An Application Server Database Server

2307 Words Aug 5th, 2016 10 Pages
Hypothetical Environment
A money transfer service is being hosted and run at the site. All transactions are handled by an application server that connects to several database servers containing the actual transaction data of highly sensitive nature. Only the application server and a maintenance server have access to the database servers and of these defined devices, only the application server has any contact with an external network (the internet) through a series of dedicated gateways.

As a security measure, no devices with regular user access (physical access) can access the database server; the maintenance can only be accessed through a remote connection through a local connection. Regular user’s workstations do not share the same physical network as the database and application servers. Internet access is not available on any workstation that interfaces with the application server, the database server or the maintenance workstation to minimize the security risk.
Assets
1. The application server
2. The database server(s) (and the databases hosted therein)

Possible threats to database security
1. Excessive and unused privileges
Over-granting privileges can lead to some serious data breaches in the database. One reason that this happens is that to simplify issuing of permissions, organizations will often have a generic list of permissions that are given to all members in a given department or access level. This leads to some users having more access than they require.…
Open Document