Database Security CH 14
Database Security CH 14
Chapter 14
Database Security
Agenda
Data Breaches
Database Security Basics
Granting & Revoking Authority
Authorization Roles & Groups
Other Database Security Mechanisms
Encryption
SQL Injections Attacks
Auditing
External Security
DBMS Fixpacks & Maintenance
Questions
Data Breaches
Data breaches dominate the IT
newscape
According to The Privacy Rights
Clearinghouse, more than 544 million
records have been breached between
January 10, 2005 and early 2012.
Over the course of almost 3,000
separate events.
tp://www.privacyrights.org/data-breach
http://www.eweek.com/c/a/Desktops-and-Notebooks/Report-Some-Companies-Lose-Data-Six-Times-a-Year/
Authorization
Who can do it?
Encryption
Who can see it?
Audit
Who did it?
Authentication
Strong authentication is the cornerstone of any security
implementation plan.
It is impossible to control authorization and track usage
without it.
Before authorization to use database resources can be
granted, a login needs to be established for each user of
the DBMS.
Logins are sometimes referred to as accounts, or user IDs.
The login will have a password associated with it such that
only those who know the password can use the login ID.
Some DBMSs use the operating system login ID and password
as the DBMS login ID and password; others require an
additional login ID and password to be created specifically for
database access and security.
Login Details
When the DBMS controls the addition of logins, the
DBA is required to provide certain information about
the login when it is created:
Passwordthe key phrase, word, or character string associated
with the new login that must be provided by the user before
access to the database is permitted
Default databasethe name of the database to which the user
will initially be connected during login
Default languagethe default language assigned to the login
when using the DBMS if multiple languages are supported
Namethe actual full name of the user associated with this login
Additional detailsadditional details about the user for which the
login has been created: e-mail, phone number, office location,
business unit, and so on. This is useful for documentation
purposes
Password Guidance
Avoid passwords that are too short. Each password should be at
least six characters long, more if possible.
Each password should consist of at least a combination of
alphabetic characters and numeric characters. Using other
allowable symbols makes the password harder to guess.
Avoid creating a password that is a complete word (in either the
native language of the user or any foreign language).
Do not embed personal statistics in the password. Street
addresses, social security numbers, phone numbers, and the like
are easily guessed and do not belong in passwords.
Consider concatenating two unrelated words with a symbol or
number between them. For example, toe3star is a viable
password.
Use mnemonic devices to help you remember passwords.
Avoid common and weak password architypes such as sports
teams and sports celebrities.
Login Guidance
When a user no longer requires access to the DBMS,
or leaves the company, the DBA should drop his login
from the system as soon as possible.
This could become a complicated taska login cannot be
dropped if the person is currently using a database, or if
the user owns any database objects
Limit the database users who can create database objects
to DBAs only, especially in a production environment.
Database Users
login
DBMS
SUID
a
s
so
c
ia
t
ed
ith
user
name
UID
Data
base
Granting Authority
The GRANT statement is issued with a list of
privileges to be assigned to a list of users.
The WITH GRANT OPTION allows a user to pass
the authority to grant privileges along to others.
Generally, the use of this clause depends on whether
an installation practices centralized or decentralized
administration of privileges.
Decentralized administration is generally easier to
establish, but more difficult to control. As more and more
users obtain the authority to grant privileges, the scope of
authority is widened and becomes unwieldy.
Centralized administration is generally easier to administer,
but places a burden on the centralized administrator as the
sole arbiter of privileges within the environment.
Types of Privileges
Table: to control who can access and modify the
data within tables
Database object: to control who can create new
database objects and drop existing database
objects
System: to control who can perform certain
types of systemwide activities
Program: to control who can create, modify, and
use database programs
Stored procedure: to control who can execute
specific functions and stored procedures
Table Privileges
Table privileges are granted to enable users to access
tables, views, and columns within tables and views. The
following privileges can be granted for tables and views:
SELECT: to enable the user to select from this
table/view
INSERT: to enable the user to insert rows into this
table/view
UPDATE: to enable the user to update this table/view
DELETE: to enable the user to delete rows from this
table/view
ALL: to enable the user to select, insert, update, and
delete using this table/view
System Privileges
System privileges control which users can
use certain DBMS features and execute
certain DBMS commands.
