Database Security - PowerPoint PPT Presentation

Loading...

PPT – Database Security PowerPoint presentation | free to download - id: 2425ac-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Database Security

Description:

3) DB Access Control - Check for DBA Role. Database Security ... This policy label column contains the label information for each data row. ... – PowerPoint PPT presentation

Number of Views:2922
Avg rating:3.0/5.0
Slides: 80
Provided by: csiS7
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Database Security


1
Database Security
2
Overview
  • 1) Introduction
  • 2) DB Security Plan
  • 3) Database Access Control
  • 4) DBMS Security Patching
  • 5) DB Application SQL injection, Inference
    Threats
  • 6) Virtual Private Databases
  • 7) Oracle Label Security
  • 8) Inference Threats
  • 9) Encryption
  • 10) Auditing
  • 11) Datawarehouse

3
1) Introduction - Motivation
  • Securing the DB may be the single biggest action
    an organization can take to protect its assets
  • David C. Knox
  • Effective Oracle Database 10g Security by
    Design, McGraw Hill, 2004.
  • ISBN 0-07-223130-0

4
1) Introduction - Scope
  • Database system security must worry about DB
  • Secure Database
  • Secure applications
  • Secure DBMS
  • Secure operating system in relation to database
    system
  • Secure web server in relation to database system
  • Secure network environment in relation to
    database system

5
1) Introduction - Literature
AUTHOR TEXT Publisher ISBN
Natan, Ron Ben 2005 Implementing Database Security and Auditing Elsevier Digital Press 1-5558-334-2
Afyouni, Hassan A., (2006) Database Security and Auditing Thompson Course Technology 0-619-21559-3
Knox, David (2004) Effective Oracle Database 10g Security by Design Oracle Press 0072231300
6
1) Topics versus Books
7
  • 1 Knox, David (2004), Effective Oracle Database
    10g Security by Design, McGraw-Hill. ISBN
    0-07-223130-0
  • 5 Afyouni, Hassan A. (2006), Database Security
    and Auditing, Thompson Course Technology,
    0-619-21559-4.
  • 6 Litchfield, The Database Hackers Handbook
    Defending Database Servers, http//www.amazon.com
    /gp/reader/0764578014/refsib_dp_pop_toc?ieUTF8p
    S00C
  • 7 Marlene Theriault William Heney ,
    http//oreilly.com/catalog/orasec/chapter/ch07.htm
    l Oracle Security.
  • 8 Charles P. Pfleeger, Shari Lawrence Pfleeger,
    Security in Computing, Prentice Hall, ISBN-10
    0132390779, October 2006. 4th ed.
  • 9 Michael Howard , David LeBlanc, Writing
    Secure Code, Microsoft Press, 2nd edition, 2003,
    2nd edition, ISBN n. 0-7356-1722-8.
  • 10 Natan, Ron Ben (2005), Implementing Database
    Security and Auditing, Elsevier Digital Press,
    1-5558-334-2, 2005.
  • 11 Finnigan, Pete. Oracle Security
    Step-by-Step, SANS Press, v. 2, 2004.
  • Note these are the references from the previous
    slide
  • You may also go to http//adbc.kennesaw.edu
    (Database Courseware) and select the Security
    Module

1) DB security books
8
1) Introduction Product Specific Books
  • Oracle Advanced Security (previously Advanced
    Network Option), contains network encryption
    tools. Depending on the version of Oracle, it is
    available for no extra cost. It is for the
    enterprise edition.
  • Best literature for OAS is Oracle Security
    Handbook by Marlene Theriault and Aaron Newman,
    McGraw-Hill.

