MySQL Security Best Practices
-
Loading... - Nicolas Saez
- 29 Jun 2022
- 138 Views
- 0 Like
- 0 Comment
What Is MySQL?
MySQL is an open source RDBMS (relational database management system). It is based on Structured Query Language (SQL) and runs on many platforms, including Windows, Linux, and UNIX. MySQL is also provided as a service on all popular public cloud platforms including Amazon, Azure, and Google Cloud.
MySQL is part of LAMP, an open source web development platform. The LAMP enterprise stack consists of Linux (operating system), Apache (web server), MySQL (RDBMS), and PHP (object-oriented scripting language), Perl, or Python.
MySQL helps support various use cases, including web applications and online publishing scenarios. It powers websites and consumer-facing and corporate web-based applications, such as Twitter, YouTube, and Facebook.
Database Security Threats
Databases store sensitive information, which is vulnerable to many threats—including data loss and theft, privacy violations, availability issues, and malicious or accidental modifications. These issues can occur due to various reasons, including outside attackers, malicious insiders, and accidental action.
Open source databases like MySQL typically pose security concerns related to secure communication and access controls, as well as open source security risks such as known and zero-day vulnerabilities.
Access and privileges
Excessive privileges, for example, can allow users to gain needless access to confidential information. This issue can escalate to privilege abuse, enabling authorized users to misuse their privileges to perform unauthorized actions. While you can use access control policies and query-level access control to mitigate these threats, many more issues may arise. For example, it may not prevent threat actors from escalating low-level access to high-level privileges.
Vulnerabilities and attacks
Platforms and operating systems often contain vulnerabilities, which can lead to leakage and data corruption. You can mitigate this using a patch management process alongside vulnerability assessment.
However, vulnerability assessment cannot prevent threat actors from using SQL injection to send unauthorized database queries to trick the server into revealing information. You need to use prepared SQL statements to mitigate this threat. Databases are also exposed to Denial of Service (DoS) attacks that can make resources and databases unavailable, denying users access to data or applications.
MySQL Security Best Practices
The following best practices can help you enhance the security of your MySQL database.
Modify the Port Mappings
The default mapping for MySQL is to run on port 3306. You should change this setting after installing MYSQL to conceal the ports on which your critical services run. Attackers typically target default settings first, so it is important to modify them to avoid exploits.
Avoid Running MySQL with Root Privileges
You should run MySQL under a dedicated user account that contains the minimal permissions required to run a service. Don’t let MySQL run directly as a root server. In addition to the advantages of logging and auditing, avoiding root-level privileges helps ensure that attackers cannot hijack the root user account to gain access.
Secure MySQL in the Cloud
If you run MySQL in a cloud environment, your cloud provider will likely offer security services to protect your database. For example, Azure lets you protect your open source relational database using Microsoft Defender to detect anomalous behavior that may indicate malicious attempts to access the server. AWS offers AWS Shield to help secure applications and databases from a distributed denial of service (DDoS) attack.
Disable and Delete Your MySQL History
By default, MySQL creates a history file upon installation, storing it under ~/.mysql_history. You should delete this file because it details the history of your installation and configuration. If compromised, malicious actors could use it to expose critical database user passwords. You should also create a soft link from the history file to a null device to prevent MySQL from logging events to the file.
Lock Users Accounts on Suspicious Activity
MySQL 8.0.19 introduced a temporary account locking function. You can set up MySQL to lock a user account based on variables such as the number of failed login attempts and the account lock time. Read More...