The system privileges available will vary
from DBMS to DBMS but may include:
The ability to archive database logs
Shut down and restart the database server
Start traces for monitoring
Manage storage
Manage database caches
PUBLIC Authority
The DBA can choose to grant a particular
authorization to PUBLIC.
When authorization is granted to PUBLIC,
the DBMS will allow anyone who can log
in to the DBMS that particular authority.
Exercise caution when granting any
privileges to PUBLIC.
PUBLIC access can open your databases
to hacking.
Revoking Authority
Revoke is the inverse of Grant
Using Revoke, a DBA can remove
privileges from a user that has
previously been Granted those
privileges
Proceed with caution if WITH GRANT
OPTION was used
Cascading revokes can occur
Cascading Revokes
Joe
Pete
Bruce
Phil
Don
LBAC Configuation
An administrator must configure the LBAC system creating
security label components
These are database objects used to represent the conditions
determining whether a user can access a piece of data.
A security policy is used to describe the criteria to be used for
determining who has access to what data.
Once created, a security label can be associated with
individual columns and rows in a table to protect the data held
there.
An administrator allows users access to protected data by
granting them security labels.
When a user tries to access protected data, that user's security
label is compared to the security label protecting the data. The
protecting label will block some security labels but not others.
LBAC in Action
Any individual user can hold security labels for multiple security
policies. For any given security policy, however, a user can hold
at most one label for read access and one label for write access.
A security administrator can also grant exemptions to users. An
exemption allows you to access protected data that your
security labels might otherwise prevent you from accessing.
Together your security labels and exemptions are called your LBAC
credentials.
LBAC Example
Roles
Once defined, a role can be used to
grant one or more preassigned
privileges to a user.
A role is essentially a collection of
privileges.
For example:
Groups
Group-level authority is similar to roles.
Each DBMS provides built-in groups that cannot be
changed. The following groups are common among the
major DBMSs:
System administrator. Sometimes abbreviated SA or SYSADM, the system
administrator group is the most powerful within the DBMS.
Database administrator. Sometimes abbreviated as DBADM or DBA, the
database administrator group gives all privileges over a specific database, plus
the ability to access, but not modify, data in tables within that database.
Database maintenance. Sometimes abbreviated as DBMAINT, the database
maintenance group includes the specific database privileges for maintaining
database objects (such as the ability to run utilities and issue commands).
Security administrator. The security administrator role, aka SSO or SECADM,
has the privilege-set permitting the granting and revoking of database security
across the DBMS. Any database security-related activities can be performed by
the security administrator.
Operations control. Sometimes referred to as OPER or SYSOPR, the operations
control role has the authority to perform operational database tasks such as
backup and recovery, or terminating runaway tasks.
Horizontal Restriction
When a view eliminates rows from a
base table
Using WHERE clause(s)
Encryption
Encrypted Data
Original Data
Johnson
Encryption
Algorithm
Encryption
Key
Decryption
Algorithm
s&1Yu.8
Type of Encryption
There are two types of encryption
At Rest
In Transit
At Rest Encryption
Encrypting data at rest is undertaken to prohibit behind the
scenes snooping for information.
Consider a database containing a top secret military plan.
Of course, this data should be protected using traditional database
security and authorization methods.
But what if the data is accessed outside the control of the DBMS?
In Transit Encryption
Encrypting data in transit is undertaken to prohibit
network packet sniffing.
If the data is encrypted before it is sent over the
network and decrypted upon reception at its
destination, then it is protected along its journey.
Anyone nefariously attempting to access the data en
route will receive only encrypted data.
Without the decryption key, the data cannot be read.
SQL Injection
SQL injection is a form of web
hacking whereby SQL statements are
specified in the fields of a web form
to cause a poorly designed web
application to dump database
content to the attacker.
SQL injection is a favorite technique
of web hackers and stories abound in
the news of the technique being used
for nefarious purposes.
Auditing
Auditing is covered in more detail in the next section on
regulatory compliance and database administration.
But here is a short overview:
Auditing enables DBAs to track the use of database resources
and privileges.
When auditing is enabled, the DBMS will produce an audit trail of
database operations.
External Security
Questions