Author: Robert Agar
The escalating number of data breaches that afflict corporate information resources shows no signs of slowing down any time soon. Your MySQL databases and the important data they contain may be in danger at this very moment.
Recent Attacks on MySQL Databases
Due to the popularity of MySQL as an open-source database platform, many organizations make use of this solution to store and process sensitive corporate and personal data. These databases present attractive targets to hackers attempting to plant malware or steal enterprise data resources. Lest you think that this problem is not real, consider these recent events that illustrate the danger posed by unsecured MySQL databases.
- A massive data breach affecting over 330,000 citizens of Malta was exposed in March of 2020. The data included personal information including names, ID numbers, and addresses. An unsecured server that was open to anyone who knew its IP address was responsible for the compromised information.
- In May of this year, the Indonesian government was hit with a data breach affecting 230,000 individuals who had undergone testing for COVID-19. The hackers gained access to a MySQL server from which the data was stolen and offered for sale on the Internet.
- A security vulnerability in the Exam mail transfer agent has been identified by the National Security Agency (NSA) as the target of Russian military hackers known as the Sandworm Team. As part of their attack, a new mysql_db user is created with root privileges and imports SSH keys that can be used to access the compromised server.
These are just a few examples of the many breaches and attempted hacks that plague MySQL environments. DBAs need to be aware of the risks and be committed to taking the necessary actions to protect their databases.
Best Practices for Securing MySQL Instances
MySQL database teams need to address the security of their servers with a multi-faceted approach. As companies move their databases to the cloud, providers are becoming involved in disseminating security recommendations to help their customers protect data resources. Here’s what one provider suggests as a starting point for strengthening MySQL security.
- Make sure the root MySQL password is set.
- Delete the test account and database that are created as part of the installation process.
- Ensure that a password is set for every MySQL account.
- Only grant the privileges that are required for each user. Excessive privileges are often involved in data breaches perpetrated by internal or external actors.
- Refrain from using wildcards in the hostname value associated with accounts.
- Don’t use passwords in the command line. The reason for this is that everything typed on the command line is stored in a history file. Attackers gaining access to this file can steal these plain-text passwords and compromise the database.
Here are some additional actions that you can take to improve MySQL security.
- Run the mysql_secure_installation script. As the script executes, you will be prompted to verify actions including disabling remote tool user logins and deleting anonymous user accounts.
- Bind the database server to a loopback address to restrict access from remote machines.
- Prevent access to the underlying filesystem from within MySQL.
- Change the default TCP/IP port used for connectivity.
- Upgrade MySQL packages regularly to take advantage of new security updates and bug fixes.
- Set the correct permissions on MySQL server and data files to restrict unauthorized configuration changes.
You should never take the security of your MySQL servers and database for granted. There can never be too great a focus put on protecting your organization’s data resources.
Monitoring Your MySQL Environment
Protecting your MySQL servers from hackers and internal unauthorized users requires a policy that includes comprehensive monitoring of the database environment. You need a tool that lets you know when things aren’t right so you can investigate and find out what exactly is going on with your MySQL databases.
IDERA’s SQL Diagnostic Manager for MySQL is a great solution to monitoring and protecting your MySQL databases and servers. The tool provides the capability to view your complete MySQL environment from a single web console and quickly drill down to investigate issues with specific instances. Security alerts can be generated to immediately notify relevant staff members of potential hacking attempts. You can watch for both internal and external security issues to keep your servers safe.
SQL Diagnostic Manager for MySQL also monitors database performance and makes recommendations to streamline server response. It’s a full-featured administrative and management platform for MySQL and MariaDB environments that will keep your systems more secure and improve their performance. You can try the tool for free to see how it can help your database team.