Database Security - MetaLab

hotbroodSecurity

Nov 2, 2013 (3 years and 7 months ago)

50 views


At the end of this chapter, you should be able
to:


Define terms related to Database Security


Describe threats to data security


Describe problems of database security and list
techniques that are used to enhance security


Understand the role of databases in Sarbanes
-
Oxley
compliance


Database Security:

Protection of the data against
accidental or intentional loss, destruction, or misuse


Increased difficulty and time consuming due to
Internet access and client/server technologies


Possible locations of data security threats

1.
Accidental losses, including h
uman error,
software and hardware caused breaches

2.
Theft and fraud

3.
Loss of privacy (personal data)

4.
Loss of confidentiality (corporate data)

5.
Loss of data integrity

6.
Loss of availability (through, e.g. sabotage)



Accidental losses, including h
uman error,
software and hardware caused breaches


Establishing operating procedures


User authorization


Uniform software installation procedures


Hardware maintenance schedule


Human error:


Some losses are inevitable, but well
-
thought
-
out
policies and procedures should reduce the amount and
severity of losses





Theft and fraud


Activities done by people, quite possibly through
electronic means, and may or may not alter data.


Physical security


Firewall


Loss of privacy or confidentiality


Loss of privacy: loss of protection of data about
individuals


Loss of confidentiality: loss of protection of
critical organizational data that may have
strategic value to the organization



Loss of data integrity


When data integrity is compromised, data will be
invalid or corrupted


Can be restored through established backup and
recovery procedures


Or else an organization may suffer serious losses or make
incorrect and expensive decisions


Loss of availability


Sabotage of hardware, networks or applications


Virus: corrupt data or software or to render the
system unusable


Installing antivirus


Update the antivirus regularly




Server security


Multiple servers need to be protected (incl. db
server)


Secure area


Password, layers of protection against intrusion


Most DBMS


database
-
level password security


In database server


sole reliance on OS
authentication should not be encouraged



Network security


Networks are susceptible to breaches of security
through:


Eavesdropping


Unauthorized connections


Unauthorized retrieval of packets of information

traversing
the network


Encryption


Authentication


Audit trails


Routers


Dynamic web page


require access to the
database


If database is not properly protected


vulnerable
to inappropriate access by any user


Privacy


companies collect information on
users


Establishing Internet Security

Web servers,
Database servers


Static HTML files are easy to secure


Protection must be established for the HTML
stored on a Web server


Standard database access controls


HTML files


sensitive: p
laced in directories that
are protected using OS security or they may be
readable but not published in the directory




Dynamic pages are harder


Web pages stored as a template


Appropriate and current data are inserted from the database
or user input once any queries associated with the page are
run


Web server must be able to access database


Connection usually requires full access to the database



Adequate server security is critical


Database server: physically secure


Execution of programs on the server should be controlled


User input


could embed SQL commands: needs to be
filtered


Access to data can also be controlled through user
authentication security


Session security must be established


TCP/IP is not a very secure protocol


encryption systems are
essential

Secure

Sockets Layer (SSL)





Additional methods of Web Security:


Restrict the number of users on the Web Server


Restrict access to the Web Server
: keeping a
minimum number of ports open


Remove any unneeded programs that load
automatically when setting up the server






Protection of individual privacy when using the
Internet


IMPORTANT


Rights of the individual?


Individual privacy legislation:


Right to know what data have been collected


To correct any errors in those data


Amount of data exchanged continues to grow:


develop adequate data protection


Adequate provisions to allow the data to be used for
legitimate legal purposes



Individuals must guard their privacy rights and
must be aware of the privacy implications of the
tools they are using.


E.g.: cookies


At work: communication executed through
employer’s machines and networks is not private


Internet: privacy of communication is not
guaranteed


Encryption, anonymous remailers and built
-
in
security mechanisms in software


help to
preserve privacy


W3C has created a standard, the Platform for Privacy Preferences
(P3P) that will communicate a Web site’s stated privacy policies
and compare that statement with the user’s own policy
preferences.


Addresses the following:


Who is collecting the data?


What information is being collected and for what purpose?


What information will be shared with others and who are those others?


Can users make changes in the way their data will be used by the
collector?


How are disputes resolved?


What policies are followed for retaining data?


Where can the site’s detailed policies be found, in readable form?


Views or sub schemas


Integrity controls


Authorization rules


User
-
defined procedures


Encryption


Authentication schemes


Backup, journalizing, and checkpointing



Views


Subset of the database that is presented to one or more users


Created by using querying one or more of the base tables


User can be given access privilege to view without allowing access
privilege to underlying tables


Example: Build a view that has sales by region information

CREATE VIEW V_REGION_SALES

AS SELECT A1.region_name REGION, SUM(A2.Sales) SALES


FROM Geography A1,
Store_Information

A2


WHERE A1.store_name = A2.store_name


GROUP BY A1.region_name




store_n
ame

Sales

Date

Los
Angeles

1500

Jan
-
05
-
2008

San
Diego

250

Jan
-
07
-
2008

Los
Angeles

300

Jan
-
08
-
2008

Boston

700

Jan
-
08
-
2008

region_name

store_name

East

Boston

East

New York

West

Los Angeles

West

San Diego

SELECT * FROM V_REGION_SALES

REGION

SALES

East

700

West

2050


Integrity Controls


Protect data from unauthorized use


Domains



set allowable values






can be used to create a user
-





defined data type


For example:


CREATE DOMAIN
money

AS INTEGER (2);


CREATE DOMAIN
order_ident

AS INTEGER;


CREATE DOMAIN
product_name

AS CHAR (20);


CREATE DOMAIN
customer_name

AS CHAR (20)
;



Assertions


enforce database conditions


Checked automatically by DBMS when transactions
are run


If assertion fails, DBMS generates error
message


E.g
:

Employee table has fields
EmpID
,
EMpName
,



SupervisorID
,
SpouseID
.




