Are Your "Ghost Databases" Creating Security Holes?
You may have a ghost on your network. A ghost, which threatens the security of your data.
This is the first of a series of 5 articles on database maintenance. They will go through several ways to keep databases well-oiled, and your data protected. They will also cover potential security risks in typical database use – such as "ghost databases."
What's a ghost database? They are database servers bundled with applications intended for use by installed applications. Installing Microsoft SharePoint, for example, also installs MSDE (Microsoft Desktop Engine) if you don’t specify it should use your SQL Server. Often users don't even know these databases exist. They collect on your servers, undetected.
Why Ghost Databases Pose Risk
Like any server-based program, databases require patching. But if you don't know about a ghost database, it will quickly become out of date. Without regular checks and service patches, ghost databases pose serious potential failure points in your network.
And prime targets for hackers. Few would pass up an open, unpatched database sitting unmonitored on your network. Witness the destruction of the Slammer worm – in 2003, it infected over 75,000 systems in 10 minutes and caused a global Internet slowdown! The infection method? Unpatched database servers.
Where & Why to Get Patched
If they're so important, what do service patches do?
1. They fix current problems, and safeguard against future ones.
2. Patches contain fixes to fill in security holes, stopping hackers. (Unfortunately, these sometimes come after a user reports a hacker accessing their database.)
3. They boost processing speeds. Speed increases often come bundled in larger updates, like service packs.
Patches are available from the database manufacturer. Be very careful about third-party patches; these may contain spyware or backdoor rootkits. Ask tech support or a DBA consultant if you’re not sure a patch is safe. Many database servers contain auto-update routines too – all you have to do is tell it to run.
Of course, this means you have to find them first.
How do you find ghost databases and keep them up to date? Furthermore, what's needed to keep your known database servers up to date? For this, you'll need to implement a regular database maintenance plan. We'll cover those in our next article. Questions? Email our DBA team at firstname.lastname@example.org.
Or call us at 408-341-8770 to schedule an appointment.