Five Threats to Data Security and How to Protect Against Them

Five Threats to Data Security and
How to Protect Against Them
Table of Contents
Executive Summary
The purpose of this paper is to
examine five specific risks to data
security, showing where and how
confidential data may be
vulnerable—and how you can
protect your business against
these threats.
Introduction..........................................................................................................................................................1
1) Data Vulnerability in Transit and Storage .................................................................................................2
Why Web Servers and Databases Are Not Secure ...............................................................................2
Protecting Data with Encryption ................................................................................................................2
2) New Types of Application-level Attack.....................................................................................................3
Exploitable URLs and Worms .....................................................................................................................3
Intrusion Protection Against Malicious Traffic.........................................................................................3
3) Private Key Mismanagement ........................................................................................................................4
When Private Keys are Not so Private.....................................................................................................4
Protecting Keys with Secure Key Management.......................................................................................4
4) Identity and Access Management Risks .....................................................................................................5
Who Is It and How Do You Know? ..........................................................................................................5
Authentication, Authorization, and Access Control ..............................................................................5
5) Misconfigurations and Other Administration Errors..............................................................................6
To Err is Human ... and Potentially Dangerous .......................................................................................6
Easy, Error-free Administration ..................................................................................................................7
About SafeNet .....................................................................................................................................................8
Introduction
Most networking and security professionals are already familiar with the many statistics about
Internet traffic and data security. You know that the increase in confidential information sent
over the Internet has resulted in increased cases of data compromise. You’ve read the reports of
successful application-level and URL-based attacks launched against Web servers and ecommerce
databases. You know that 60% of security breaches are perpetrated by insiders. And you know
that a compromise in data security can mean a compromise to the business itself.
This paper is not designed to re-tread these statistics or horror stories. The purpose of this
paper is to examine five specific risks to data security, showing where and how confidential data
may be vulnerable—and how you can protect your business against these threats.
The specific risks are posed by:
o
o
o
o
o
unencrypted data in vulnerable locations
new types of application-level attacks
mismanagement of private keys
inadequate user authentication and authorization
human administrative error
All of these risks have one thing in common: they can be greatly reduced, in some cases
completely eliminated, through an Active Application Security product that effectively delivers a
powerful combination of data encryption, key management and access management technologies,
with no loss in networking performance.
1) Data Vulnerability in Transit and Storage
Why Web Servers and Databases Are Not Secure
The SSL protocol is a proven method of protecting information moving over the Internet. Using
SSL to secure confidential data such as credit card numbers and medical information offers
protection from prying eyes as this data passes from sender to recipient via the Internet,
intranets and extranets. But once this data reaches its destination—typically a Web server in the
recipient’s network—the encryption is stripped away, leaving the data in a plain-text format as it
traverses the local area network, application servers, and databases.
Therein lies the vulnerability—data in a plain-text state is easily readable in transit and in storage.
In this state, it is particularly vulnerable to theft or compromise by anyone inside or outside the
network who can gain access to the Web servers or to the database.
What’s needed. In order to truly protect this data, it is not enough to simply protect the
network. The data itself must be safeguarded. Currently, the most reliable way to provide this
protection is through encryption that—instead of being stripped off at the Web server—stays
with the data as it travels through Web servers and application servers and is stored in the
database.
Protecting Data with Encryption
If typical network caches and switches could read encrypted data, there wouldn’t be unencrypted
data on the network. But caching and switching functions, which require reading packet data
rendered incomprehensible by encryption, cannot perform this function.
SafeNet has developed a data security solution capable of caching and switching without leaving
data vulnerable and unencrypted on the backend. Placed on the network between the switch and
the Web server farm, the SafeNet device sits directly in the data path to terminate the SSL/TLS
session of HTTPS traffic and decrypt the packets for caching and switching. Via SafeNet’s Content
Encryption Service Engine, specific data fields are re-encrypted with a super-secure triple-DES key
or AES. This ensures that data never resides in a vulnerable plain-text format, but remains
protected anywhere in the network whether in transit or in storage. The same encryption that
guards confidential information such as credit card and bank account numbers also protects
passwords and cookies. Passwords are safe from common exploits such as dictionary attacks
because the actual password is guarded with a keyed hash that protects the password even in the
event of a dictionary attack on the password file. Cookies are similarly protected with a Message
Authentication Code, so if an altered cookie were submitted, the SafeNet device would recognize
and reject it as unauthorized. Encryption also protects Web-based enterprise applications, such as
MS Outlook, PeopleSoft, SAP, Oracle, and Siebel. Any application-specific protocol can be
secured in transit and in storage, easily and without added capital and operational costs.
