DB security

advertisement
SEC835
Practical aspects of security
implementation
Part 1
Apply security services
Databases security
Email security
STRIDE
Spoofing
Any person or technology (Actor) component can be spoofed
Tampering
Data, or source code, or configuration parameters can be tampered
Repudiation
A user’s actions can be repudiated
Information disclosure
Data, or any other information including system architectural design, are
vulnerable to information disclosure
Denial of Service
Any technology resource is vulnerable to DoS
Elevation of Privileges
Any user or technology related level of privileges is vulnerable to
elevation of privileges
Databases
Spoofing:
DBA
ODBC driver
Tampering
Data
Configuration parameters
Information disclosure
Data
DB structure
ODBC credentials
Denial of service
RDB as the technology resource
Elevation of privileges
DBA
RPC
DB security
Strong access control
Database
Tables
Columns
In most cases RBAC has been implemented
SQL language allow runtime granting of
access privileges to users or roles
DB security
The GRANT command:
GRANT {privileges/role}
[ON table]
TO {user/role/public}
[IDENTIFIED BY password]
[WITH GRANT OPTION]
The command allows granting of privileges and/or
roles to another user or to another role thus
providing a lot of flexibility in runtime privileges
management
DB security
What to GRANT?
Select – grantee is allowed to read entire DB, table, or
columns
Insert – grantee may insert rows in a table, or insert
rows with values for specific columns in a table
Update – similar to insert
Delete – delete rows from a table
References – grantee is allowed to define foreign keys
in another table that refer to the specified columns
DB security
REVOKE {privileges/ role}
[ON table]
FROM {user/role/public}
DB security
Cascading authorization
Allow a user granting access to another user,
and so on
Revoke assumes cascading revoking of access
Be aware about security issues:
May be exploited to elevate privileges
Complicated grant schema may confuse
revoking, leaving a user with the access granted
DB security
Tampering and Information Disclosure
Discrete storing
• Store sensitive data only when it is really necessary
Encryption
• Symmetric encryption for confidentiality
• Hash for integrity
Strong encryption
Secure key management
DB encryption
Encryption may apply to
The whole table
The attribute (column)
The field (just a single cell)
Encryption makes a negative impact on the DB
searching when encrypted values must be used as
searching criteria
To help, the table partitioning may apply, where
each partition has the unique index used to
identify the range of records
DB encryption
Table partitioning example
Employee salary is a searching criteria but must be
encrypted
The table partitioning is supported by the index
that is mapped to the range of rows, e.g.:
1 – values from 35K to 75K
2 – values from 76 K to 95 K
3 – values from 96 and up
The table rows contain encrypted values and
indices that replace real values
DB encryption (cont.)
To decrypt the table that was encrypted and
partitioned the map of indices and the ranges is
required in addition to encryption keys
This map must be stored on the client, not on the
server
Decryption and converting data into its original
value also has been performed on the client
Make sure that encryption key on client side is
safe
DBMS technology components
Must be protected from DoS attack
Strong access control for all type of interfaces:
Users
Admins
API
Bulk data loading
Strong data input validation
Protect against SQL injection attacks
DB backups
DB must be regularly backups
Media – tapes, or mirror servers, or both
Backups must be stored at different
(remote) location
DB backups
Mode of backups:
Full backup
Incremental – backup files changed after last
backup
Differential – backup any file that are changed
since the last full backup
Records retention
Policy exists to specify the period of keepng
data available
Secure destruction
Shredding
Magnetic destruction
DB Security
Inference problem
A possibility to derive additional information from
small pieces or fraction of data
Fractions or pieces can be not confidential but derived
data is
Often may be completed by combining queries
Protection:
Splitting tables and assigning fine-grained access
control
Separation of duties
Perturbation of data
DB security
Privacy issue
For some databases, in particular for healthcare and
financial data, personal identifiers must not be present
in the records
Achieved by applying data sanitization service
That is about applying the algorithms of
“masking” data in store, or in a user’s view
That is in addition to cryptography
Secure Email
Major threats
Unauthorized access (confidentiality,
integrity)
Viruses sent with attachments
Spam
Spoofing email addresses
Protection
Encryption
PGP – encryption technology used to protect
confidentiality, integrity and authenticate a
sender. This is a hybrid technology. The
following is in use:
• Public/private key (RSA)
• Secret key for symmetric encryption (AES, 3DES)
• Digital signature (MD5, SHA-1)
Protection
ANTI-virus protection
Install and keep up-to-date
Spam
Anti-spam software
Download