Loading
Notes
Study Reminders
Support
Text Version

Introduction to Database Core Security

Set your study reminders

We will email you at these times to remind you to study.
  • Monday

    -

    7am

    +

    Tuesday

    -

    7am

    +

    Wednesday

    -

    7am

    +

    Thursday

    -

    7am

    +

    Friday

    -

    7am

    +

    Saturday

    -

    7am

    +

    Sunday

    -

    7am

    +

Database threats and attacks are more varied and prevalent than ever before databases are the crown jewels of information within every organization. Let's look at what the threats are to databases and how we can mitigate them it's almost impossible to overstate the severity of the problem of database security you have billions of records that have been compromised over the past few years and the majority of those are actually from database servers the single most common attack vector by a large margin is the use of stolen or weak credentials other common vectors include sql injection as well as the use of system backdoors most breaches aren't discovered normally by the company that was breached but tend to be reported by an external party now this is very common the size of data breaches has grown exponentially from 136 reported data breaches and 53 million records in 2005 to over 600 data breaches and 250 million records breached in even 2013. today data breaches of 100 million records and more of personal identifiable information are more common one of the most concentrated areas of this type of sensitive data is in the database in fact verizon highlights databases and file servers as having so much valuable information and the fact they're regular targets for cyber criminals and how do they access this data well. Among the multiple approaches using stolen credentials is the number one attack vector because it's simply so successful now according to studies one and about 500 phishing emails is successful when criminals steal a hundred million dollars in uh personal records and launch a phishing attack statistically two hundred thousand users will click on the email which creates two 000 more opportunities for additional viral breaches identity theft or even direct organizational attacks to highlight the importance of databases the verizon report also highlights databases as the secondmost common target of insiders again this is because of the mainconcentration of sensitive data is in one place sql injection is a security exploit where an attacker adds structured query language code into a web form input to gain access to resources or modify data in the database generally when a user submits a username and a password information into a web form those values are inserted into a select query which goes back to the database if the values entered or found as expected the user is allowed to access now if they aren't found access is denied unfortunately most web forms don't have controls in place to block input other than usernames and passwords subsequently an attacker can use the form inputs to send their own custom crafted requests to the database which could in turn allow them to download even the entire database orinteract with it in other illicit ways sql injection errors occur when data enters a program from an untrusted source that data is used to dynamically construct a sql query and the main consequences of sql injection are confidentiality since sql databases usually hold sense of data loss of confidentiality is a frequent issue with sql injection vulnerabilities authentication if poorly designed sql commands are used to verify usernames and passwords it might be possible to detect or connect to another database as another user without even having to know the password authorization is another issue becauseif authorization information is stored in a sql database it might be possible to modify this information through the successful exploitation of a sql injection vulnerability integrity is another issue and that it's possible to make changes or even delete information using a sql injection attack the risk of sql injection exploits is increasing because of automated tools in the past the risk was somewhat limited because an exploit had to be executed manuallyan attacker had to actually type their sql statement into a text boxnew automated sql injection programs are available and as a resultboth the probability and the potential damage of an exploit hasincreased exponentially spear phishing represents a significantpotential threat to databases attackers are using resources such aslinkedin to directly seek out members that hold database administrator titles and crafting target messages which contain malware dbas represent a target rich attack base so if you can compromise a database administrator's credentials or their desktopthen you can use that as a launch point to access databases across the company's enterprise.
Database inference attacks are techniques leveraged to attack databases where illicit users infer sensitive data from complex databases at a high-level inference is a data mining method usedto identify information hidden from normal users an inference attack can compromise the integrity of an entire database if not managed properly sensitive information might be leaked to unauthorized users examples of inference vulnerabilities that appear in databases are data aggregation and data association, when two values taken together, are classified at a higher level than one of every value involved this becomes a data association when a set of information is classified at a higher level than the individual level of data it's a clear case of data aggregation the sensitive data leaked through inference involves bound data where an attacker finds out a range of data holding expected information or negative data which is obtained as a result of certain innocent queries an attacker might try to access sensitive information through a direct attack an indirect attack or even tracking in most database environments the principle of least privilege isn't really adhered to or practiced there are many reasons why this takes place but oftentimes development staff and adminsaccounts are overprivileged because it's too time consuming to research the minimum amount of privileges actually needed by developers or admins and for that matter sometimes it simplycan't be protected especially in pre-production type environments additionally service accounts such as application accounts and scripts and batch jobs are generally given full access to ensure that anapplication or batch job can perform without any security restrictions so you have sometimes the abuse of legitimate privileges and this involves situations where users have been legitimately assigned access but this can be considered a database vulnerability especially if the malicious user misuses their database access privileges for instance as a general rule dbas don't have a need to see the contents of the data that they're managing such as credit card data or payroll data eighty percent of the attacks on company data are actually executed by employees or ex employees granting too many privileges or not revoking those privileges in time makes it trivial for these users to access and modify the databases illicitly whether insider threats are implemented deliberately or they happen inadvertently through the actions of those that have access to the valuable data an organization may put itself more at risk by not having the appropriate systems and controls in place insufficient