White Paper: Five Threats to Data Security and How to Protect Against Them—Page 2 of 8
Positioned directly in the data path, the SafeNet solution protects data where it is most
vulnerable—on the backend infrastructure—by encrypting incoming HTTP/HTTPS traffic, in
addition to performing caching, switching and SSL/TLS acceleration functions.
2) New Types of Application-level Attacks
Exploitable URLs and Worms
Recent attacks against e-commerce sites have proven the vulnerability of Web sites to exploitable
URLs. Certain Web servers and third-party add-ons ship with exploitable holes installed by
default. If these vulnerable URLs are left unblocked, an attacker can take advantage of these weak
links to run scripts that provide unauthorized access to the Web servers.
Similarly, worms (like Code Red and Nimda) target servers and execute attack commands causing
denial-of-service and site-defacement consequences for the victim networks. Part of the problem
here is that an effective defense requires a constant, and often unrealistic, level of vigilance.
Firewalls, operating at a lower network level, are not effective in protecting against attacks at the
application layer. Security advisories promptly report known exploitable URLs, but the job of
defending against these vulnerabilities is one of relentless catch-up, with no guarantees against
new exploits that arise nearly every day. This situation creates serious potential for damage, both
to the network and to the information stored there.
What’s needed. What is needed is either an SSL/TLS termination product that can automatically
upload and block a list of vulnerable URLs, or a Active Application Security solution that: a) sits in
the data path to terminate malicious traffic and b) allows network administrators to immediately
block weak URLs so networks are not unprotected while security vendors prepare the
corrective patch for customers.
Intrusion Protection Against Malicious Traffic
The SafeNet product sits between the front router and the backend infrastructure. As the
recipient of all HTTP/HTTPS traffic, the solution applies specific defined filtering rules based on
the type of request. This allows the solution to intercept and terminate malicious payloads,
effectively protecting the backend servers. This method of URL-blocking is more convenient since
it is easier to define filters on a few upfront devices than on a larger number of backend servers.
White Paper: Five Threats to Data Security and How to Protect Against Them—Page 3 of 8
As an additional protection against URL-based attacks, the device itself is more secure than
typical Web servers. The hardware is tamper-resistant and all non-essential services and
executables have been removed resulting in a stripped-down operating system that carries no
standard shell other than its own proprietary command-line interface. A defense against Denial of
Service (DoS) overloads such as SYN floods has been built-in, and the management console is
designed for easy error-free blocking of a specific list of URLs.
3) Private Key Mismanagement
When Private Keys are Not so Private
Keys are the foundation of all encryption-based security solutions. If a hacker, internal or
external, gains access to your private keys, the security of your entire network is gone. Not
reduced—gone.
That’s a risk currently assumed by companies that store the Web server’s private keys on the
Web server itself. Web servers are not secure due to the fact that anybody can connect to it,
and typically a high number of MIS personnel have access to it. Additionally, the keys are often
stored in an easily readable plaintext format.
Stored in a software environment and exposed in server memory, keys are vulnerable to
discovery. An intruder who compromises your keys can launch “spoofing” attacks impersonating
your site with the stolen key, and “eavesdropping” attacks using the stolen key to hack into an
online transaction or access earlier transactions.
What’s needed. The best protection against private key compromise is a superior combination of
physical security and key management technology, including tamper-resistant hardware and the
most stringent security standards throughout the private key lifecycle.
