University of Twente Student Theses
An Internet-wide investigation of publicly accessible databases
Witt, S.J. (2023) An Internet-wide investigation of publicly accessible databases.
PDF
1MB |
Abstract: | Database technology is a cornerstone of the modern digital society. In this report, we investigate the worldwide landscape of publicly accessible databases and their security postures. We design, implement and carry out 2 Internet scans for open default ports of 8 of the most popular database solutions in existence. Internet scanning has been done numerous times for a multitude of purposes, an overview of required background knowledge is presented, together with a discussion of relevant previous work. Ethical guidelines with respect to Internet scanning as established by the computer science community are followed to minimise the intrusiveness of our scans. Our focus is on the connection and deployment security of publicly accessible databases. To measure the connection security posture, we look at Transport Layer Security (TLS) properties, including versions, cipher suites and certificate validity. Furthermore, we assume the perspective of an outside user in our security assessment of deployed database systems to determine their level of vulnerability. Our scan detected a total of 3.5 million databases among the 8 database solutions. The key takeaway from our research is that security configuration and software maintenance remain challenges for database server administrators. |
Item Type: | Essay (Master) |
Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
Subject: | 54 computer science |
Programme: | Computer Science MSc (60300) |
Link to this item: | https://purl.utwente.nl/essays/97675 |
Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Repository Staff Only: item control page