What is database vulnerability and why should I be concerned?
Database services allow those outside the business to make a direct connection to the stores of valuable and sensitive data which your organisation is responsible for. A database should not be using a port that is directly visible and accessible from the Internet. Even if this database is protected by a password, open access allows attackers to easily launch their attacks to gain entry into this system, allowing them to control assets, exfiltrate data or install ransomware. A hacker could immediately test any vulnerabilities/attacks against this database rather than needing to get inside the network first. This could result in a breach of sensitive information and potentially put businesses and individuals at risk. Additionally, this risk could cause reputation damage to your organisation.
How do I resolve this?
There are regular incidents reported of organisations leaving databases containing sensitive data freely accessible directly from the Internet. These types of services will immediately attract the attention of attackers and should be hidden behind firewalls or the port closed. If placing these services behind a firewall/VPN, only a narrow set of allow-listed services should be permitted to connect. If you do this, KYND will mark the issue as resolved.
If this isn’t possible, you should take alternative steps to mitigate the issue.
This could include adding extra layers of authentication, including MFA or PKI certificates to ensure that only authenticated users and services are able to connect.
If none of these are possible, then these services should be entirely separated from the rest of your organisation's infrastructure, ensuring that there is no way an attacker could traverse from an attack on this service to gain access to sensitive data, services, networks or infrastructure.