Protecting Keys with Secure Key Management
With a SafeNet solution, private keys remain private. Secure key management technology is
certified to FIPS 140-1 Level 2, the most stringent standard of government-specified best
practices for deploying network security. This safeguards keys, in both hardware and software,
against compromise throughout the entire lifecycle.
Secure Storage
Private keys are generated and stored in a tamper-proof housing. Any attempt at physical
tampering results in the immediate destruction of all private keys, making it much more difficult
for either external or internal hackers to access this vital information. Even if a solution is stolen,
the private keys remain secure.
Secure Transport and Backup
When private keys are backed up, they are doubly encrypted using an administrator’s backup key
and an internal key, preventing exposure of the administrator’s password even under a dictionary
White Paper: Five Threats to Data Security and How to Protect Against Them—Page 4 of 8
attack at a backup file. Keys are never exported in cleartext and cannot be released without
triple-DES encryption, ensuring secure preservation in all backup and storage activities.
Secure Recovery
Even the strictest standards of tamperproof security must allow for key recovery in the event of
legitimate need. If a key owner were injured or incapacitated, there must be a way to avoid the
irretrievable loss of their key and thus their data.
SafeNet has designed a “k of n” recovery procedure that allows for this through the use of a
single master key. Inaccessible to any individual, this master key can be assembled only by a
predefined group of individuals who each own a piece of the key and simultaneously agree to
combine all their pieces. Even then, the master key can only be utilized for single key recovery,
not to “unlock” the key storage. The benefits are clear: emergency key recovery is possible, but
only via a coordinated and extremely secure measure.
4) Identity and Access Management Risks
Who Is It and How Do You Know?
The advent of intranets and extranets—as well as the transformation of Web browsers into
universal client to server-based applications—has made it possible for an organization to extend
data access to employees, customers, and business partners. But offering access to a broader
constituency creates its own IT challenges: how to identify authorized and unauthorized users,
how to define and manage access to specific data systems, and how to ensure that those
identities cannot be counterfeited or altered.
Many systems allow access based upon a user ID and password, but a more robust and provably
secure solution utilizes client-side digital certificates. These utilize public/private key encryption
technologies, and though unbreakable, are often not deployed due the challenge of generating and
managing these certificates, as well as the computational load placed upon the network system.
What’s needed. The best way to ensure that the right people are able to access the right
resources is a system that combines certificate-based authorization, tamper-proof hardware and
granular access control with management ease and no loss of networking performance.
Authentication, Authorization, and Access Control
Authentication and Authorization
SafeNet solutions utilize digital certificates, a more secure method of identification than user IDs
and passwords. Certificates can contain a great deal of data about an individual or network
resource, making them an ideal mechanism for authorization. Instead of simply granting carte
blanche access to the network, the system can deliver a more granular level of access tailored to
user status and data needs.
To reduce the complexity of creating and managing certificates, the solutions have a built-in
certificate authority, making certificate generation easy and efficient. Additionally, SafeNet’s
hardware-based SSL/TLS acceleration technologies ensure that data security does not come at
the cost of low performance.
Access Control
SafeNet’s solutions allow customized security procedures to be established and enforced for
multiple levels and functions. Individual administrators can be authorized to perform specific
functions, such as networking, security and back-ups. Each function can be protected by a
separate password, thereby limiting security risk to the entire network.
White Paper: Five Threats to Data Security and How to Protect Against Them—Page 5 of 8
Netegrity SiteMinder
With the Netegrity SiteMinder Service Engine, SafeNet solutions allow select users—like
employees, partners and customers—to present their encrypted credentials and be authorized
for a specific level of access. Netegrity Web Agents running on a secure SafeNet solution are less
susceptible to compromise than on a regular Web server.
5) Misconfigurations and Other Administration Errors
To Err is Human ... and Potentially Dangerous
Network administration is known for being a notoriously thankless job. It is also rife with
opportunities for mistakes: simple omissions, typos, or oversights that would go unnoticed in any
another profession can spell security risks on a network and serious performance problems on a
Web site.
