Database Security

Every organization must deal with information, network and system security. Security is a difficult concept to define in relation to computer and system security. Confidentiality, integrity and availability also known as Information Security Triad are the most important elements of information security. Databases have various designs and to achieve security is difficult. To make a database secure the five primary aspects of security should be considered including the CIA triad.

1. Confidentiality: Confidentiality is the prevention of unauthorized access, disclosure and use of information. Loss of confidential information may lead to both tangible and intangible losses.

2. Integrity: This refers to the reliability and trustworthiness of information and quality of a system itself. Integrity means that there has been no unauthorized data manipulation and that the information received is the same as the information sent.

3. Availability: Availability is the ability to access necessary services and resources.

4. Authentication: Authentication provides the ability to confirm the identity of a person or the origin of the artifact, or to ensure that a computer program is trusted one.

5. Nonrepudiation: This guarantees that the sender has sent the message and the receiver has received the message, eliminating the possibility of denial on both ends.

THREATS TO DATABASE SECURITY

With the increase in usage of databases, the frequency of attacks against those databases has also increased. Here we look at some of the threats that database administrators actually can do something about.

Database attacks are an increasing trend these days. Reason is the increase in access to data stored in databases. When the data is been accessed by many people, the chances of data theft increases. In the past, database attacks were prevalent, but were less in number as hackers hacked the network more to show it was possible to hack and not to sell proprietary information. Another reason for database attacks is to gain money selling sensitive information, which includes credit card numbers, Social Security Numbers, etc.

TYPES OF THREATS TO DATABASE SECURITY

Privilege abuse:

When database users are provided with a privilege that exceeds their day-to-day job requirement, these privileges may be abused intentionally or unintentionally.

Operating System vulnerabilities:

Vulnerabilities in underlying operating systems like Windows, UNIX, Linux, etc., and the services that are related to the databases could lead to unauthorized access. This may lead to a Denial of Service (DoS) attack. This could be prevented by updating the operating system related security patches as and when they become available.

Database rootkits:

A database rootkit is a program or a procedure that is hidden inside the database and that provides administrator-level privileges to gain access to the data in the database. These rootkits may even turn off alerts triggered by Intrusion Prevention Systems (IPS). It is possible to install a rootkit only after compromising the underlying operating system.

Weak authentication:

Weak authentication models allow attackers to employ strategies such as social engineering and brute force to obtain database login credentials and assume the identity of legitimate database users.

Weak audit trails:

A weak audit logging mechanism in a database server represents a critical risk to an organization especially in retail, financial, healthcare, and other industries with stringent regulatory compliance. Regulations such as PCI, SOX, and HIPAA demand extensive logging of actions to reproduce an event at a later point of time in case of an incident. Logging of sensitive or unusual transactions happening in a database must be done in an automated manner for resolving incidents. Audit trails act as the last line of database defense. Audit trails can detect the existence of a violation that could help trace back the violation to a particular point of time and a particular user.

VULNERABILITIES IN DATABASE:

Databases contain the largest and most sensitive store of enterprise data, making them a prime target for attackers. But it's often the enterprise's internal staff database developers, administrators, and even users who create the vulnerabilities that attacker exploit to compromise that data.

Here are some of most common areas of database security weaknesses, based on the issues we've seen in customer environments we've evaluated during the last decade.

Platform Vulnerability:

Servers are used to store data and provide services to the users and to other systems. Server may run Linux or Windows or any other Operating System. The OS are heavily targeted because of their critical use. If an attacker penetrates or damage the operating system, then the database service running on the server may damaged or disrupted. Servers are mostly compromised due to unpatched known vulnerability and misconfiguration. The database administrator should regularly visit the websites to keep the system update.

Database Server:

Database is the primary target of any attacker. Windows Server provides Windows Authentication either with the local accounts or active directory domain accounts; in addition they also support SQL Logins. The administrator should activate any one service for authentication, leaving the unnecessary services enabled increases the security complication.

Network:

Now the network are no more wired only, wireless networks have become more popular, therefore, the administrator must consider the vulnerabilities of both the wired and wireless networks. Wired network can be exploited by gaining access to unsecured ports. If the private wired network is connected to the Internet, then they may also be exploited. Attacker also tries to install rogue wireless access points on internal wired network to gain access from outside the range of wired network. The administrator should block the unnecessary open ports.

 SQL Injection:

In a SQL injection attack, an attacker typically inserts (or “injects”) unauthorized SQL statements in the entry field for the execution of the statement and in response error are received with vital information that helps the attacker to gain access into the system.

Denial of Service:

Denial of Service (DoS) attack is a type of attack in which the resources are denied to intended users. Denial of service may be created via many different techniques. For example, DoS attack can be achieved by taking advantage of a database platform vulnerability to overload a server. Other common DoS techniques include network flooding, data corruption, and server resource overloading (memory, CPU, etc.). Resource overloading is particularly common in database environments.

PROVIDING SECURITY TO DATABASE:

An ever increasing number of databases are needed in business and, with the advent of the Internet, threats or risks to these databases are increasing apace. In this series, we provide a definition of database security, and look at how security is provided to database.

Privileges:

In a database highest number of data breaches is due to the improper privilege grants. When someone wants to access database, the user can only perform those operations which are granted to him.

Least Privileges:

When a user is granted privileges more than the requirements to fulfill their intended job function, these privileges are misused. For example a person is only needed to read a particular data but he has been granted read and write privilege then he can also write and it will be a misuse of his rights. The best practice is to grant only those privileges which are required to perform intended duties.

 Data Encrypting on Database Server:

Encrypting the data across the database improves the security. In case if any users security is compromised then the unintended data will be possess by the intruder but due to encryption he will not be able to read that data and the confidentiality of the data will be maintained even after the compromise. In some recent cases the database server storing the credentials of the customer were compromised but the encryption in the data was protected and the credential were not leaked. Encryption will protect both the production and backup copies of the data and even the backup data is theft will still be undisclosed.

Monitoring and Blocking:

Real time monitoring of database activity can help to detect any data leakage on real time basis, unauthorized SQL commands and system attacks can be monitored and blocked according to the procedure stored by the administrator and can be notified on real time basis. Administrator can create a profile of each user’s normal activity and on these baselines, if any operation other than normal activity is monitored is blocked or reviewed in more detail to check whether the activity is for malicious intent or for authorized usage. This helps to detect the SQL injections and any compromised users activity by the attacker can be detected.

Auditing:

Implementing automated auditing increases the performance, flexibility and scalability of a database server. Database Auditing and Protection Platform can address most of the weakness associated with native audit tools.

Data Security Policy:

Data security includes mechanisms that control access to and use of the database at the object level. Your data security policy determines which users have access to a specific schema object, and the specific types of actions allowed for each user on the object. For example, user can issue SELECT and INSERT statements but not DELETE statements using the employees table. Your data security policy should also define the actions, if any, that are audited for each schema object.