DATABASE SECURITY PART 1: ROAMING USERS AND SECURE SESSIONS
The more sophisticated the security measures, the more thought-through the precautions set up in your corporate database, the more challenges it invites. Some go straight to brute force solutions and attempt to hack your site and its internal systems. But that is easily addressed as we already discussed in previous articles. But there always remain ways to bend the rules and use legitimate mechanics to their terrible ends without outright hacking.
How should your company address all of that?
The danger is real for any company, no matter the size. Along with privacy issues, payment data, you have to worry about the integrity of your clients’ trust.
Detect and Protect
Session security is an important consideration in the design of any system that requires communication between a server and a client. Improper security can lead to user accounts being vulnerable to unauthorized access. A couple of years ago it was considered the second biggest threat to online security. With GitLab and Facebook vulnerable and losing account data by the millions.
The danger is real for any company, no matter the size. Along with privacy issues, payment data, you have to worry about the integrity of your clients’ trust. It’s hard to persuade your customers that they can rely on your company while someone tricks the system and you can do nothing about it.
Existing detection methods rely largely on heuristic algorithms such as tracking sudden changes in IP addresses and browser (or mobile) fingerprints and flagging “unusual user behaviour”.
Unfortunately, these methods themselves can be inaccurate, easy to spoof and difficult to implement. That is why a team of experienced security specialists who understand all the ins and out of corporate database security is vital.
For example, Tentacle’s security specialists quickly detected and stopped a front-end site user from abusing the internal system of the corporate database when the user tried to log in on both the mobile device and PC in an attempt to subvert the security measures. The issue was detected, addressed and the vulnerability closed in a matter of hours and the users and the clients were not affected.
In safe hands
Tentacle Solutions has developed methods and strategies to protect their clients’ corporate databases from these threats – a login authenticating management system that prevents users from logging in multiple times or from different devices, a system of checks to prevent roaming users from abusing the login sessions and abusing the potential vulnerabilities of the system to steal your companies’ data. If your company considers utilizing an upgrade to your rusty Access database or want to make sure that all your data and internal system are tightly secure, make sure to drop a line to Tentacle Solutions.
In the next part, we will address different methods of securing your competition sites integrity via session management - authentication management, application of tokens instead of passwords, token encryption, social sign-in and how to choose between them and better – how to combine them.