For instance, the process of configuring SSL parameters properly on a Web server is typically
cumbersome and error-prone. While most Web servers allow for SSL configuration, they often
require a high level of expertise and familiarity with command-line interfaces in order to be done
accurately and thoroughly. An improperly configured server can result in adverse interactions
with other parts of the network, security or functionality gaps, or improper levels of network
access.
Incorporating security into a network solution requires constant vigilance over subtle details and
non-obvious product interactions. This explains why ease-of-use and clarity—two concepts that
used to refer to simple convenience in network administration—are now recognized to be
legitimate security issues.
What’s needed. Outside of the creation of a network administrator who is never subject to
fatigue, stress, or being overworked or under-trained, the best way to ensure error-free
management (and risk-reduced network security) is to build in the features that anticipate, and
protect against, common errors. Toward that end, a single multi-purpose hardware product that
provides a unified management view along with intuitive configuration fields can greatly reduce
configuration and other management mistakes.
White Paper: Five Threats to Data Security and How to Protect Against Them—Page 6 of 8
Easy, Error-free Administration
SafeNet solutions feature a combination of intuitive, advisory interfaces, software safeguards and
hardware features designed to reduce the risk of administrative error and ensure proper
configuration and management.
Easy Configuration
A secure browser-based GUI guides the administrator through each configuration step;
alternatively, a command-line interface is available for advanced users. The interfaces’ ease-of-use
allows the products to be quickly deployed often in a matter of minutes, with one-button
replication for on-the-fly scalability.
Certificate Generation
The same intuitive GUI is used to simply certificate requests, so the user is walked through each
step and able to complete the process in a matter of seconds, eliminating the risk of taking
shortcuts that aren’t secure.
Simple Secure Maintenance
For daily management, remote administration via the Web interface is secured with 128-bit
encryption via TLS to protect administrator commands. Advanced users can use the commandline interface, protected via a Secure Shell connection, to create scripts. For increased security,
remote administration can be disabled, either globally or granularly.
Secure Logging
Secure audit and activity logs keep a full record of administrative and connection events,
pinpointing incorrect configurations and unauthorized access attempts.
Managing Keys and Certificates
Administrators generate, manage and import certificates securely through the Web or commandline interface, reducing the chance of error. To easily manage a large number of keys, the
interface provides for convenient life-cycle key management.
Minimizing Error
The file system is read-only to prevent accidental or unauthorized software changes. All
configuration files and private key data are stored using a hierarchy of internal keys. Additionally,
unlike most servers and other network appliances, SafeNet products verify the authenticity of
software upgrades, ensuring the security of configuration data and certificates.
SNMP Integration
The SafeNet management console integrates with HP Open View and other network
management systems, allowing the user to receive SNMP traps about service levels and to issue
SNMP “gets” or queries.
White Paper: Five Threats to Data Security and How to Protect Against Them—Page 7 of 8
About SafeNet
In 2007, SafeNet was acquired by Vector Capital, a $2 billion private equity firm specializing in the
technology sector. Vector Capital acquired Aladdin in March of 2009, and placed it under
common management with SafeNet. Together, these leading global companies are the third
largest information security company in the world, which brings to market integrated solutions
required to solve customers’ increasing security challenges. SafeNet’s encryption technology
solutions protect communications, intellectual property and digital identities for enterprises and
government organizations. Aladdin’s software protection, licensing and authentication solutions
protect companies’ information assets and employees from piracy and fraud. Together, SafeNet
and Aladdin have more than 50 years of security expertise in more than 100 countries around
the world. Aladdin is expected to be fully integrated into SafeNet in the future. For more
information, visit www.safenet-inc.com or www.aladdin.com.
SafeNet
Corporate Headquarters
4690 Millennium Drive
Belcamp, MD 21017
Tel: +1 410 931 7500
Tel: 1 800 533 3958 - Sales
TTY Users: +1 800 735 2258
FAX: +1 410 931 7524
www.safenet-inc.com
©2009 SafeNet, Inc. All rights reserved. SafeNet and the SafeNet logo are registered trademarks of SafeNet, Inc. All
other product names are trademarks of their respective owners.
White Paper: Five Threats to Data Security and How to Protect Against Them—Page 8 of 8