9
2) DB Security Plan
http//www.oreilly.com/catalog/orasec/chapter/ch07
.html
10
2) DB Security Plan
Which is the most complex program/form to
implement? If a data type is changed in the
Customers table, what programs/forms may need
modification? The Orders form accesses how many
tables? The Employees table is accessed by how
many programs/forms?
11
2) DB Security Plan
Subjects Objects
  • DAC Versus MAC
  • Access Matrix Model Harrison-Ruzzo-Ullman
  • Authorized state Q (S, O, A)
  • Conditions (dependent)
  • Data
  • Time
  • Context
  • History

O1 Oj Om
S1 AS1,O1 AS1,Oj AS1,Om
Si ASi,O1 ASi,Oj ASi,Om
Sn ASn,O1 ASn,Oj ASn,Om
12
2) DB Security Plan - Document User Administration
  • Part of the administration process
  • Reasons to document
  • Provide a paper trail
  • Ensure administration consistency
  • What to document
  • Administration policies, staff and management
  • Security procedures
  • Procedure implementation scripts or programs
  • Predefined roles description

13
3) DB Access Control
  • Default Users and Passwords
  • Users, Passwords
  • Default users/passwords
  • sys, system accounts privileged, change default
    password
  • Sa (MS-SQL Server)
  • scott account well-known account/password,
    change it
  • general password policies (length, domain,
    changing, protection)
  • People Having too many privileges
  • Privileges, Roles, Grant/Revoke
  • Privileges
  • System - actions
  • Objects data
  • Roles (pre-defined and user-defined role)
  • Collections of system privileges (example DBA
    role)
  • Grant / Revoke
  • Giving (removing ) privileges or roles to (from)
    users

14
3) DB Access Control - Default Passwords
  • Easiest way to log into an Oracle database is to
    use a default account with a known password
    Finnigin
  • http//www.petefinnigan.com/default/default_passwo
    rd_checker.htm
  • This site has scripts that will identify all
    default users and lets you know if they still
    have their default passwords. You may download
    these scripts.

15
3) DB Access Control - Password Cracking
  • At http//www.toolcrypt.org/index.html there are
    tools that you can download to crack the
    passwords. You need to verify this against the
    DB, because you can be sure that the hacker has
    these tools.

16
3) DB Access Control - Find all Privileges
  • http//www.petefinnigan.com/find_all_privs.sql
  • Script to find which privileges have been granted
    to a particular user. This scripts lists ROLES,
    SYSTEM privileges and object privileges granted
    to a user. If a ROLE is found -- then it is
    checked recursively.
  • Output can be directed to the screen or to a
    file.

17
3) DB Access Control - Check for DBA Role
18
3) DB Access Control - How are privileges granted
  • DBMS like Oracle has pre-defined roles (ex DBA)
  • You may also have user defined roles
  • Example
  • 1) Create Role AcctDept
  • 2) Grant Select, Update on Orders to AcctDept
  • 3) Grant AcctDept to Smith, Jones
  • 4) Grant DBA to Smith
  • Grant all privileges on Orders to Smith
  • Grant select on Orders to Public
  • Revoke delete on Orders from smith

19
3) DB Access Control - Disable Account
  • CREATE USER smith identified by s9 default
    tablespace users
  • ALTER USER scott ACCOUNT LOCK -- lock a user
    account
  • ALTER USER scott ACCOUNT UNLOCK
  • ALTER USER scott PASSWORD EXPIRE -- Force new
    pwd

20
3) DB Access Control - Launch OEM
  • Choose stand-alone for personal Oracle and login
    to oracle using a dba user/password

21
3) DB Access Control - Connect to a Database
  • On the left side of the screen, double click
    Network and then Databases to connect to the
    database you want o manage.

22
3) DB Access Control - Maintain User Accounts
  • Once you login, you may create users, roles and
    profiles as well as granting privileges to them
    through a GUI interface.

