Keep all systems updated, especially your front-end. The only reason delaying update is only version compatibility. Keep everything simple to let them keep updated to latest patch. Automate!
Limit outbound access and don’t let malicious go away to the Internet that easy, they may get in, but no way out.
Regular systems scanning.
Intrusion detection systems for some noobs.
Always beware of social engineering.
Never open any suspicious link. Test suspicious link/email only at isolated machine. Permanently delete them as much as you can.
…
Several basic points to improve your database security:
- Limit DBA team access only from localhost.
- Limit application account privilege to lowest possible.
- Limit access to database from necessary entries. Database is always behind application, internal only.
- Have some monitoring on both logs and resource usage. SQL injection usually increases resource usage.
- Encrypt data communication and backups.
- …
Several URLs:
]]>