Data files, database files, and data repositories should be kept out of regular disk mounts, source code, infrastructure repositories or any other unsafe storage.
Even if data files are encrypted, important information can be gleaned such as size of data, amount of records (depending on database or data format) and various other signals that can be used for social engineering, and other attacks.
We have found a visible/accessible data file, data repository or database file.
- Use a dedicated mount or drive for data files that is highly monitored, audited, and inaccessible
- Never include data in source code, repositories
- Make sure to delete backup files, temporary files, test files, or demo data files that are checked in by mistake
Updated 3 months ago