23
3) DB Access Control - Profiles
  • PROFILE clause indicates the profile used for
    limiting database resources and enforcing
    password policies. Example
  • CREATE PROFILE app_user LIMIT
  • SESSIONS_PER_USER UNLIMITED
  • CPU_PER_SESSION UNLIMITED
  • CPU_PER_CALL 3000
  • CONNECT_TIME 45
  • LOGICAL_READS_PER_SESSION DEFAULT
  • LOGICAL_READS_PER_CALL 1000
  • PRIVATE_SGA 15K
  • COMPOSITE_LIMIT 5000000
  • CREATE USER sidney
  • IDENTIFIED BY out_standing1
  • DEFAULT TABLESPACE demo
  • QUOTA 10M ON demo
  • TEMPORARY TABLESPACE temp
  • QUOTA 5M ON system

24
3) DB Access Control - Security MS-Access
  • Two methods for securing a database
  • set password to open a database (system
    security)
  • user-level security, to limit the parts of the
    database that a user can read or update (data
    security).

25
3) DB Access Control - System Level Open
Exclusive
26
3) DB Access Control - System Level Security
(cont.)
User is prompted every time he/she opens the DB
DBA Sets password
27
3) DB Access Control - MS-Access User Level
28
4) SECURE THE DBMS (Patch)
  • Possible Holes in DBMS
  • http//technet.oracle.com/deploy/security/alerts.h
    tm (50 listed)
  • Buffer overflow problems in DBMS code
  • Miscellaneous attacks (Denial of Service, source
    code disclosure of JSPs, others)
  • Need for continual patching of DBMS
  • Cost of not patching
  • Worms, virus, etc. SQL slammer worm

29
5) DB Applications
  • 75 percent of hacks happen at the application
    Gartner Security at the Application Level.
  • The main battlefield between hackers and
    security professionals have moved from the
    network layer to the web applications
  • Eric Marvets, Microsoft Security Summit, April
    13, 2006, Atlanta, Georgia

30
5) DB Applications - SQL Injection
  • Web Application where
  • 1) User inputs text into a textbox
  • 2) Text used to build SQL Query dynamically
  • 3) Malicious input changes the nature of the
    query
  • Example user inputs names into textbox
  • Name Benjamin Franklin ' OR 11
  • SqlStr SELECT FROM EMPLOYEE
  • WHERE EMPLOYEE.Name
    userInput
  • SqlStr SELECT FROM EMPLOYEE
  • WHERE EMPLOYEE.Name
  • 'Benjamin Franklin' OR 1 1
  • Result every row of the EMPLOYEE table will be
    returned

31
SQL Injection - Solution
  • Similar to Buffer overflow
  • validate user input.

32
6) Virtual Private Databases
  • May be implemented through Views in most Database
    Management Systems (DBMS)
  • In Oracle, you may create a policy that will be
    fired when an operation (Insert, Update, etc.) is
    performed by a certain user on a certain object.

33
6) VPD, Example of Row Level Security w/ Views
34
6) VPD with a Policy
35
http//bgoug.org/seminar-Velingrad-oct-2005/Presen
tations/Presentation_OLS.ppt
Virtual Private Database Technology
Virtual Private Database Technology
  • Data access via Virtual Private Database will
    perform the following five steps
  • User sends SQL to the database server.
  • The associated table triggers a pre-defined
    security policy.
  • The security policy returns a predicate.
  • The SQL statement is modified according to the
    security policy.
  • Secured data returns to user.
  • Data access via Virtual Private Database will
    perform the following five steps
  • User sends SQL to the database server.
  • The associated table triggers a pre-defined
    security policy.
  • The security policy returns a predicate.
  • The SQL statement is modified according to the
    security policy.
  • Secured data returns to user.

36
6) VPD - Grant Execute on DBMS_RLS
  • CONNECT TO ORACLE AS SYSDBA
  • SQLgt connect sys as sysdba
  • Enter password
  • Connected.
  • SYSDBA creates a user called SECMAN (Security
    manager)
  • SQLgt create user secman identified by s default
    tablespace users
  • SYSDBA GRANTS EXECUTE ON DBMS_RLS TO SECMAN so
    this user can create the VPD
  • SQLgt grant dba to secman
  • SQLgt grant execute on dbms_rls to secman
  • CONNECT AS SECMAN
  • SQLgt connect secman/s

