23/3/15 Why is database security important? General Strategies and Tactics for Hardening Databases Oracle Databases often store data which is sensitive in nature Incorrect data or loss of data could negatively affect business operations Databases can be used as bases to attack other systems from Principle of Least Privilege! Stay up-to-date on patches Remove/disable unneeded default accounts Firewalling/Access Control Running Database processes under dedicated non-privileged account Password Security Disable unneeded components Stored Procedures and Triggers If X service doesn’t need access to all tables in Y database… then don’t give it access to all tables. ◦ Example: A web application that reads a list of people from a database and lists them on a website. The database also contains sensitive information about those people. The account used by the web application should not be allowed to read the table that contains sensitive non-public information. Do not give accounts privileges that aren’t needed ◦ Unneeded privileges to accounts allow more opportunity for privilege escalation attacks. Throttling connections – make it harder for the bad guys to brute-force or guess passwords ◦ Use firewall software ◦ It’s possible that throttling could deny access to applications which make a large amount of connections legitimately Reducing the surface area of attack with firewall rules ◦ Don’t let the world connect to your database server. Strong passwords are a must ◦ Constant brute-force attacks are happening across campus. Esp. against SQL Server Built in password policy control seems rare ◦ How can we enforce password policy? Stored Procedures and Triggers can lead to privilege escalation and compromise. Be sure to be thinking about security implications when allowing the creation of, and creating these. Just like disabling unneeded services for an operating system is a good idea disabling unneeded components for databases is a good idea. If [the] Oracle could see into the future... the “Unbreakable” marketing campaign may have not been a good idea. A search on milw0rm’s exploit catalogue returns ◦ 27 exploits dated from 11/16/2000 – 07/19/2007 Data and quote from The Oracle Hacker’s Handbook: “[…] 2003 and beyond […] the numbers went through the roof […]” TNS Listener - “The TNS Listener is the hub of all communications in Oracle. […] When a client wishes to access the database server, the client connects first to the Listener. […] In versions of Oracle prior to 10g, the TNS Listener could be administered remotely What makes this particularly dangerous is the fact that by default the Listener is installed without a password […]” – The Database Hacker’s Handbook The TNS listener allows clients (tools and applications) to connect to a given Oracle database. When the listener is running on the database server, it is opening a port on the host system to listen for communications request with the specified database. Decent amount of default accounts ◦ Be aware what they are ◦ Ensure the passwords do in fact get changed appropriatly 10g forces admin to set passwords for many default accounts on install and may lock or expire them. Set a password for TNS Listener Administration ◦ listener.ora file PASSWORDS_listenername = somepass ◦ Use the lsnrctl utility LSNRCTL> change_password Discovery and Classification Authentication, authorization and access control Patch Management FOUNDAT ION Auditing Encryption Monitoring Data Masking Vulnerability Assessment Database Firewall DET ECTION PREVENTION Figure Pillars of Database Security 16 The foundation pillar stresses discovery and classification of sensitive data and having a robust authentication, authorization, and access control framework All critical databases should be patched on a regular basis to eliminate known vulnerabilities Understanding which databases contain sensitive data is a key requirement for any database security strategy. Enterprises should take a complete and ongoing inventory of all databases, including production and nonproduction, and ensure authentication, authorization, and access control is enabled for all critical databases. 17 All changes to sensitive data should be logged to provide the ability to answer audit questions. Auditing and monitoring offer compensating controls when preventive measures are not enabled. To support regulatory compliance standards, such as PCI, HIPAA, SOX, and EU, and improve data security, enterprises should track all access and changes to sensitive data Data and metadata in databases can be accessed, changed, or even deleted in seconds. Detection pillar provides a detailed audit trail of database activities and provides details on vulnerabilities 18 This pillar focuses on preventing unauthorized access and protecting against attacks Preventive security measures 1) network and data-at-rest encryption; 2) data masking for nonproduction databases to prevent data exposure to non-production users; 3) database firewall to prevent threats such as SQL injection attacks or privilege escalation from even reaching databases; 4) 4) change management to enable a formal procedure to manage changes in production. 19 Transparent data encryption (TDE) enables you to encrypt individual table columns or an entire tablespace. ◦ When a user inserts data into an encrypted column, transparent data encryption automatically encrypts the data. ◦ When users select the column, the data is automatically decrypted. ◦ After the selection, the data is reencrypted. Transparent data encryption helps protect data stored on media in the event that the storage media or data file gets stolen, because it stores the encryption keys in a security module (that is, a wallet) external to the database. Protecting data from this type of theft is required for most compliance regulations. The benefit to using transparent data encryption is that it requires little coding and is quick and easy to implement. 20 data masking, the format of data remains the same; only the values are changed. The data may be altered in a number of ways, including encryption, character shuffling, and character or word substitution. Sensitive information, such as credit card or social security numbers, can be replaced with realistic values Production data can be safely used for development, testing, or sharing with out-source or off-shore partners Helps comply with data privacy mandates such as Sarbanes-Oxley, Payment Card Industry (PCI) Data Security Standard (DSS) and Health Insurance Portability and Accountability Act (HIPAA) 22 Oracle Database Firewall prevents illegal access to databases, stops SQL injection, enforces security policies accurately, and generates realtime alerts. It prevents internal data policy breaches - even by trusted insiders and privileged users. You can enforce how activity will be controlled by allowing the SQL to pass through to the database, block and substitute the SQL so no database results are returned to the user, or alert on the activity. 23 SQL injection is a basic attack used to either gain unauthorized access to a database or to retrieve information directly from the database The principles behind a SQL injection are simple and these types of attacks are easy to execute and master Vulnerability of application development Applications can be developed using many methods for connecting to an Oracle database – some of these methods are more vulnerable to SQL Injection attacks than others 24 Database 12c delivers security enhancements and new features including: ◦ conditional auditing The new policy based syntax simplifies management of auditing within the database and provides the ability to accelerate auditing based on conditions. ◦ privilege analysis ◦ data redaction Oracle Data Redaction enables you to mask (redact) data that is returned from queries issued by applications. ◦ enhanced encryption key management Oracle Key Vault (OKV) enables customers to quickly deploy encryption and other security solutions by centrally managing encryption keys Deployment Fail ◦ Predeployment assessment Broken Databases ◦ Patch databases Leaked Data ◦ Reduce availability of ad hoc connections Stolen Backups ◦ TDE and automatic encryption facilities Database Feature Abuse ◦ Recoding and patches Lack of Segregations Hopscotch SQL Injections Poor key Management Inconsistencies ◦ Segregation of administrative duties ◦ Networks, applications (incl databases, servers have separate admin accounts) ◦ Testing input variables for SQL injection ◦ Implement appropriate encryption key management systems ◦ Common theme – Need for consistency The Database Hacker’s Handbook – Defending Database Servers, Indianapolis: Wiley Publishing Inc., 2005. D.Litchfield, C.Anley, J. Heasman, B. Grindlay, ◦ The Oracle® Hacker’s Handbook: Hacking and Defending Oracle, Indianapolis: Wiley Publishing Inc., 2007. D.Litchfield, ◦ Available on Books 24x7 Available on Books 24x7 http://www.cgisecurity.com http://www.oracle.com/technetwork/database/s ecurity/security-compliance-wp-12c1896112.pdf http://www.cnet.com/uk/news/oracleunbreakable-no-more/
© Copyright 2024