Database security

Malta Info Security

Archives

November 2008
October 2008
September 2008
Recent...
Older...

Quicksearch

Join our Google Group

Re: CISSP Seminar in MALTA

Re: CISSP Seminar in MALTA

Re: CISSP Seminar in MALTA

Re: Have you mitigated the DNS vulnerability?

Re: Have you mitigated the DNS vulnerability?

Poll box

Do you think information security is given its due importance in Malta?
Yes
No
No idea!

Archives

Statistics

Last entry: 2008-11-18 13:41
113 entries written
76 comments have been made

Home | Contact Us

REQUEST SECURITY CERTIFICATION INFORMATION

Tuesday, March 6. 2007

Posted by Donald Tabone

Comments (4)
Trackbacks (0)
466 hits

Database security

In this article, I aim to provide some generic database security principles whilst addressing some of the more common questions commonly associated. The basic definition of database security can be safely summarized as the process of protecting a database from external threats.

By the term threats we refer to:

1. Theft and fraud
2. Confidentiality - information should not be disclosed to unauthorised users
3. Privacy
4. Integrity - only authorised persons should be allowed to modify data
5. Availability - authorised users should not be denied access
6. Accountability - determining what a user did by means of clipping levels enforcing non repudiation

What counter measures exist for these type of threats?

Counter measures for these threats can be one of two types ie. computer based and non computer based:

Computer based measures:

1. implementing suitable authorisation in relation to an OS on which the DB system runs

2. implementing authorisation strategies that grant priv to certain users and groups to access certain database objects via the chosen DBMS. Employ lock down access control methods using "denied unless explicitly permitted". no one without a legimate business reasons to access any data should be able to do so

3. set up restricted views into the database

4. take regular backups of the database

5. maintaining a log of all changes made to the database. Every access to data, successful or unsuccessful should be logged containing at a minimum what, who, when and where details

6. use suitable strategies for encrypting sensitive data (see 1#)

Non-computer based measures:

1. establishing a security policy plan

2. separation of duties through different personnel

3. put computer hardware in secure environments employing physical access controls

4. secure copies of data and software in off site, fireproof storage

In addition to the above there is little point in securing a DBMS and a database by itself, rather one should instead secure the operating system against attacks by unwanted persons as well as securing the tables within the database.


Who is responsible for database security?

Database security is normally a task for the DBA normally conducted in collaboration with the organisation security expert mainly becuase of the key value that the data holds within an organisation.

How can we control the data? Data control comes in 2 parts:

1. preventing unauthorised access to data

2. preventing unauthorised access to the facilities of a particular dbms

How is control applied over data and privileges?

1. Usage Analysis: build a profile of the user or user groups that we expect to access the database

2. For each user group build a profile of data and facilities privileges are appropriate to their expected level of access


How about database hardening solutions?

To improve system performance as well as the security of databases companies have implemented the tiered model of systems:

1. one-tier model - the database and the application exist on a single system

2. two-tier model - the client pc or system runs an application that communicates with the database that is running on a different server

3. three-tier model - effectively isolates the end user from the database by introducing a middle-tier server. this server accepts requests from clients, evaluates them and then sends them onto the database server for processing. the database server sends the data back to the middle tier server which then sends the data to the client system.

Although the three models provide increasing capability and complexity, each system must be individually managed and kept current for any of the above models to provide effective security.

Most secure database systems have access control mechanisms based on the Bell{LaPadula model. This model is specied in terms of subjects and objects. An object is a data item, whereas a subject is a process that requests access to an object. For example, when a process accesses a data file for input/output operations, the process is the subject and the data-file is the object. Each object in the system has a classification level (e.g. Top Secret, Secret, Classified, etc.) based on the security requirement. Similarly, each subject has a corresponding clearance level based on the degree to which it is trusted by the system. (See #2)



References and further information:

Database Security by Dan Rahmel
http://www.governmentsecurity.org/articles/DatabaseSecurityPart1.php

Partial Security and Timeliness in Real-Time Database Systems by Sang H. Son
http://ipdps.cc.gatech.edu/1998/wpdrts/son.pdf

Cryptography in the Database: The Last Line of Defense
http://www.amazon.co.uk/Cryptography-Database-Last-Line-Defense/dp/0321320735

1# http://www.oracle.com/technology/oramag/oracle/05-jan/o15security.html
2# http://dsl.serc.iisc.ernet.in/publications/conference/secncs96.ps.gz
Secure Real Time Database Systems by Binto George & Jayant Haritsa

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

The article provides a good overview when planning security on a database.


Although it is understood that this is a high-level document, it would be beneficial to mention that transmission paths (not just the data) should be encrypted when the database (three-tier) is configured over a network, especially if it is a public network (such as the Internet).

Moreover, configuring a disaster recovery site which replicates the data, provides a better coverage than using off-site backups. Nowadays this is possibly done through the DBMS itself.
#1 Jon (Homepage) on 2007-03-06 23:45 (Reply)
@Jon

Indeed it is at a high-level and far from technical. It was yesterday suggested to me to supplement the article with some more technical information such as on SQL Injection -- the idea being to possibly appeal to a wider audience. It is also correct to state the importance of encrypting the transmission path at the link level perhaps using a technology such IPSec. This is very true to avoid man-in-middle attacks especially over a network.

Given that my hands on experience with databases is somewhat limited, I am interested in knowing more about database replication so please do feel free to post some useful links in regard.

Thanks for yr comment!
#1.1 Donald (Homepage) on 2007-03-07 08:40 (Reply)
Well, I have some literature about specific databases, particularly on Oracle, and, if you want you can drop by and you can select anything you like on optical media.

Other than that the following are good sources in order to get a general overview:

SQL Server 2005 Documentation: http://msdn2.microsoft.com/en-us/library/ms203721.aspx

Data warehousing:
http://www.dwinfocenter.org/

Oracle:
http://www.oracle.com/index.html

Dr. Dobb's Portal
http://www.ddj.com/

I'm not aware of anything specific for the time being...
#1.1.1 Jon (Homepage) on 2007-03-07 20:30 (Reply)
Definition from wikipedia

Database replication
Database replication can be used on many database management systems, usually with a master/slave relationship between the original and the copies. The master logs the updates, which then ripple through to the slaves. The slave outputs a message stating that it has received the update successfully, thus allowing the sending (and potentially re-sending until successfully applied) of subsequent updates. See also Coda and RAID. Multi-master replication, where updates can be submitted to any database node, and then "ripple" through to other servers, is often desired, but introduces substantially increased costs and complexity which may make it impractical in some situations.

The most common challenge that exists in multi-master replication is conflict resolution. For instance, if records are changed in two systems simultaneously, the resolution of that conflict can take many paths. One simple method is that of timing, where data with the first timestamp wins. Alternately, data with the latest timestamp could be saved as most valuable. Another way of resolving conflicts is through hierarchical rules, having declared sites and/or users to have greater rights that supersede changes of lower sites/users. Finally, logic-based conflict resolution can be employed, which is more configurable, but more complex.
#1.1.2 Jon (Homepage) on 2007-03-07 23:24 (Reply)

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA
 
 

Frontpage - Top level

Calendar

Back November '08 Forward
Mon Tue Wed Thu Fri Sat Sun
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30

Categories


All categories

Quick links

Linkedin public profile

Blog Administration

Open login screen

RSS Feed
Please consider sending us a small donation to keep this site going. Click the PayPal logo below. Thank you!