37
VPD - Definition
Ex. SELECT FROM Emp -- becomes
SELECT FROM Emp where Emp.Name User
38
http//bgoug.org/seminar-Velingrad-oct-2005/Presen
tations/Presentation_OLS.ppt
Virtual Private Database Technology
A VPD security model uses the Oracle dbms_rls
package (RLS stands for row-level security) to
implement the security policies and application
contexts. This requires a policy that is defined
to control access to tables and rows
39
6) VPD Update Example
Connecting Policy, Table and Function
UPDATE mn668b14.Employees set ext 777 1 row
updated.
40
6) VPD - Security Policy
  • -- create security policy
  • BEGIN
  • DBMS_RLS.drop_policy
  • (object_schema gt 'MN668B14',
  • object_name gt '
    EmployeeUpdateOrderView',
  • policy_name gt
    'EMP_UPDATE_ORDERS_POLICY')
  • END
  • BEGIN
  • dbms_rls.add_policy (
  • object_schema gt 'MN668B14',
  • object_name gt '
    EmployeeUpdateOrderView ',
  • policy_name gt
    'EMP_ORDERS_UPDATE__POLICY,
  • function_schema gt 'MN668B14',
  • policy_function gt
    'EMPUSER_ONLY',
  • statement_types gt
    'SELECT,UPDATE,INSERT,DELETE',
  • update_check gt TRUE
  • )
  • END

41
6) VPD - Summary
  • VPD security provides a new way to control access
    to Oracle data.
  • One Schema, several virtual schemas.
  • Dynamic nature of a VPD. At runtime, DBMS
    modifies SQL statement to add security.
  • Burleson, Donald (2003), "Establish security
    policy with Oracle virtual private database",
    http//www.dba-oracle.com/art_builder_vpd.htm

42
7) Oracle Label Security (OLS)
  • simulates multilevel db.
  • Adds a field for each row to store the rows
    sensitive label.
  • Access is granted (or denied) comparing users
    identity and security clearance label with rows
    sensitive label.

43
7) OLS and Multilevel Security
  • Information has different classifications
  • Users have different security clearances
  • Purpose separate data based on its
    classification
  • Mandatory Access Control (MAC) security enforced
    by system and not by the user.
  • Polyinstantiation multiple rows with same PK.
    Instances distinguished by security level.

44
7) Problem with Multilevel Security
  • It is really multiple instantiations of
    single-level DBMS, which strongly degrades
    performance.
  • Examples Trusted Oracle, DB2 for z/OS, Informix
    OnLine/Secure, Sybase secure system

45
7) Oracle Label Security
  • simulates multilevel db.
  • Adds a field for each row to store the rows
    sensitive label.
  • Access is granted (or denied) comparing users
    identity and security clearance label with rows
    sensitive label.
  • Label contains LEVEL, GROUP and COMPARTMENT

46
7) OLS VPD
  • Like VPD, OLS creates Policies
  • A policy is a name that associates labels, rules,
    and authorizations.
  • DBA defines a set of labels for data and users,
    along with authorizations for users and program
    units, that defines all access to objects.

47
7) OLS LABEL has 3 Components
  • level mandatory, simple hierarchy
  • compartment optional, non-hierarchical
  • group optional, tree level hierarchy
  • OLS compares the user security clearance with the
    sensitivity label assigned to the data.
  • IF a label contains all 3 components, THEN
  • the security clearance of the user gt the data
    sensitivity level, contain all compartments and
    at least one group.

48
7) OLS - More on 3 components
  • label has 3 components
  • a single level (sensitivity) ranking
  • zero or more horizontal compartments
  • zero or more hierarchical groups

49
7) OLS Column added
  • When an Oracle Label Security policy, a column is
    added to the table that is protected by the
    policy. This policy label column contains the
    label information for each data row.
  • DBA can choose to display or hide this column

50
7) OLS - Levels
51
7) OLS - Compartments
52
7) OLS - Groups
53
7) OLS VPD
  • FGAC Fine Grained Access Control (A mechanism
    to implement Row level security in Oracle
    Database)
  • OLS and VPD are the utilities which are used for
    FGAC.
  • OLS GUI tool
  • ROW LEVEL SECURITY
  • COLUMN LEVEL SECUITY in Oracle 9i, neither. use
    views. in Oracle 10g you can o column masking
    with VPD, but not with OLS.

