Free Public Databases – Should they be used at all?

Internet Storm Center has a post today noting the update to Burp Suite an excellent vulnerability analysis of Websites as a proxy server.

While checking the update the storm center noted the inclusion of NoSQL injection  in the update.

At the same time why is this important? because of the prevalence  of public databases or “Bigdata”

MongoDB added security concerns: http://docs.mongodb.org/manual/administration/security-checklist/

 

What about when Amazon marketplace has free databases?  I.e. the “cloud”

Here is a copy of the image:

nosql on aws

 

The key is the controls placed on setting up databases in the cloud.  One must be careful what to put in the cloud DB. Also if a DB is no longer being used, it has to be voided (zeroed out).

especially if important data (PII- Personally Identifiable Information) is placed on the cloud.

 

I think you can use these free resources, but nothing is truly free so I would be very careful before creating DBs in the cloud.

 

Don’t forget to create a risk assessment and  add vulnerability reviews of the data.  Don’t forget about compliance, even if you don’t need it now, may need it in future.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.