This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
In database security, vulnerability is a potential weakness that may result in an external or internal attack which compromises the assurance of information contained within a database.
"System vulnerability is defined to be the intersection of a system susceptibility or flaw, access to the flaw, and the capability to exploit the flaw. Implementation" 
There many different types of database vulnerability and we will look into some of those more in depth in the next section. It is crucial in improving database security to understand the different types of vulnerabilities that can affect a database and the security of its data. Databases nearly always contain private and personal information in one way or another. These may include; names, addresses, credit card/bank details, telephone numbers and other business sensitive information. There has been many articles in the media over the past 10 years were professional criminals have been targeting database vulnerability for personal or financial gain.
First of all we need to be able to assess how vulnerable our database may be to internal and external threats. This can be done by performing a database vulnerability assessment.
"A Database Vulnerability Assessment is a 'point in time assessment' on the security posture of a specific database ".
These assessments are usual carried out by complex pieces of third party software. It is important if your database contains confidential or sensitive data to regularly assess for potential vulnerabilities. Most assessments will only highlight potential vulnerabilities and will not attempt to fix them. It is up to the database administrator or owner to weigh up the potential risks and take action if it is deemed necessary. Malicious threats are becoming even more complex and clever and are growing at an increasing rate. As technology and the way we use the internet evolve many new potential threats emerge leaving our database even more at risk to attacks and theft of data.
There are three key elements that make up a vulnerability assessment:
Firstly, an inventory is taken of all databases on a network. This maybe made up of hundreds of large complex databases or could be just one small database on a small network. This is an important step as it allows for the assessment to be carried out on all critical data.
The second step is penetration testing. Penetration testing refers to investigating outside threats to a database which could be in the form of external hackers. The assessment explores routes an external threat my attempt to come through.
The final stage is security auditing. This refers to the check of internal threats, this could include an internal source such as wrong user privileges or weak passwords.
The results of the assessments will then be used to protect the database from the latest threats in order to mitigate the risk of data theft.
Types of Database Vulnerability / Threats
There are many different forms of hardware vulnerability, some which can be monitored and predicted like hardware age, but some are unforeseen or are caused by "acts of God." The greatest threat comes from a hardware failure, whether it is a failure to a data store or failure to electrical component. Equipment failure is a major hardware threat which can make a database vulnerable. Equipment is often faulty due to age or poor maintenance. Equipment failure can lead to temporal loss of data, database down time, or at worse permanent loss of sensitive or important data.
Another hardware threat may come from deliberate damage or sabotage, this could be from acts of arson, explosions or an act of vandalism. Closely related to this is equipment theft which could lead to the data in the database being vulnerable to theft.
Accidental and unforeseen equipment damage is another potential threat that could lead to database vulnerability, these are seen more as an "act of God" type threat such as flooding or fire .
Another key major hardware threat is not to the physical database hardware itself, but to the communication networks that feed the hardware. Communication networks can be vulnerable to wire tapping, where an outside intruder will monitor communication over a communication link to the database. Adversely affecting the communications link to the database can be caused by electronic interference which could disrupt services that use the database.
Internal vulnerabilities and threats can be covered by performing the database vulnerability assessment. They are the most common cause of database vulnerability and to the theft of data from a database. Reasons for this could include: the ease of which data can be stolen, most commonly no invasive malicious methods are needed i.e. SQL injection or Trojans, as the attacker can already access the network and has all the security information and privileges needed.
A proportion of internal threats actually come from accidental user error and not from malicious attacks. If a database is poorly designed it can be possible for internal users to accidently delete or remove critical business data with out the intent to do so. Designing a well protected and secure data system will reduce risks like this.
Malicious internal attacks are often in the form of disgruntled employees, who are out to make a profit from exploiting the data within the database or want to cause damage to a company by removing critical information.
Black Hat Hackers
Databases are vulnerable to computer hackers, the dangerous and serious attacks come from black hat hackers. Black hat hackers are computer hackers whose objective is to steal data for their own personal and financial gain, they unlike the other forms of hackers specialise in breaking into databases through security holes and flaws of a databases design . They are capable of breaking through firewalls and other security measures to reach the data they desire. Along with stealing private confidential information they are also able to erase data or modify data.
They also may inflict viruses, internet worms, and Trojans onto a database system. This will be discussed in the next section.
The attacker uses a wireless access point from a laptop or PC to interrogate the system to find weaknesses in a network. Once they have they discovered these they can launch attacks on the database system. They use techniques such as "warDriving" SQL injection is then used by the hackers once they have been able to connect to a network on which database systems reside. The hackers will use a web application firewall to guard them against SQL injections .
Trojans and Worms
A Trojan is a clever form of non-self-replicating malware. The Trojan works by appearing to do what is expected by an innocent user, instead it facilitates an external hacker to gain access to the computer system , allowing them to gain access to a database where data can be stolen. Trojans can be sent via emails looking innocent to the receiver. Once the attachment is opened the whole computer system along with any databases available on a network are exposed to external threats. The functions a hacker can perform once in on a user's computer systems are governed by that users privilege.
The key risk a Trojan poses to a database is data theft or manipulation. Hackers can monitor a users use of the database. Using keystroke logging an attacker can gain security information such as passwords to gain access to databases on a network. It is also possible using a Trojan for an attacker to bring down the whole database on a network.
