What should an organization do if its database server is directly reachable from the internet?

When a database server is directly reachable from the internet, it poses a significant security risk as it can be vulnerable to unauthorized access and attacks. The correct approach is to implement port security and a perimeter network. This strategy enhances the security posture of the database server by creating a controlled environment that mitigates exposure to external threats.

By implementing port security, the organization can restrict access to the database server, ensuring that only authorized traffic is allowed through. This limits the attack surface and helps to prevent various types of network attacks, such as port scanning and unauthorized access attempts.

Additionally, setting up a perimeter network, also known as a demilitarized zone (DMZ), allows the organization to isolate its database server from direct internet access. This intermediate layer acts as a buffer between the external network and the internal network, providing an additional security layer that can monitor and manage incoming and outgoing traffic.

In contrast, disabling the database server would limit the organization’s operational capabilities, and increasing internet connection speeds does not address the security risks associated with direct exposure. Encouraging user logins from all locations would further increase the risk of unauthorized access and data breaches, which is contrary to the goal of securing sensitive data stored on the database server.