Security Barriers

Security barriers prevent unauthorized access to data, like a series of perimeter fences that keep intruders out. Security gates allow access through the barriers to the data. The gates have locks and keys; only authorized users should possess the keys, and the locks should always be latched. Unfortunately, sometimes gates are unlatched by guards (administrators) or left open by visitors (users). And sometimes developers leave holes in the fence.

Securing the Network

As a database administrator (DBA), before you start working with security privileges inside a database, you should secure the outer barriers. The first barrier is the network, and it has two components: the Internet and a company intranet. A firewall should block all but authorized Internet traffic and allow only secure tunneling into the company from the Internet. This type of firewall is called a web application firewall (WAF), such as the mod_security module in PHP. The company intranet should also secure traffic to prevent internal hacking attacks. This type of security is called a screened subnet, a very important aspect of any company’s governance policy.