Company rule: no employee may supervise


his or her spouse

SQL statement:



CREATE ASSERTION
SpousalSupervision




CHECK (
SupervisorID

<>
SpouseID
);


Triggers


prevent inappropriate actions, invoke special
handling procedures, write to log files


Routines that execute in response to a database
event (INSERT, UPDATE, or DELETE)


CREATE TRIGGER STANDARD_PRICE_UPDATE

AFTER
UPDATE OF STANDARD_PRICE
ON PRODUCT_T

FOR EACH ROW

INSERT INTO PRICE_UPDATES_T

VALUES

(PRODUCT_DESCRIPTION, DATE, STANDARD_PRICE);




Controls incorporated in the data management
system



Restrict:


access to data


actions that people can take when they access
data



Authorization matrix for:


Subjects


Objects


Actions


Constraints



The HR Officer is allowed to insert data into
the Staff salary record however the limit of
salary entry is less than RM 21,000.


The Finance Executives are allowed to Modify
Staff salary record, however they are only
allowed to modify the claims approval
section.


A program called DX234 is allowed to read
the Students Personal record with no
constraints.

Authorization table for subjects (salespeople)

Authorization table for objects (orders)


Salesperson and accounts unit may read and
modify these records.


The Inventory Clerks are allowed to do all tasks
except Delete.


The Carpenter may only read the records.


Privileges at
database level or
table level.


INSERT and UPDATE
can be granted at
column level


To grant the ability to read the product table
and update prices to a user with the log in ID
of SMITH.


SQL statement:


GRANT SELECT, UPDATE (
unit_price
) ON

PRODUCT_T TO SMITH




Some DBMSs also provide capabilities for user
-
defined
procedures to customize the authorization process


User exits or interfaces that allow system designers to
define their own security procedures in addition to the
authorization rules.


User procedure might be designed to provide positive user
identification.


For example, User might be required to supply a procedure
name in addition to a password


Valid password & correct procedure names: system calls
the procedure which asks the user a series of questions
whose answers should be known only to that user.


The coding or scrambling of data so that humans
cannot read them.


Used to protect highly sensitive data such as
customer credit card numbers or account balances.


Two common forms of encryption:


One key: symmetric key: Data Encryption Standard (DES)


Uses the same key to encrypt and decrypt


Easy to understand and implement


Two key: Asymmetric key


Different keys to encrypt and decrypt (
key pair
)


One key is published (the
public key
)


Other key is kept secret (the
private key
)


Especially popular in e
-
commerce applications


Example: SSL


provide data encryptions, server authentication, and other
services in TCP/IP connections.


Secure Sockets Layer (SSL)
is a popular encryption
scheme for TCP/IP
connections


How to identify persons who are trying to gain access
to a computer or its resources?


Goal


obtain a
positive

identification of the user


In electronic environment, user can prove by
supplying:


Something the user knows: Password/PIN


Something the user possesses: Smart card/token


Some unique personal characteristics: biometrics (finger
print or retinal scans)


Authentication schemes:


One
-
factor authentication


Two
-
factor authentication


Three
-
factor authentication


Depending on how many factors are employed






First line of defense: One
-
factor


Passwords


Should be at least 8 characters long


Should combine alphabetic and numeric data


Should not be complete words or personal
information


Should be changed frequently






Strong Authentication


Passwords are flawed:


Users share them with each other


They get written down, could be copied


Automatic logon scripts remove need to explicitly type them in


Unencrypted passwords traverse a network


Possible solutions:


Two factor

e.g.
atm

card, PIN


Three factor

e.g. smart card, biometric, PIN


Biometric devices

use of fingerprints, retinal scans,
etc. for positive ID


Third
-
party mediated authentication

using secret
keys, digital certificates



Designed to ensure the integrity of public
companies’ financial statements.


Sufficient control and security over the financial systems and IT
infrastructure


Requires companies to audit the access to
sensitive data


SOX audit involves in three area of control:


IT change management


Logical access to data


IT operations


Audit starts with a walkthrough


Auditor will try to understand how the THREE areas are handled by
the IT organization



The process by which changes to operational
systems and databases are authorized


For database, changes to: schema, database
configuration, updates to DBMS software


Top deficiency found by SOX auditors:


Segregation of duties between people who had access to databases in
the three common environments: development, test, production


SOX mandates: DBAs who have the ability to
modify data in these environments must be
different


Otherwise, other personnel should be authorized to do periodic
reviews of database access by DBAs: use database audits


Security procedures in place to prevent
unauthorized access to the data


SOX perspective:


Who has access to what?


Who has access to too much?


Organizations must establish administrative
policies and procedures


Two types of security policies and procedures:


Personnel controls


Physical access controls


Personnel controls


Adequate controls of personnel must be
developed and followed


Hiring practices, employee monitoring, security
training, separation of duties


Physical access controls


Limiting access to particular areas within a building


Swipe cards, equipment locking, check
-
out procedures,
screen placement, laptop protection


Policies and procedures for day
-
to
-
day
management of infrastructure, applications, and
databases in an organization


For databases: backup, recovery, availability


An area of control that helps to maintain data
quality and availability: vendor management


Periodically review external maintenance agreements
for hardware and software


Consider reaching agreements: organization can get
access to source code should developer go out of
business or stop supporting the programs

END OF CHAPTER