database security unit iv

8/8/2019 Database Security Unit IV

1/11

Database security Unit-IV

Database security can be defined as a system or process by which the

"Confidentiality, Integrity, and Availability," or CIA, of the database can be

protected.Unauthorized entry or access to a database server signifies a loss of

confidentiality; unauthorized alteration to the available data signifies loss ofintegrity; and lack of access to database services signifies loss of availability.

CIA Triad

1) Confidentiality

In database security concepts, Confidentiality comes first. Confidentiality can be

enforced by encrypting the data stored in the database. Encryption is a technique or process bywhich data is encoded in such a way only authorized users be able to read the data. In other

words, encryption means rendering sensitive data unreadable to unauthorized users. Encryptioncan be done at two different levels: data-in-transit and data-at-rest.

1) Data-in-transit:

This refers to data that is moving within the network. Sensitive data, for example,

that is sent through network layers or through the Internet. A hacker can gain access tothis sensitive data by eavesdropping. When this happens, the confidentiality of the data is

compromised. Encrypting data-in-transit avoids such compromises.

2) Data-at-rest:

It is possible for a hacker to hack the data that is stored in the database.

Encrypting data-at-rest prevents such data leakages.

Different encryption algorithms are available, which includes Data Encryption

Standards (DES), Triple DES or3DES, and Advanced Encryption Standards (AES).

2) Integrity

Integrity can be enforced by setting User Access Controls (UAC) that define which users haveto be given what permissions in the database. For example, data related to employee information

is stored in a database. An employee may have permission for viewing the records and altering

only part of information like his contact details, whereas a person in the human resources

department will have more privileges.

What are the steps that have to be taken to ensure integrity of the database?

1) Once the database is installed, the password has to be changed. Similarly, periodicchecks have to be conducted to ensure the password is not compromised.

2) User accounts that are not in use have to be locked. If one is sure that these useraccounts will never be used again, then the best step is to remove such user accounts.

Created by Sameer Chandrakant Chimote DBMS (IT-I) Unit IV

1


2/11

3) Policies to set strong passwords have to be enforced. A good idea is to have a

policy of changing the passwords once per a month.

4) There are two types of authentication when it comes to database security, namely,

domain authentication and database authentication. Choose which authentication

you are going to follow and ensure you stick to it. Having both types of authentication

will create greater confusion rather protecting the database.

5) Check for the roles each user has and set the rules accordingly. You must ensurethat users are given permissions to do what they are allowed to do. I know this is a

time consumingjob when the database is huge, but once the permissions are set theright way, it is easy to check unauthorized entry or access.

6) Does your company have multiple database administrators? If yes, segregate theduties among these database administrators.

3) Availability

Databases must not have unplanned downtime. To ensure this, following steps have to betaken:

1. Restrict the amount of storage space given to each user in the database.

2. Limit the number of concurrent sessions made available to each database user.3. Backup the data at periodic intervals to ensure data recovery

in case ofapplication issues.

4. Databases should be secured against security vulnerabilities.

5. To ensure high availability, usage of database clusters is recommended.

Threats to Database Security

1) Privilege abuse:

When database users are provided with privileges that exceeds their day-to-day job

requirement, these privileges may be abused intentionally or unintentionally.

Take, for instance, a database administrator in a financial institution. What will

happen if he turns off audit trails or create bogus accounts? He will be able to transfermoney from one account to another thereby abusing the excessive privilege intentionally.

Having seen how privilege can be abused intentionally, let us see how privilege can be

abused unintentionally. A company is providing a work from home option to its

employees and the employee takes a backup of sensitive data to work on from his home.This not only violates the security policies of the organization, but also may result in data

security breach if the system at home is compromised.

2) Operating System vulnerabilities:

Vulnerabilities in underlying operating systems like Windows, UNIX, Linux, etc.,and the services that are related to the databases could lead to unauthorized access. This

may lead to a Denial of Service (DoS) attack. This could be prevented by updating the

operating system related security patches as and when they become available.

3) Database rootkits:

A database rootkit is a program or a procedure that is hidden inside the databaseand that provides administrator-level privileges to gain access to the data in the database.

These rootkits may even turn off alerts triggered by Intrusion Prevention Systems (IPS).

It is possible to install a rootkit only after compromising the underlying operating system.This can be avoided by periodical audit trails, else the presence of the database rootkit

may go undetected.

