Scribd
Upload
15 views32 pages

Securing

Uploaded by

sakshi.arora.in1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views32 pages

Securing

Uploaded by

sakshi.arora.in1
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 32

Securing PostgreSQL

From External Attack


BRUCE MOMJIAN

Database systems are rich with attack vectors to exploit. This


presentation explores the many potential PostgreSQL external
vulnerabilities and shows how they can be secured. Includes concepts
from Magnus Hagander

https://momjian.us/presentations Creative Commons Attribution License

Last updated: May, 2021

1 / 32
Attack Vectors

https://www.flickr.com/photos/twalmsley/

2 / 32
External Attack Vectors

• ’Trust’ security
• Passwords / authentication theft
• Network snooping
• Network pass-through spoofing
• Server / backup theft
• Administrator access

3 / 32
Internal Attack Vectors
(Not Covered)

• Database object permissions


• SQL injection attacks
• Application vulnerability
• Operating system compromise

4 / 32
Authentication Security

https://www.flickr.com/photos/brookward/

5 / 32
Avoid “Trust” Security in pg_hba.conf

# TYPE DATABASE USER CIDR-ADDRESS METHOD


# "local" is for Unix domain socket connections only
local all all trust
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
Solution: Use the initdb -A flag, i.e., you don’t want to see this:
WARNING: enabling "trust" authentication for local connections
You can change this by editing pg_hba.conf or using the -A option the
next time you run initdb.

6 / 32
Password Snooping

Connection Request PostgreSQL

Database Need Password Database


Client
Password Sent Server
Vulnerable to snooping

md5(password+username)
md5(password+username)
md5(password+username)
md5(password+username)

Using ’username’ in the MD5


string prevents the same password
used by different users from
appearing the same. It also adds
some randomness to the md5
checksums.

7 / 32
MD5 Authentication
Prevents Password Snooping

Connection request PostgreSQL

Database Need md5, sent random salt Database


Client
md5(md5(password+username) + salt) Server

md5(password+username)
md5(password+username)
md5(password+username)
md5(password+username)

8 / 32
MD5 Authentication
Prevents Password Replay

Connection request PostgreSQL

Database Need md5, sent random salt0 Database


Client
md5(md5(password+username) + salt0) OK Server

md5(password+username)
Connection request md5(password+username)
Malicious md5(password+username)
Database Need md5, sent random salt1 md5(password+username)
Client
md5(md5(password+username) + salt0) X
replay

salt is a random four-byte integer so millions of connection attempts


might allow the reuse of an old authentication reply.

9 / 32
SCRAM Authentication

scram-sha-256, available in Postgres 10, eliminates less-secure MD5,


and avoids the risk of duplicate salt values being replayed. SCRAM
with channel binding, available in Postgres 13, allows authentication,
similar to certificate authentication. scram-sha-256 is the default in
Postgres 14.

10 / 32
SCRAM-SHA-256 Authentication

Connection request
PostgreSQL
Need scram−sha−256
Database Username, client nonce Database
Client
Client nonce, server nonce, salt Server
Client nonce, server nonce, client proof
sha256(password+salt)
sha256(password+salt)
sha256(password+salt)
sha256(password+salt)

https://en.wikipedia.org/wiki/Salted_Challenge_Response_Authentication_Mechanism

11 / 32
Password Attacks

• Weak passwords
• Reuse of old passwords
• Brute-force password attacks
None of these vulnerabilities is prevented by Postgres directly, but
external authentication methods, like LDAP, PAM, and SSPI, can
prevent them. Some authentication methods are difficult to use with
connection pooling.

12 / 32
Queries and Data Still
Vulnerable to Network Snooping

SELECT * FROM customer; PostgreSQL

Database Barr Bearings | $10230 | James Akel Database


Client Queries and data vulnerable to snooping
Server

Password changes are also vulnerable to snooping.

13 / 32
SSL Prevents Snooping
By Encrypting Queries and Data

AES256(SELECT * FROM customer); PostgreSQL

Database AES256(Barr Bearings | $10230 | James Akel) Database


Client Queries and data encrypted by SSL
Server

14 / 32
Preventing Spoofing

https://www.flickr.com/photos/tomhickmore/

15 / 32
Localhost Spoofing
While the Database Server Is Down

Connection Request Fake PostgreSQL

Database Need Plain Password Database


Client
Password Sent Server
X

Records passwords for later


use with the real server

Uses a fake socket or binds to


port 5432 while the real server
is down. (/tmp is world−writable
and 5432 is not a root−only port.
libpq’s "requirepeer" helps here.)

The server controls the choice of ’password’ instead of ’md5’.

