Thursday, March 10, 2011

Top 10 Database Security Threats

Here's a brief digest of the docs from Imperva Inc. Due to copy right I won't post the original pdf here, but can easily search for it online.

- Threat 1 - Excessive Privilege Abuse:
When users (or applications) are granted database access privileges that exceed the requirements of their job function, these privileges may be abused for malicious purpose.
> Prevension - Query-Level Access Control
* restricts database privileges to minimum-required SQL operations (SELECT, UPDATE, etc.) and data.
* most database has some level of query-level access control (triggers, row-level security, etc), but too time consuming to do manually.

- Threat 2 - Legitimate Privilege Abuse
Users may also abuse legitimate database privileges for unauthorized purposes.
> Prevension: Understanding the Context of Database Access
Enforcing policy for client applications, time of day, location, etc., identify users access in a suspicious manner.

- Threat 3 - Privilege Elevation
Attackers may take advantage of database platform software vulnerabilities to convert access privileges from those of an ordinary user to those of an administrator. Vulnerabilities may be found in stored procedures, built-in functions, protocol implementations, and even SQL statements.
> Prevension: Intrusion prevention systems(IPS) and Query Level Access Control
IPS inspects database traffic to identify patterns which correspond to known vulnerabilities.
(pls report back to DB venders and get patched if you find such)

- Threat 4 - Platform Vulnerabilities
Vulnerabilities in underlying operating systems (Windows 2000, UNIX, etc.) and additional services installed on a database server may lead to unauthorized access, data corruption, or denial of service.
> Prevension: Software Updates and Intrusion Prevention

- Threat 5 - SQL Injection
When a perpetrator inserts (or injects) unauthorized database statements into a vulnerable SQL data channel.
> prevention: Three techniques can be combined to effectively combat SQL injection: intrusion prevention (IPS), query-level access control, and event correlation.

- Threat 6 - Weak Audit Trail
Weakness may come from several aspects:
Lack of User Accountability when users access via web apps; degrading system performance; limited granularity etc.
> prevension: Increase performance; Separation of duty, audit duties should ideally be separate from both database administrators and the database server platform; Cross-platform auditing. Network-based audit appliances can help all these.

- Threat 7 - Denial of Service
Access to network applications or data is denied to intended users. Resource overload is particularly common in database environments.
> Prevension:requires protections at multiple levels. In this database-specific context, deployment of connection rate control, IPS, query access control, and response timing control are recommended.

- Threat 8 - Database Communications Protocol Vulnerabilities
> prevention: Protocol validation: parses (disassembles) database traffic and compares it to expectations. In

- Threat 9 - Weak Authentication
Stealing or otherwise obtaining login credentials by means of: brute force, social engineering, credential theft.
> prevention: strong authentication (in practice strong password); directory integration, use single set of login across enterprise.

- Threat 10 - Backup Data Exposure
> prevention: database backups should be encrypted.(addition: should apply the same security constraints as the original data)

In short, I will classify them into 4 categories:
- Bugs in access control(privilege design/assignment)
- software/hardware/network vulnerabilities and attacks
- User Accountability
- Backup data explosure

Labels: ,

2 Comments:

Anonymous Secure Bytes said...

The best method for countering cryptographic attacks is to use strong cryptography and properly manage the private key. Strong cryptography is based on sound encryption algorithms and long keys.

9/12/2011 9:01 AM  
Anonymous Security Tools said...

A brute force search of all possible keys could be used to break this encryption, the time required to conduct such a search is so long as to be impractical.

9/12/2011 10:18 AM  

Post a Comment

Links to this post:

Create a Link

<< Home