Is it possible that a hacker can target the system of a software engineer, test engineer who have handy access to data. Why these people have handy access to databases and data servers is a different question. The answer to this is given in next paragraph. But the aim is to stop hacking of data from servers. This article presents one such condition under which data can be leaked, however it needs to be understood that many more ways are possible for hacking to be possible. Next some possible solutions are provided to avoid hacking performed via this way or any other way.
Note: This article in no way says that a software professional is indirectly/directly helping in hacking, I was myself a software professional, all I am saying how we software professionals can secure our systems so that hackers don’t get access to data servers through our systems.
Firstly, let us discuss, why some software professional need to have access to data servers. There are instances when a real time bug comes in, in that case one needs to debug for that the data points are required. For this debugging to be performed real time data points are needed. This is why sometimes we software developers and software test engineers require to access real time data, to solve real time problems of people.
Why we need to secure data servers which have real deployed data. As this is the real data that need to be safeguarded from hackers, once the hackers get access to the real data servers, they have the login id and passwords and hence can log in to any thing they have found on the server, not just the phone numbers which they can sell in to marketing hacks. Thus, saving, securing the data servers having real time data is must — as it unfolds in two ways:
- The loss of user login information to hackers, along with the encryption keys.
- The loss of data other that login data, which is often not encrypted.
Now, not all time software professionals need to access real time data, test servers can work handy for most development and deployment tasks. When the product or fix or the software update is ready, then the connection string which connects to the data sever is changed to the real time data server. Testing is performed from client side and hence this is how a safe software development should work.
How a system used by an person having an access to data can be hacked ? The system on which some fix is performed by a software professional can be subject to hacker, the hacker can target such a system via non-safe websites which the professional may view while working for finding solution to a bug, or problem he/she is facing. This can be one potential reason for hacking to be possible, not just of the system, but of the data of the software servers which the software professional was handling. How ? As the hacker have hacked your system dear software professional! And your system had access to the data server as it has logged into the data servers to test in some bug or to enhance some models.
Why hacking of data servers need to be avoided ? Well- once hackers get the access to data servers — they can access the login details and log into any of the user profile — ANY! HENCE SECURING DATA SERVE ACCESS IS MUST!
How to deal with this kind of data safety from hackers. Well certain precautions may help in, the following are some:
- If you are working on with real time data servers, don’t check or browse on internet on the same system.
- If internet is needed it should be private connection limited to that location.
- Make sure, work is done in secure connections.
- Check VPN connections validations.
Some software’s don’t require real time accessing of data servers for working. How to secure such data servers from being hacked ? As I said, one vulnerability point is that the software professional system can be hacked when he/she is accessing internet to find the reason of some bug in development/testing. Hence exposing the data server to hacking. This is just one such reason there can be many other reasons of hacking, but most are related to internet, from which a hacker can get data of the data server having people’s data. The following are some suggestions to minimize hackings of data servers:
- Separate the test servers and the real live data servers on which people’s data is stored.
- This will make the software professional to use test servers only.
- The real data servers to be accessed with rare conditions only for change of data base schemas and random rare — database connectivity issues.
- No database views to be saved on local servers. View of database can be understood to as an image of database as per a particular mirror, through with it needs to be seen. For example a view of database can be created for data of only Honk Kong.
- Further, the test servers should not have any copy of live data servers, why as during work software professional have to access internet, making their system susceptible to hacking which makes data of the organization being leaked.
- When a real time bug comes in — the bug should be tested with both white box testing and balck box testing, as is required, using a requested copy of real data — but in permuted form. Hence, any entry in real data, which is causing the bug shall be found out. If still it is not found in rare conditions access to live real time data be given — to do bug fixing keeping in view that internet on system is secure. But keep it to minimum, as this is public data- you have responsibility to secure it.
- Test data servers — can be made by software itself, words can be fed in just like opensea.com used words as passwords combination!
- If not test data servers cant be changed — direct users to change passwords and change the live data server and test servers.
- In the rare cases of debugging- make sure a view of data is provided to the system handling the bug. The view, shall not have user login details. This shall secure it further.
There are instances, where hacking is independent of the above scenario, wherein the hackers hack the systems, which access the data such as CRM systems, which require to handle real time databases. The following are some suggestions to safeguard such systems from accessing data servers.
- Work on view of data not on actual data. Such employees who work on CRM data on their machines do not need to have full data access, but access to the view of data, with restrictions imposed on it. So that even if data is hacked form their machines, it is made sure that, confidential information is not taken off by hackers.
- Separate the email servers where in people log in to check the customers details.
- Access real time data for user queries on a secure separate system, not used to access internet.
To summarize, one must secure the live data servers — — for that following process of authentication need to be performed:
- Keep test server and live data server separate
- Work on test servers for most development, validation tasks
- In case of bug follow the following:
- Test on test servers
- Use permuted data from live data to test the errors on. Permutation of data can save a lot of hacking, in case the hacker targets a machine used by an employee. make sure login details are not added in the same.
- Create view of data servers in case debugging is not possible with above steps alone, provide the software professional with a restricted view, which does not compromise login details and other data not required as a part of bug to be fixed.
- Still if bug is not handles — provide a very secure system for the database engineer and software professional to handle the real time data. However, this shall be a rare event, given the software engineering is a mostly mature now.
When the real data servers are not accessible to any unsafe machine connected to internet, where will hackers hack data from ? Oh yeah personal data from machines connected to internet-can be hacked ! That shall be covered by the anti-virus companies! I covered how to secure data on data servers being hacked via machines which access the real data!
This article does not say not to replicated data servers for data protection, they should be for sure as a part of data security however, the access of all these mirror images is what is being talked about here. Also some form of connection is data transfer is always needed from servers to live data – how to secure it – this can be considered as a system, which can be protected just like another anti virus protects a system. That is to say, the data transfer from live data servers to the middle layer in the Web Architecture can be secured using secure protocols.