16 / 32
Network Spoofing

Connection Request Fake PostgreSQL

Database Need Plain Password Database


Client
Password Sent Server
X

Records passwords for later


use with the real server

Without SSL ’root’ certificates


there is no way to know if the
server you are connecting
to is a legitimate server.

17 / 32
Network Spoofing Pass-Through

Connection Request Fake PostgreSQL PostgreSQL

Database Need Plain Password Database Database


Client
Password Sent Server Server
OK
Query
Records passwords for later
Result use with the real server. It
can also capture queries,
data, and inject its own
queries.
Query

Result

Without SSL ’root’ certificates


there is no way to know if the
server you are connecting
to is a legitimate server.

18 / 32
SSL ’Prefer’ Is Not Secure

SSL or
Non−SSL

Prefer SSL Fake PostgreSQL PostgreSQL

Database No SSL Database Database


Client
Non−SSL Server Server
OK
Query
Records passwords for later
Result use with the real server. It
can also capture queries,
data, and inject its own
queries.
Query

Result

Without SSL ’root’ certificates


there is no way to know if the
server you are connecting
to is a legitimate server.

19 / 32
SSL ’Require’ Is Not Secure
From Spoofing

SSL or
Non−SSL

Require SSL Fake PostgreSQL PostgreSQL

Database OK SSL Database Database


Client
SSL Server Server
OK
Query
Records passwords for later
Result use with the real server. It
can also capture queries,
data, and inject its own
queries.
Query

Result

Without SSL ’root’ certificates


there is no way to know if the
server you are connecting
to is a legitimate server.

20 / 32
SSL ’Verify-CA’ Is Secure
From Spoofing

SSL verify−ca Fake PostgreSQL PostgreSQL

Database Invalid certificate Database Database


X
Client (no CA signature)
root.crt
Server Server

server.crt

21 / 32
Channel Binding

Connection request, need SSL


PostgreSQL
Need scram−sha−256
Database Channel binding req., username, client nonce Database
Client
Client nonce, server nonce, salt Server
Client nonce, server nonce, client proof
Server proof sha256(password+salt)
sha256(password+salt)
sha256(password+salt)
sha256(password+salt)

server.crt

Certificates are sent to peers as part of the TLS handshake. Later the certificate hash
is hashed with the password hash to prove the TLS peer knows the password hash.
This is tls−server−end−point channel binding.

22 / 32
SSL Certificates for Authentication

Request for SSL certificate PostgreSQL

Database SSL certificate with CN Database


Client
root.crt
Server

server.crt

23 / 32
Data Encryption
To Avoid Data Theft

https://www.flickr.com/photos/debarshiray/

24 / 32
Disk Volume Encryption

This helps prevent stolen storage devices from being read, and helps
with secure media destruction. https://www.flickr.com/photos/icebrkr/
25 / 32
Column Encryption

id | name | credit_card_number
--------+--------------------+------------------------------
428914 | Piller Plaster Co. | \xc30d04070302254dc045353f28
; 456cd241013e2d421e198f3320e8
; 41a7e4f751ebd9e2938cb6932390
; 5c339c02b5a8580663d6249eb24f
; 192e226c1647dc02536eb6a79a65
; 3f3ed455ffc5726ca2b67430d5
Encryption methods are decryptable (e.g., AES), while hashes are
one-way (e.g., MD5). A one-way hash is best for data like passwords
that only need to be checked for a match, rather than decrypted.

26 / 32
Where to Store the Key?
On the Server

SELECT * FROM customer; PostgreSQL

Database Barr Bearings | $10230 | James Akel Database


Client Decrypted data
Server

key

27 / 32
Store the Key on an
Intermediate Server

SELECT Cryptographic SELECT PostgreSQL

Database Barr Bearings Server V#ja20a Database


Client Decrypted Encrypted
Server

key

28 / 32
Store the Key on the Client and
Encrypt/Decrypt on the Server

SELECT decrypt(col, key) FROM customer; PostgreSQL

Database Barr Bearings | $10230 | James Akel Database


Client Decrypted data
key Server

29 / 32
Encrypt/Decrypt on the Client

SELECT * FROM customer; PostgreSQL

Database V#aei32ok3 Database


Client Encrypted data
key Server

This prevents server administrators from viewing sensitive data.

30 / 32
Store the Key on a
Client Hardware Token

SELECT * FROM customer; PostgreSQL

Database V#aei32ok3 Database


Client Encrypted data
key Server

This prevents problems caused by client hardware theft.

31 / 32
Conclusion

https://momjian.us/presentations https://www.flickr.com/photos/stevensnodgrass/

32 / 32

You might also like