4) Weak authentication:


2
http://www.brighthub.com/computing/smb-security/articles/61402.aspxhttp://www.brighthub.com/computing/smb-security/articles/61402.aspxhttp://www.brighthub.com/computing/smb-security/articles/61402.aspxhttp://www.brighthub.com/computing/smb-security/articles/61554.aspxhttp://www.brighthub.com/computing/smb-security/articles/61554.aspxhttp://www.brighthub.com/computing/smb-security/articles/61402.aspxhttp://www.brighthub.com/computing/smb-security/articles/61402.aspxhttp://www.brighthub.com/computing/smb-security/articles/61554.aspxhttp://www.brighthub.com/computing/smb-security/articles/61402.aspx


3/11

Weak authentication schemes allow attackers to assume the identity of legitimate

database users by stealing or otherwise obtaining login credentials. An attacker may

employ any number of strategies to obtain credentials.

1

0

1 1) Brute Force - The attacker repeatedly enters username/passwordcombinations until he finds one that works. The brute force process may involve

simple guesswork or systematic enumeration of all possible username/password

combinations. Often an attacker will use automated programs to accelerate thebrute force process.

2 2) Social Engineering A scheme in which the attacker takes advantage thenatural human tendency to trust in order to convince others to provide their

login credentials. For example, an attacker may present himself via phone as an

IT manager and request login credentials for system maintenance purposes.

3 3) Direct Credential Theft An attacker may steal login credentials by

copying post-it notes, password files, etc.

5) Weak audit trails:

A weak audit logging mechanism in a database server represents a critical risk toan organization especially in retail, financial, healthcare, and other industries with

stringent regulatory compliance. Regulations such as PCI, SOX, and HIPAA demand

extensive logging of actions to reproduce an event at a later point of time in case of an

incident. Logging of sensitive or unusual transactions happening in a database must bedone in an automated manner for resolving incidents. Audit trails act as the last line of

database defense. Audit trails can detect the existence of a violation that could help trace

back the violation to a particular point of time and a particular user.

Weak database audit policy represents a serious organizationalrisk on many levels.

0 1) Regulatory Risk- Organizations with weak (or sometimesnon-existent) database audit mechanisms will increasinglyfind that they are at odds with government regulatoryrequirements. Sarbanes-Oxley (SOX) in the financial servicessector and the Healthcare Information Portability andAccountability Act (HIPAA) in the healthcare sector are justtwo examples of government regulation with clear database

audit requirements.1 2) Deterrence Like video cameras recording the faces of

individuals entering a bank, database audit mechanismsserves to deter attackers who know that database audittracking provide investigators with forensics link intruders to acrime.

2 3) Detection and Recovery Audit mechanisms represent the last line of

database defense. If an attacker manages to circumvent other defenses, auditdata can identify the existence of a violation after the fact. Audit data may

then be used to link a violation to a particular user and/or repair the system.

3

6) Privilege ElevationAttackers may take advantage of database platform software vulnerabilities to

convert access privileges from those of an ordinary user to those of an administrator.Vulnerabilities may be found in stored procedures, built-in functions, protocol

implementations, and even SQL statements. For example, a software developer at a

financial institution might take advantage of a vulnerable function to gain the databaseadministrative privilege. With administrative privilege, the rogue developer may turn off

audit mechanisms, create bogus accounts, transfer funds, etc.

7) SQL Injection:

In a SQL injection attack, a perpetrator typically inserts (or injects)

unauthorized database statements into a vulnerable SQL data channel. Typically targeteddata channels include stored procedures and Web application input parameters. These


3


4/11

injected statements are then passed to the database where they are executed. Using SQL

injection, attackers may gain unrestricted access to an entire database.

8) Denial of Service:Denial of Service (DOS) is a general attack category in which access to network

applications or data is denied to intended users. Denial of service (DOS) conditions may

be created via many techniques - many of which are related to previously mentionedvulnerabilities. For example, DOS may be achieved by taking advantage of a database

platform vulnerability to crash a server. Other common DOS techniques include datacorruption, network flooding, and server resource overload (memory, CPU, etc.).

Resource overload is particularly common in database environments.

9) Database Communications Protocol Vulnerabilities:

A growing number of security vulnerabilities are being identified in the database

communication protocols of all database vendors. Four out of seven security fixes in the

two most recent IBM DB2 FixPacks address protocol vulnerabilities1. Similarly, 11 outof 23 database vulnerabilities fixed in the most recent Oracle quarterly patch relate to

protocols. Fraudulent activity targeting these vulnerabilities can range from unauthorizeddata access, to data corruption, to denial of service. The SQL Slammer2 worm, forexample, took advantage of a flaw in the Microsoft SQL Server protocol to force denial

of service. To make matters worse, no record of these fraud vectors will exist in the

native audit trail since protocol operations are not covered by native database auditmechanisms.

9) Backup Data Exposure:

Backup database storage media is often completely unprotected from attack. As a

result, several high profile security breaches have involved theft of database backup tapes

and hard disks.