54
7) OLS Conclusion
  • Built on top of VPD
  • Higher Level, more refined than VPD
  • Built around Row Level Security, Not much for
    Column Level Security

55
8) Inference Threat
56
9) Encryption overview
  • Encrypting Data-in-transit
  • As it is transmitted between client-server
  • Encrypting Data-at-rest
  • Storing data in the database as encrypted
  • Encrypting of Data is another layer of security
    (security in depth). It does not substitute other
    DB security techniques such as strong password.

57
9) Encrypting Data-in-transit
  • For a Hacker to eavesdrop on a conversation and
    steal data, two things may occur
  • 1) Physically tap into the communications
    between
  • the db client the db server
  • 2) Hacker must understand the communication
    stream in order to extract sensitive data.
  • In order to do this, what does the Hacker need ?

58
Tools for packet sniffing
  • the Hacker needs to have
  • With a minimum understanding of TCP/IP
  • Use one of many network protocol analyzer that
    are freely available.
  • Packet (formatted block of data transmitted by a
    Network).
  • Sniffing capturing and analyzing package
  • (like dog sniffing).

59
Minimum Understanding of TCP/IP
  • Network Security book.
  • Example
  • Roberta Bragg, Mark Rhodes-Ousley and Keith
    Strassberg, Network Security The Complete
    Reference.
  • TCP/IP is well documented all over the web.
  • Documentation describes the headers of the
    packet.

60
9) Encryption - Where to run Network Analyzer
Packet ?
  • Client Machine that has access to the Database
    server
  • Database Server

61
Network Protocol Analyzer examples
  • Tcpdump utility available as part of
    installation on most UNIX systems. Can be
    downloaded from http//www.tcpdump.org
  • (windump). Windows counterpart. Available on some
    systems. Can be downloaded from
    http//windump.polito.it
  • Wireshark (http//www.wireshark.org/download.html)
  • worlds most famous NP Analyzer. Formerly
    Ethereal (www.ethereal.com).

62
Implement Encryption,data-in-transit
  • Fortunately there are also many encryption
    techniques for data in transit
  • Database-specific features such as Oracle
    Advanced Security
  • Connection-based metods (such as SSL)
  • Secure tunnels (such as SSH)
  • Relying on the operating Systems (IPSec
    Encryption)

63
Secure Socket Layer (SSL)
  • cryptographic protocols that provide secure
    communications on the Internet for such things as
    web browsing, e-mail, Internet faxing, instant
    messaging and other data transfers.
  • You may enable SSL from within a DBMS.
  • SQL-Server for example Programs -gt Microsoft SQL
    Server -gt Server Network Utility, check the Force
    protocol Encryption checkbox. Then Stop and
    start SQL Server.
  • Server also must be informed how it will derive
    encryption keys
  • Note make sure that your version of SSL is
    compatible with your version of MySQL (like in
    ODBC or JDBC).

64
SSH Tunnels
  • SSH used in many applications. Example
    Substitute for FTP with encryption.
  • From most DBMSs, you can set up SSH tunnels to
    encrypt database traffic by port forwarding
    (Encrypted session between client and server).
  • Example to connect Linux client machine of IP
    CCC.CCC.C.CCC to a MySQL instance installed on a
    server with IP address of SSS.SSS.S.SS listening
    in on port 3306 (default MySQL port).
  • Ssh L 1000localhost3306 SSS.SSS.S.SS l
    mylogin I / .ssh id N -g
  • -Lport forwarding, Any connection attempted on
    port 1000 on the local machine should be
    forwarded to port 3306 on the server. Therefore
    any connection on port 1000 will go through
    encryption.

