Skip to main content

This section of the ISM provides guidance on database management system software.

Temporary installation files and logs

DBMS software will often leave behind temporary installation files and logs during the installation process, in case an administrator needs to troubleshoot a failed installation. Information in these files, which can include passphrases in the clear, could provide valuable information to an adversary.

Security Control: 1245; Revision: 2; Updated: Sep-18; Applicability: O, P, S, TS
All temporary installation files and logs are removed after DBMS software has been installed.

Hardening and configuration

Poorly configured DBMS software could provide an opportunity for an adversary to gain unauthorised access to database content. To assist organisations in deploying DBMS software, vendors often provide guidance on how to securely configure their DBMS software. Furthermore, DBMS software is often installed with most features enabled by default.

Security Control: 1246; Revision: 2; Updated: Sep-18; Applicability: O, P, S, TS
DBMS software is configured according to vendor guidance.

Security Control: 1247; Revision: 2; Updated: Sep-18; Applicability: O, P, S, TS
DBMS software features, stored procedures, accounts and databases that are not required are disabled or removed.

Restricting privileges

If DBMS software operating as a local administrator or root account is compromised by an adversary, it can present a significant security risk to the underlying operating system.

DBMS software is also often capable of accessing files that it has read access to on the database server. For example, an adversary using an SQL injection could use the command LOAD DATA LOCAL INFILE ‘etc/passwd’ INTO TABLE Users or SELECT load_file(“/etc/passwd”) to access the contents of a Linux password file. Disabling the ability of the DBMS software to read local files from a server will prevent such SQL injection from succeeding. This could be performed, for example, by disabling use of the ‘LOAD DATA LOCAL INFILE’ command.

Security Control: 1249; Revision: 2; Updated: Sep-18; Applicability: O, P, S, TS
DBMS software is configured to run as a separate account with the minimum privileges needed to perform its functions.

Security Control: 1250; Revision: 1; Updated: Sep-18; Applicability: O, P, S, TS
The account under which DBMS software runs has limited access to non-essential areas of the database server’s file system.

Security Control: 1251; Revision: 2; Updated: Sep-18; Applicability: O, P, S, TS
The ability of DBMS software to read local files from a server is disabled.

Database administrator accounts

DBMS software often comes pre-configured with default database administrator accounts and passphrases that are listed in vendor documentation. These default database administrator accounts should be disabled, renamed or have their passphrases changed.

When sharing database administrator accounts for the performance of administrative tasks, any actions undertaken will not be attributable to an individual database administrator. This can hinder investigations relating to an attempted, or successful, targeted cyber intrusion. Furthermore, database administrator accounts shared across different databases can exacerbate any compromise of a database administrator account by an adversary.

When creating new database administrator accounts, the accounts are often allocated all privileges available to administrators. Most database administrators will only need a subset of all available privileges to undertake their authorised duties.

Security Control: 1260; Revision: 2; Updated: Sep-18; Applicability: O, P, S, TS
Default database administrator accounts are disabled, renamed or have their passphrases changed.

Security Control: 1262; Revision: 1; Updated: Sep-18; Applicability: O, P, S, TS
Database administrators have unique and identifiable accounts.

Security Control: 1261; Revision: 2; Updated: Sep-18; Applicability: O, P, S, TS
Database administrator accounts are not shared across different databases.

Security Control: 1263; Revision: 2; Updated: Sep-18; Applicability: O, P, S, TS
Database administrator accounts are used exclusively for administrative tasks, with standard database accounts used for general purpose interactions with databases.

Security Control: 1264; Revision: 1; Updated: Sep-18; Applicability: O, P, S, TS
Database administrator access is restricted to defined roles rather than accounts with default administrative permissions, or all permissions.

Further information

Further information on authenticating users can be found in the authentication hardening section of the Guidelines for System Hardening.

Further information on patching DBMS software can be found in the system patching section of the Guidelines for System Management.