The purpose of this report is intended to help companies deal with the most common threats associated with their database. This report identifies and explains various threats associated with the database and highlights the preventions that are appropriate to address each threat.
It also shows the Oracle database firewall architecture which prevents attacks, log activities and generates warnings of possible attacks.
This report will take in to consideration, discussions and research analysis of the database threats and prevention. Database security has become increasingly important and critical for corporate business to increase functionality and improve information system to provide real time information. However securities have always been an obstacle to software developers, knowing that the security of data depends on its operating system security, physical security and data base management security.
Bearing in mind that attackers with malicious intents are always trying to exploit weakness and vulnerabilities in system. It is often easy for attackers to manipulate sensitive data alter the data and degrade its originality. This report discusses some of the threats and implementations that can be apply at enterprise level to protect data and increase the performance of cryptography in database security. The discussion present some of growing threats, both internal and external that affect business and organisations and compromise security that affect regulatory requirements.
Finally, this technical paper focuses on new integration of database management technologies and resolving some of the security issues that is affecting organisations. In addition, there have been so many technological advancement in upcoming technology trends and researchers are trying to stay a step ahead to prevent threats to database.
2. Types of threats to database security
2 2.1 Excessive Privilege Abuse
This is when users are granted too much database privileges which exceed their job requirement. An example of this abuse is a database user whose job is to receive phone calls and book appointment in a university takes advantage of excessive database update privileges to change students score [Shulman,2006].
2 Privilege Elevation
Due to the database software vulnerabilities which are be found in stored procedures, built-in functions, protocol implementations, and SQL statements, hackers can take advantages of this weakness. For example, in a bank a software developer might take advantage of a vulnerable function and convert his access privileges to that of an administrator hereby having an administrative privilege. And with this administrative right, the software developer can perform malicious acts like having access into the bank's account to transfer money [Shulman, 2006].
2 Database Platform Vulnerabilities
Various operating systems such as windows xp, windows 2000, etc. are vulnerable to viruses like the blaster worm which can take advantage of the platform vulnerability to create denial of service conditions.
2 Backup Data Exposure (note to following one of the above)
The above source also stated that backup database, which are stored on device are most of the time totally unsecure. The data are vulnerable to attacks. Various sensitive information which have been stored on these devices has resulted in theft of the database tapes.
Legitimate Privilege Abuse
Users of the database may abuse this privilege for unauthorized purposes. For example, a healthcare worker who has the privilege to view individual patient's history via a custom web application, with the web application structured to prevent him from viewing patient's record simultaneously. The healthcare worker may find a way round these restrictions hereby making a connection to the database using a different client like MS-Excel and his legitimate login credentials. He can recover and save all patients records with the intent to trade this information for money. He can also save this vital information on the computer for legitimate purposes but now making the stored data vulnerable attacks [ ].
Weak Audit Trail
Weak audit trail have been an ongoing issue with database in large to medium size organisations. It often represents serious risk to database deployment. Some of the threats include:
Lack of user accountability: this is the case where users access a databases through a web application such as (SAP, Oracle or people soft), with no idea about user identities and mechanism on these applications. However most of these names are associated with accounts name register during web applications with no idea about audit logs that may reveal fraudulent actions, making it difficult to link or find the identical user.
Regulatory Risk: This is one of the critical threats associated with weak audit trails. This is due to the fact that organsiation with weak audit mechanism find it extremely difficult to meet their specific requirements with government regulation bodies exposing loopholes in database systems.
Performance Degradation: this is often cause by consumption of CPU processing power. Organisations often encounter problems with audit features and end up scaling back to old systems to eliminate the audit trail. This lead to the decline in performance when these audit features are enabled on database systems.
Separation of Duties: have to do with the level of elevation and privileges assigning to administrators who gained access either by malicious or legitimate means. This allows them to carry on fraudulent activity on the database server by turning of audit trails to cover and fraudulent attack that may have occurred.
Limited Granularity: Most database system with audit mechanism do not have the features to record attack or detect forensics and recovery. An example of this is reconnaissance attack that is not recorded by many native mechanisms.