data protection strategies are solutions are causing an increasing amount of data to leave the network perimeter via mobile devices web access and even a lack of employee awareness and training these are found to be some of the reasons that are perpetuating insider threats worms that targets database software and SQL injection vulnerabilities are particularly dangerous these worms will scan for vulnerabilities they'll exploit them and they'll start scanning from a new database server one of the worst database worm outbreaks was the sql slammer worm new database worms exploit unpatched systems in a worst case scenario database worms attack and replicate via zero day exploits so in database vulnerability and misconfiguration scenarios we see several key patterns that as security auditors will pop up in terms of best practices or the failure to implement best practices so one of the misconfigurations that configurations that we see most often are a default blank and or weak password unnecessarily enabled database features broken config management we see buffer overflows privilege escalation denial of service attacks unpatched databases unencrypted sensitive data at rest and in motion so auditing is a detective control in the database that allows us to identify breaches as well as unauthorized access they allow database administrators to for instance enable future accountability for current actions that are taken in a particular schema they allow auditors to essentially deter that type of activity by regularly auditing and investigating this suspicious activity for example if some users deleting data from a table.
For example, if some user is deleting data from tables then the security administrator might decideto audit all the connections to the database and all successful and unsuccessful deletions of rows from all the tables in the database so these logs can be used to notify an auditor that an unauthorized user is manipulating or deleting data to perhaps hide their tracks these audits and audit logs can be used to monitor and gather data about specific activities and privileges in the database, for example, the dba can gather statistics about which tables are being updated how many logical ios are performed or how many concurrent users connected peak times they can detect problems with anauthorization or access control implementation so for example you can create audit policies that youexpect will never generate an audit record because the data is protected in other ways however if these policies do indeed generate audit records then you will know that the other security controls are perhaps not properly implemented securing data storage is a critical component of implementing a defense in depth strategy at the data tier common gaps involve not encrypting rows or columns in the databases or on the storage media you have things like lost database backups that are of particular concern which is why encrypting them is a best practice these encryption controls are only an effective as the key management system in place that's used to protect those encryption keys, okay so we've covered many of the threat categories which can affect database environments and how to secure them now it's time to talk about how to mitigate these threats so the first step is in securing your data is to encrypt the data this blocks access from the operating system level and forces an attacker to approach the data through a database connection so not next if you lock down the system sothat only authorized folks can access that system is a good step and finally you monitor your systems so that you can detect activity that might indicate an attack that's in progress so security starts with encryption data encryption is a foundational capability for security we encrypt our data to prevent data loss through network sniffing file system access loss of backup tapes and loss or theft of database exports encryption is also a key component of many regulatory frameworks including pci hipaa and most global data privacy laws encrypting the data in motion between the database and the application servers is an important step we should also encrypt the data that's on the disk and don't forget to keep the data encrypted as you back it up or create exports tokenization is the process of substituting a sensitive data element with a non-sensitive data element which is referred to as a token this token has no extrinsic value the token is an identifier that maps back to the sensitive data through a tokenization framework the security and risk reduction benefits of tokenization require that the tokenization system is logically isolated and segmented from data processing systems and applications that previously processed or stored sensitive data that are replaced by the tokens only the tokenization system cantokenize data to create tokens or de-tokenize back to redeem sensitive data under strict security controls the token generation method must be proven to have the property that there is no feasible means through direct attack cryptanalysis side-channel analysis or a token mapping table exposure system or even brute force attacks in order to reverse engineer tokens back to live data when tokens replace live data and systems the result is minimized exposure of those sensitive data sets and stores and people and processes which reduce the risk of compromise or accidental exposure and even unauthorized access to sensitive data tokenization may be used to safeguard sensitive data involving for example bank accounts financial statements medical records criminal records driver's licenses loan applications stock trades voter registrations and other types of personally identifiable informationtokenization is often used in credit card processing the pci council defines tokenization as a quote a process by which the primary account number or pan is replaced with a surrogate value called a token cryptographic bit splitting and other emerging technologies constitute algorithms that split a stream of bits into a number of shares this splitting is done at the bit level.
The key splitting algorithm performed randomly a combination of algorithms is used to provide strong data protection you can mix and match aes 256 where you block encrypt a block of data first using that mechanism and then split into another share that might use sha-256 where each individual share is hashed another type of emerging encryption is homomorphic encryption which allows computations to be carried out on ciphertext thus generating an encrypted result which when decrypted matches the result of operations performed on the plain text this is sometimes a desirable feature in modern communication and system architectures homomorphic encryption would allow the chaining together of different services without exposing the data to each of these services so for example, if we have a chain of different software as a service services from various companies you could calculate one the tax to the currency exchange and third shipping on a transaction without exposing the unencrypted data to each of these services homomorphic encryption schemes are malleable by design this enables their use in cloud computing environments to ensure the confidentiality of process data and in addition the homomorphic property of various cryptosystems can be used to create many other security systems for example secure voting systems you could implement collision resistant hash functions you can implement private information retrieval schemes and many more.