S 2.128 Controlling access to a database system

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

The database software must provide suitable mechanisms for the identification and authentication of the users in order to guarantee effective system access control. The access authorisations must be granted according to defined rules (see S 2.132 Provisions for configuring database users / user groups).

In general, normal users should not be allowed to access a production database using an interactive SQL interpreter. Access to such databases should only be possible indirectly using the corresponding applications. The only exceptions in this case include database user IDs set up for administration purposes.

Remote access to databases should be handled very restrictively. If this type of access is not absolutely necessary, it should be prohibited. If it is necessary, remote access should only be allowed to those users who actually need it. Other users should not be able to obtain access remotely by themselves. Under no circumstances should remote access be granted without entering a valid user ID and a password.

For higher security requirements, it should be examined if a strong authentication mechanism extending beyond the entry of a user name and password is necessary. For example, the use of chip cards or tokens comes into consideration here.

Review questions:

• If remote database accesses are required: Are these handled particularly restrictively or are these disabled otherwise?
• Do the mechanisms used for identifying and authenticating the users meet the security requirements regarding the database?
• Is it only possible to indirectly access the database using the corresponding applications, except for administration purposes?