Distributed Denial of Service
Distributed Denial of Service (DDoS) is an organized attack where the attacker uses several machines to launch DoS attack against their targets. The main aim of the attacker is to disrupt the service in other to have access to private information and take control of the database to achieve financial gain.
Below is an overview of this type of attack.
Figure 2: An attack scenario
3. SQL Injection
SQL Injection Attack (SQLIA) is one of the most common threat to the database. It occurs when the attacker changes the effect of the SQL query by inputting new statements into the query.
Injection mechanism and attack intent are two classifications of SQLIAS which are used to describe attacks.
3.1 Injection Mechanism
Harmful SQL statements are injected into the vulnerable part of the web application using various input mechanisms such as injection through user input, injection through cookies and injection through server variables.
These technologies are used by the attacker by inserting malicious and unauthorized database statement into the vulnerable SQL data channel hereby targeting the web application. This injection statement is executed in the database. The intention of the attacker is to corrupt and take entire control of the database to obtain vital information which could lead to identity theft and fraud.
3.2 Attack Intent
This attack can be classified based on the goal, or the intent of the hacker. There are various types of attack intent which are identifying injectable parameters, performing database finger-printing, determining database schema, extracting data and adding or modifying data.
The attacker uses the above mentioned techniques to probe the web application looking for the fields which are vulnerable to SQLIA. The attacker also tries to find out the version of the database in use, because various databases respond differently to attacks and he uses different methods to collect vital information from the database.
Unauthorized Copies of Sensitive Data
Many organizations find it difficult to effectively manage the inventory of their databases. In some cases, new database are created and copied without the knowledge of the administrators who are in charge of ensuring security. These data may be sensitive such as customer's personal details, staffs and transactions. But because this database was done without the knowledge of those that ensure adequate security, there is high tendency that this vital information will not properly be secure.
In addition, old databases which are currently not in use are sometime left unattended and unauthorized users gain access to them.
6. Weak Authentication
Weak authentication enables attackers to gain access to the database using various methods such as brute force, social engineering, and direct credential theft. Sometimes they try to acquire login credentials to the database pretending to be a legitimate user of the database.
6.1 Brute Force - the hacker uses various combinations by guessing repeatedly the username and password of the legitimate database user finding the one that works. Sometimes the attacker uses automated programs to speed up attack process.
6.2 Social Engineering - the attacker takes advantage of human weakness to trust. Here the attacker pretends and presents himself to be who is not in order to obtain people login credentials. For example, an attacker makes a phone presenting himself as the system administrator and request login credentials for IT maintenance purposes.
6.2 Direct Credential Theft - here the attacker steals login credential by copying passwords obtained from files or through post.
3. Preventing Database threat
3 3.1 Preventing Excessive Privilege Abuse
Query-Level Access Control is the solution which is used to prevent excessive privilege abuse. It restricts database privileges to SQL operations such as SELECT, UPDATE and CREATE. Implementing query-level access control would allow the database user whose job is to receive phone calls and book appointment in a university to perform his duties but will issue an alert if he tries to change students score or perform other malicious acts [Shulman, 2006].
3 Preventing Privilege Elevation
Privilege elevation can be prevented with intrusion prevention systems (IPS) and also with the query-level access control.
"IPS inspects database traffic to identify patterns which correspond to known vulnerabilities. For example, if a given function is known to be vulnerable, then an IPS may either block all access to the vulnerable procedure, or (if possible) block only those procedures with embedded attacks". The IPS detects and separates legitimate functions from those having enclosed attacks.
In addition, the query access control checks if the database request made matches the normal user behaviour if it is unexpected then an attack is likely taking place.
With the implementation of integrated IPS and dynamic profiling it secures and ensures protection to privilege elevation [Shulman, 2006].
3 Preventing Database Platform Vulnerabilities
To protect and prevent the database from platform attacks, software updates and intrusion prevention system should be implemented. Regular software updates should be carried out and the implementation of IPS secures and protects the database from worms and other types of attacks.
3 Preventing Backup Data Exposure
High profile data should not be stored on devices or tapes. If they have to be stored on these devices, all backups of the database should be encrypted.
Preventing Legitimate Privilege Abuse
Database access control can be used to prevent legitimate privilege abuse. It is possible to know users who are using this privilege for malicious acts by implementing policy for client applications.