Trojans can be fairly easy to mitigate from a vulnerability point of view. Trojan can only work with the aid of the innocent user. Educating individuals to not to open suspicious attachment on emails will lower the risk.
A worm is slightly different to a Trojan as it is a self-replicating malware application. The most important difference is that it does not need a users participation for it to be affective. It can spread over a whole network by sending copies of its self to all other computers on a single network. They are also very hard to detect and remove. Once infected they can be used in much a similar way to a Trojan allowing the potential to a hacker to steal data from a database .
There are four simple vulnerabilities that come with passwords. They could be: forgotten, guessed, shared, and lost/stolen .
Measures that aim to reduce these vulnerabilities can further increase exposure of another. For example, strong passwords can be difficult to remember and this may lead to their being forgotten or written down and subsequently stolen.
The primary attacks against passwords considered in this Standard are: brute force guessing attacks, common password attacks, dictionary attacks, and pre-knowledge guessing attacks. The use of strong passwords, system protection of password files, and logon failure management measures provide protection against such attacks. Logon audit requirements shall be sourced from the Authentication Key Strengths Standard. Authentication protocol attacks for the exchange of the password between the customer and the verifier are also covered in the Authentication Key Strengths Standard.
Password strength is a measure of the effectiveness of a password in resisting guessing and brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need on average to correctly guess it. The strength of a password is a function of length, complexity, and randomness.
Risks are also posed by several means of breaching computer security which are unrelated to password strength. Such means include wiretapping, phishing, keystroke logging, social engineering, dumpster diving, side-channel attacks, and software vulnerabilities.
Ensuring users have the correct privileges on a database is paramount to database security. An attacker who has too high a privilege is able to steal data ease. It is therefore important to set the right user with the appropriate privileges. For example you wouldn't want an intern who updates user details to be able to access senior management pay details. Assigning the correct level of privileges to each user reduces the chance of vulnerability to the database.
(Just read and make sure it makes sense)In SQL GRANT privileges allows a user to all user privileges or a small selection of privileges for a database . Attackers can use GRANT statements where databases have similar names, because come databases wrongly interpret '_' character as a wildcard in MySQL. If the databases have similar names this wildcard character can be mistaken for a match . Attackers who look to exploit this vulnerability can if lucky enough to gain access to the restricted database information. They will also be able to read/write data and remove critical data from the database.
There are three key types of privilege abuse:
Excessive Privilege Abuse is when a user is granted too high a privilege for the function of their job role or their requirements from a database . This is solely the error of the database administrator who assigned the privileges
Legitimate Privilege Abuse is when a user has appropriate levels of privileges applied to them from the administrator, but abuses these levels of privileges for their own personal gain
Privilege Elevation is where an outside attacker may, through software bugs or design flaws may be able to change the privileges they have on a database to be able to access the information they may wish to steal or remove. They may use vulnerabilities in software function or communication protocols to be able to do this. The key aim is to change their privileges to be that of an administrator.
SQL injection is a code injected that occurs at the database layer of the application. SQL injection tries to exploit databases security vulnerability. It often occurs when the user of database input is filtered incorrectly for string literal escape characters, which are embedded in an SQL statement. It most commonly occurs in embedded scripting languages .
SQL injection is an increasingly growing problem for database security and integrity. These injection can also be hard to patch. Along with incorrectly filtered SQL queries, SQL injection can also pull other input information allowing them to retrieve want they want from a database, without the victim knowing of the attack. They use a process called data piggybacking to be able to return the data .
Another form of SQL injection is Blind SQL Injection. Blind SQL injection uses a vulnerable web application, but the results of the injection can not be viewed by the attacker . In blind SQL injection the attacker will get a generic page produced by the developer of the database. This makes is more difficult for the attacker to exploit the potential of the SQL injection, but it can still be possible by completing more SQL statements .
Below shows the structure of an attacker using SQL injection to pull data from a database
Figure 1 - SQL Injection Model
The attacker uses SQL injection over a client interface, commonly their own PC through a firewall. The wrongly filtered inputs from the client over the web application allow the attacker to pull the data using thee SQL Server.
In December 2007 Russian hackers stole 53,00 credit card numbers from the Rhode Island Government using SQL injection . Another well publicised use of SQL injection was when hackers managed to steal 263,000 credit card numbers from Card systems. It is an ever growing problem in database security which can leave sensitive information very vulnerable to attackers who which to exploit its potential.
Buffer overflow is a common vulnerability not only in databases, but in most applications that takes an input from a user and allocates memory for that information. When a user enters details into a database through an application, the application memory programmer writes that data to the address allocated to it. The problem occurs when that process stores the data in a buffer outside the allocated memory for that input, leaving some data to be written to the adjacent memory address. In doing this it could over right some other critical data held in the database or worse still, the data written could be accessed by different query which would result in other users experiencing funny behavior from the database. This can also cause an application to crash if it was expecting certain specific data. This vulnerability is far less predictable to others and is almost impossible for a hacker to exploit, but is more likely to affect the integrity of the data contained in that database.
They are commonly introduced by poor design and programming skills. Simple bounds checking on data inputs will stop incorrect memory allocation. The user would simple get an error message and be able to re-enter the correct data.
Figure 2 - Memory allocation