4


5/11

Cryptography:

The conversion of data into a secret code for transmission over a public

network. The original text, or "plaintext," is converted into a coded equivalent called"ciphertext" via an encryption algorithm. The ciphertext is decoded (decrypted) at the

receiving end and turned back into plaintext..

Cryptography (orcryptology) is the practice and study of hiding information.

Modern cryptography intersects the disciplines of mathematics, computer science, andengineering. Applications of cryptography include ATM cards, computer passwords,

and electronic commerce.

Branches of cryptography

1. Cryptographic engineering

2. Multivariate cryptography3. Quantum cryptography4. Steganography

5. Visual cryptography

1) Asymmetric Cryptography

Asymmetric Cryptography can be used to securely transmit information over

hostile networks.

Asymmetric cryptography is cryptography in which a pair of keys is used to

encrypt and decrypt a message so that it arrives securely. Initially, a network userrequests a public and private key pair. A user who wants to send an encrypted message

can get the intended recipient's public key from a public administrator. When therecipient gets the message, they decrypt it with their private key, which no one elseshould have access to. This process is known as a public key infrastructure.

Witfield Diffie&

Martin Hellman, then researchers at

Stanford University,

first publicly proposed asymmetric encryption in their1977 paper, New Directions InCryptography.


5
http://www.infosecinstitute.com/courses/cissp_bootcamp_training.htmlhttp://www.infosecinstitute.com/courses/cissp_bootcamp_training.htmlhttp://www.infosecinstitute.com/courses/cissp_bootcamp_training.htmlhttp://www.infosecinstitute.com/courses/cissp_bootcamp_training.htmlhttp://www.infosecinstitute.com/courses/cissp_bootcamp_training.html


6/11

Symmetric-key cryptography

Symmetric-key cryptography refers to encryption methods in which both the

sender and receiver share the same key

1) Block CiphersBlock ciphers are cryptographic algorithms which operate on 64-bit blocks of

plaintext. The encryption procedure usually consists of multiple and complex rounds of

bit shifts, XORs, permutations and substitutions of plaintext and key bits. Decryption is

similar to encryption except that some operations may be performed in the reverse order.Some algorithms use fix-length keys, for others the key length may vary.

1) DES

Data Encryption Standard (DES) is a block cipher invented over 20

years ago by IBM in response to a public request from the National Bureau ofStandards. It has been a worldwide cryptographic standard since 1976

2) RC2

RC2 was invented by Ron Rivest for RSA Data Security, Inc. Its details

have not been published. RC2 is a variable-key-length cipher. However, when

using the Microsoft Base Cryptographic Provider, the key length is hard-coded to40 bits.

3) Triple DES

The idea behind Triple DES is to improve the security of DES by applying

DES encryption three times using three different keys. This way the effective keylength becomes 56 x 3 = 168 bits which makes brute-force attacks virtually

impossible.Triple DES is implemented by the Microsoft Enhanced Cryptographic

Provider.

4) Triple DES with 2 Keys

In this variation, DES encryption is still applied three times but using only

2 keys: first key 1 is applied, then key 2 and then key 1 again. The effective key

length is 56 x 2 = 112 bits.Triple DES with 2 keys is implemented by the

Microsoft Enhanced Cryptographic Provider.

5) Advanced Encryption Standard (AES) aka Rijndael

Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen

as a candidate algorithm for the AES. Rijndael became the AES after the FIPS

approval by the U.S. government in 2001. The cipher currently supports keylengths of 128, 192, and 256 bits. AES is implemented by the "Microsoft


6


7/11

Enhanced RSA and AES Cryptographic Provider (Prototype)" on Windows XP

and "Microsoft Enhanced RSA and AES Cryptographic Provider" on Windows

2003. Windows NT and 2000 do not support this cipher. AspEncrypt offerssupport for AES starting with version 2.3.

2) Stream Ciphers

Stream ciphers encrypt plaintext one bit (or sometimes byte) at a time. The streamof plaintext bits are XORed with the output of a keystream generator which produces astream of bits based on a seed value. This seed value is the key for a stream cipher.

The decryption process is identical: the ciphertext bits are XORed with the same

keystream (which is the function of the key).

1) RC4

RC4 was developed by Ron Rivest in 1987. It is a variable-key-size

stream cipher. The details of the algorithm have not been officially published.

However, the algorithm's internals have been posted on the Internet, and the book

Applied Cryptography contains its detailed description. The algorithm isextremely easy to describe and program.

Just like RC2, 40-bit RC4 is supported by the Microsoft Base

Cryptographic provider, and the Enhanced provider allows keys in the range of 40to 128 bits in 8-bit increments.