Context-based access control secures and ensue protection. Any connection which does not match with the one stored in the user's profile rises an alert. For example, the malicious healthcare worker discussed earlier will be detected by securesphere due to the size of data retrieved at a time.
Preventing Weak Audit Trail
There are few protections that can be implemented to prevent weak audit trails on database systems.
High performance: this will improve the speed of audit appliances with little or no impact on the system and increase performance. This can be achieved by migrating audit process to network appliances and this will be expected to boost database performance.
Separation of duties is an important prevention as it allows you to separate administrative duties in a well-coordinated procedure with Administrative rights and privileges been assigned to administrators. This prevents elevation of attacks on the database carried out by malicious attackers on the network.
Cross platform Auditing: provides a secure security infrastructures for network audit appliances using different platform and standards. This provides a unique centralised system across large database networks that reduces load balancing and server cost.
Preventing Distributed Denial of Service
To ensure protection from Dos or DDoS attacks basic security measures needs to be in place. If a running system is attacked and is discovered by the administrator to prevent further attacks on the network he should simply shut down the machine to avoid more spread. With the Intrusion Detection Systems in place the system administrator should be notified for irregular activities.
A set of firewall should be implemented to divide internal network from the internet.
The figure below shows the DDoS protection environment of servers that are accessed through a load balancing tool.
Figure 3: Protection environment
Preventing SQL Injection
There are various methods used to prevent and eliminate the problem of SQL injection. They are intrusion prevention, query-level access control and event correlation.
SecureSphere SQL Injection Protection
It incorporates dynamic profiling, IPS, and correlated attacks which identifies uneven accuracy.
Dynamic profiling ensures query-level access control by identifying different application pattern detected if they defer from the original user application.
SecureSphere IPS has database signature dictionaries which are unique to deter vulnerable stored SQL injection operations.
Correlated Attack validation checks security using secureSphere detection layers and its enable to identify when there is an SQLIA.
Preventing Unauthorized Copies of Sensitive Data
Companies should identify the various databases they have on their network so that they can effectively and accurately maintain inventory of their database having sensitive information. Secondly, it is necessary to know the class the sensitive data belongs to within the database.
Correct controls should be set following the organization data access policies when accurate inventory of the database is available.
SecureSphere ensures automated network scans which provides full database inventory. It also identifies changes that occur in the database which helps in spotting out rogue databases and it uses validation algorithms to work effectively.
Preventing Authentication Attacks
To protect against this attacks, stronger authentication policies should be implemented. Tokens, certificates, biometrics, etc. should be used when possible. But due to the cost involved and the usage it is sometimes a barrier. Stronger password policy should be implemented. The username/password should have a minimum length, having a numeric and alphabetic combination.
In addition, the passwords should be used and changed regularly.
Below is an Oracle Database Firewall system which protects and secure data in Oracle, Microsoft SQL Server database as shown in the diagram. It scans and ensures that traffic is monitored to and from the database. It also prevents attacks, log activities and generates warnings of possible attacks. It enhances database protection and ensures security features like user authentication and encryption.
Figure 4 shows Oracle Database Firewall Architecture
Securing database must follow closely security authentication methods and best policies in corporate networks and business organisations. Database threats and security has been a long outstanding issue that administrators are working to limit its vulnerabilities. Securing the database allows you to create authentication and enable the administrator to understand internal and external threats trying to gain access to the database management systems and altering information. This will ensure effective policies and minimise security attacks on data.
On the other hand as database is widely used in most IT systems and government bodies, networks are becoming more open, bearing in mind that illegal hacker trends continues to grow as well, so security professionals have to be a step ahead and propose safe implementation to protect confidential data on the network. Database often come under attack as they entail large amount of personal information, so these systems need to be secure to prevent loss and damage to organisation and individuals whose information are kept on database.
Having considered the current threats using various analysis, I believe the vulnerability of databases can be reduced through constant vigilance and implementation of stronger security policies. Expert should be trained periodically for better security awareness which helps mitigate attacks and should take appropriate measure to protect themselves and the network they implement.
My final advice, developers should invest and research database securities and find suitable alternative to prevent these attacks.