formal change‑management processes, regular risk reviews, and adherence to the “seven habits of highly secure DBAs” such as knowing where sensitive data resides, frequent auditing, monitoring activity, encrypting data, restricting application‑side attacks, managing privileged access, and handling production data only in production environments.