Digital Signature

A digital signature ordigital signature scheme is a mathematical scheme for

demonstrating the authenticity of a digital message or document. A valid digital signaturegives a recipient reason to believe that the message was created by a known sender, andthat it was not altered in transit. Digital signatures are commonly used forsoftwaredistribution, financial transactions, and in other cases where it is important to detect

forgery and tampering.

A digital signature scheme typically consists ofthree algorithms:

1) A key generation algorithm that selects a private key uniformly at random from a set of

possible private keys. The algorithm outputs the private key and a corresponding public

key.2) A signing algorithm which, given a message and a private key, produces a signature.3) A signature verifying algorithm which given a message, public key and a signature,

either accepts or rejects the message's claim to authenticity.


7


8/11


8


9/11

Benefits of Digital Signature

1) accelerate workflows that are currently jammed by signature

delays

2) guarantee confidence in the validity of the signer and of thesigned document

3) close more deals fasterby allowing customers to approve

deals online or your sales staff to capture signatures whenenthusiasm is at its peak

4) enhance collaboration across departments, vendor networks

and multiple offices by distributing and fulfilling signature

requests, fast

5) create customer and partner portals that facilitate sales and

project coordination electronically

6) comply with regulatory requirements for documented approvals that can beobtained, stored and retrieved quickly and easily.

7) Manage paperless contracts and invoices to accelerate work

processes and make archiving easier

8) realize the full value of your document management technologies,

by eliminating dependence on wet signatures

9) reduce dependence on IT by using a standard technology thatdoes not require special downloads or proprietary software

Service Providers

1) CIC - The Communication Intelligence Corporation

2) Silanis

3) Lexign

4) ARX-Cosign

Uses:

1) Healthcare

2) Life Sciences

3) Government

4) Engineering

5) Human Resources6) Insurance


9


10/11

Privileges

A privilege is a right to execute an SQL statement or to access another user's

object. In Oracle, there are two types of privileges: system privileges and object

privileges. A privileges can be assigned to a user or a role

1) System privilegesThere are quite a few system privileges: in Oracle 9.2, we count 157 of them, and

10g has even 173. Those can be displayed with select name from system_privilege_map

Executing this statement, we find privileges like create session, drop user, alter

database, see system privileges.

System privileges can be audited.

Arguably, the most important system privileges are:

1) create session (A user cannot login without this privilege. If he tries, hegets an ORA-01045).

2) create table3) create view

4) create procedure

5) sysdba

6) sysoper

7) Back up

8) Databank

9) Schema

2) Object privileges

privileges can be assigned to the following types of database objects:

1) Tables

select, insert, update, delete, alter, debug, flashback, on commit refresh,

query rewrite, references, all

2) Views

select, insert, update, delete, under, references, flashback, debug

3) Sequence

alter, select

4) Packeges, Procedures, Functions (Java classes, sources...)

execute, debug

5) Materialized Views

delete, flashback, insert, select, update6) Directories

read, write

7) Libraries

execute

8) User defined types

execute, debug, under

9) Operators

execute

10) Indextypes

execute

For a user to be able to access an object in another user's schema, he needs the

according object privilege.

Object privileges can be displayed using all_tab_privs_made oruser_tab_privs_made.

Assigning privileges to users

A privilege can be assigned to a user with the grant sql statment. On theother hand, revoke allows to take away such privileges from users and roles.


10
http://www.adp-gmbh.ch/ora/admin/sysdba.htmlhttp://www.adp-gmbh.ch/ora/admin/system_privileges.html#sysoperhttp://www.adp-gmbh.ch/ora/misc/static_dictionary_views.html#tab_privs_madehttp://www.adp-gmbh.ch/ora/misc/static_dictionary_views.html#tab_privs_madehttp://www.adp-gmbh.ch/ora/admin/sysdba.htmlhttp://www.adp-gmbh.ch/ora/admin/system_privileges.html#sysoperhttp://www.adp-gmbh.ch/ora/misc/static_dictionary_views.html#tab_privs_madehttp://www.adp-gmbh.ch/ora/misc/static_dictionary_views.html#tab_privs_made


11/11

Oracle stores the granted privileges in its data dictionary.

1) Grant

The SQL command grant allows to assign system privileges and object

privileges to users and roles.

grant system_privilege to username;grant system_privilege_1, system_privileges_2,

..,system_privileges_ n to username;grant system_privilege_1 to username with admin option;

grant object_privilege to username;grant object_privilege to username with grant option;

grant object_privilege to username with hierarchy option;

2) Revoke

The SQL command revoke allows to take away system privileges and

object privileges from users and roles.


11

database security unit iv

Documents