65
IPSec
  • Another Infrastructure option that protects the
    DB with encryption tools.
  • IPSec is done by the OS so you need to encrypt
    all communications (cant be selective).
  • It operates at layer 3 of the OSI network (lower
    level).
  • Installing IPSec on Windows/XP
  • install IP Security Policy manager. Then from
    Control Panel -gt Administrative Tools, select
    IPSec

66
Encrypting Data-at-rest
  • There are two reasons to do this
  • Protect it from DBAs.
  • Protect from File or Disk Theft.

67
Encrypting Data-at-rest
  • Encrypting at Application Layer
  • Must do it at multiple locations from within
    app.
  • Data can only be used from within application
  • Encrypting at File System/Operating System Layer
  • less flexible. Requires you to encrypt
    everything.
  • Performance degrades
  • Weak for handling Disk Theft problem.
  • Encrypting within Database
  • Usually, most practical option

68
Encrypting at Application Layer
  • Application Developers use a cryptographic
    library to encrypt such as Java Cryptographic
    Extensions (JCE) set of APIs in the
    java.security and java.crypto packages

69
Encryption at OS layer
  • Windows implements the Encrypted File System
    (EFS) and you can use it for MS-SQL Server.
  • Disadvantages ?

70
Encryption within Database
  • SQL Server 2005 you can access Windows
  • CryptoAPI through DB_ENCRYPT and DB_DECRYPT
    within T-SQL (similar to PL/SQL)
  • Can use DES, Triple DES and AES
  • (symmetric keys)
  • In ORACLE, you can access
  • DBMS_OBFUSCATION_TOOLKIT package that implements
    DES and Triple DES

71
Summary
  • DB Encryption can be divided into Data-in-transit
    and Data-at-rest
  • Encryption is useful as a last layer of defense
    (defense in depth). Should never be used as an
    alternative solution
  • Encryption should be used only when needed
  • Key Management is Key

72
10) Auditing
  • Need to be selective

73
2 main types of auditing
  • Oracle-supplied auditing using AUDIT command.
    Results go to AUD
  • Trigger-based DML auditing
  • Either way, DBA must monitor auditing table.
  • Auditing examples/scripts
  • http//www.securityfocus.com/infocus/1689
  • http//www.petefinnigan.com/papers/audit.sql

74
Example of Audit command
  • Must have audit system privileges
  • Only tracks in subsequent user sessions
  • Creates records in table AUD owned by sys
  • You dont query this table, you query
  • Views such as DBA_AUDIT_TRAIL
  • SQLgt AUDIT Delete any table
  • SQLgt NOAUDIT delete any table
  • SQLgt AUDIT SELECT TABLE, UPDATE TABLE
  • SQLgt AUDIT create session

75
When to audit
  • When should we audit Oracle users ?
  • Basic set of auditing measures all the time
  • Capture user access, use of system privileges,
    changes to the db schema (DDL)
  • If company handles sensitive data (financial
    market, military, etc.) OR
  • If there are suspicious activities concerning
    the DB or a user, specific actions should be
    done.

76
Audit w/ Triggers (generic solution)
  • Create a table that will contain audit
    information
  • Create a trigger that inserts a row into the
    table every time a certain operation is created
    such as
  • LOGON, LOGOFF, CREATE TABLE, DELETE, etc.

77
11) Datawarehouses
  • Traditionally queried only by upper management
  • Encryption has not been an option due to
    performance implications
  • Designed as Open systems, permitting exploratory
    approach
  • Optimization techniques for quick responses

78
Datawarehouse Trends Problems
  • Range of potential users are rapidly increasing
  • Number of security breaches are rapidly
    increasing
  • Legislation is addressing issue to protect
    personal information
  • Statistical Databases and Inferences
  • User is allowed to see aggregate
  • data, but not individual rows. With malicious
    input, user infers the value of individual rows.

79
End of Lecture
  • End
  • Of
  • Todays
  • Lecture.
About PowerShow.com