SEC835 Practical aspects of security implementation Part 1 Apply security services Databases security Email security STRIDE Spoofing Any person or technology (Actor) component can be spoofed Tampering Data, or source code, or configuration parameters can be tampered Repudiation A user’s actions can be repudiated Information disclosure Data, or any other information including system architectural design, are vulnerable to information disclosure Denial of Service Any technology resource is vulnerable to DoS Elevation of Privileges Any user or technology related level of privileges is vulnerable to elevation of privileges Databases Spoofing: DBA ODBC driver Tampering Data Configuration parameters Information disclosure Data DB structure ODBC credentials Denial of service RDB as the technology resource Elevation of privileges DBA RPC DB security Strong access control Database Tables Columns In most cases RBAC has been implemented SQL language allow runtime granting of access privileges to users or roles DB security The GRANT command: GRANT {privileges/role} [ON table] TO {user/role/public} [IDENTIFIED BY password] [WITH GRANT OPTION] The command allows granting of privileges and/or roles to another user or to another role thus providing a lot of flexibility in runtime privileges management DB security What to GRANT? Select – grantee is allowed to read entire DB, table, or columns Insert – grantee may insert rows in a table, or insert rows with values for specific columns in a table Update – similar to insert Delete – delete rows from a table References – grantee is allowed to define foreign keys in another table that refer to the specified columns DB security REVOKE {privileges/ role} [ON table] FROM {user/role/public} DB security Cascading authorization Allow a user granting access to another user, and so on Revoke assumes cascading revoking of access Be aware about security issues: May be exploited to elevate privileges Complicated grant schema may confuse revoking, leaving a user with the access granted DB security Tampering and Information Disclosure Discrete storing • Store sensitive data only when it is really necessary Encryption • Symmetric encryption for confidentiality • Hash for integrity Strong encryption Secure key management DB encryption Encryption may apply to The whole table The attribute (column) The field (just a single cell) Encryption makes a negative impact on the DB searching when encrypted values must be used as searching criteria To help, the table partitioning may apply, where each partition has the unique index used to identify the range of records DB encryption Table partitioning example Employee salary is a searching criteria but must be encrypted The table partitioning is supported by the index that is mapped to the range of rows, e.g.: 1 – values from 35K to 75K 2 – values from 76 K to 95 K 3 – values from 96 and up The table rows contain encrypted values and indices that replace real values DB encryption (cont.) To decrypt the table that was encrypted and partitioned the map of indices and the ranges is required in addition to encryption keys This map must be stored on the client, not on the server Decryption and converting data into its original value also has been performed on the client Make sure that encryption key on client side is safe DBMS technology components Must be protected from DoS attack Strong access control for all type of interfaces: Users Admins API Bulk data loading Strong data input validation Protect against SQL injection attacks DB backups DB must be regularly backups Media – tapes, or mirror servers, or both Backups must be stored at different (remote) location DB backups Mode of backups: Full backup Incremental – backup files changed after last backup Differential – backup any file that are changed since the last full backup Records retention Policy exists to specify the period of keepng data available Secure destruction Shredding Magnetic destruction DB Security Inference problem A possibility to derive additional information from small pieces or fraction of data Fractions or pieces can be not confidential but derived data is Often may be completed by combining queries Protection: Splitting tables and assigning fine-grained access control Separation of duties Perturbation of data DB security Privacy issue For some databases, in particular for healthcare and financial data, personal identifiers must not be present in the records Achieved by applying data sanitization service That is about applying the algorithms of “masking” data in store, or in a user’s view That is in addition to cryptography Secure Email Major threats Unauthorized access (confidentiality, integrity) Viruses sent with attachments Spam Spoofing email addresses Protection Encryption PGP – encryption technology used to protect confidentiality, integrity and authenticate a sender. This is a hybrid technology. The following is in use: • Public/private key (RSA) • Secret key for symmetric encryption (AES, 3DES) • Digital signature (MD5, SHA-1) Protection ANTI-virus protection Install and keep up-to-date Spam Anti-spam software