Effective Database Security Database Top 10 Threats · Data Has Value Imperva Confidential 21% 20% 15% 12% 12% 11% 9% Top 7 Attacks Discussed in Hacker Forums dos/ddos SQL injection

Top 10 Database Security Threats and How to Stop Them

Rob Rachwald Director of Security Strategy

Imperva Confidential

Data Has Value

Data Has Value


21%

20%

15% 12%

12% 11% 9%

Top 7 Attacks Discussed in Hacker Forums

dos/ddos SQL injection spam brute-force shell code zero-day html injection

Sources of a Data Breach

Malicious Insider 33%

Non malicious

38%

Hacker 29%

Source: 2010 Securosis-Imperva survey of more than 1100 U.S. and multinational IT security practitioners.

https://www.imperva.com/ld/data_security_survey.asp?

Agenda


Top 10 Database Security Threats • Definition • Analysis • Consequence • Mitigation

CONFIDENTIAL

Excessive Privilege Abuse

Database Top 10 Threats Excessive Privilege Abuse


• Users (or applications) granted database access privileges in excess of “business need-to-know”

•

Definition



• Hard to obtain a true list of required privileges

• Database ACL semantics are too limited

Analysis

• Any “minor” breach becomes a major incident!

• See SQL Injection Consequence



Mitigation •More granular ACLs: Query ACLs

•What queries are allowed against the table by this user

•Automatic and Dynamic ACL profiling

Mitigation Query Access Control Lists


Data Leakage via Database Access

•select * from classes where class_id = 101

Normal Usage

•select username, password from students

Privilege Abuse

select * from classes where class_id = ?

Mitigation Query Access Control Lists


Data Leakage via Web Application

•Select * from users where username = ‘john’

and password = ‘smith’

Normal Usage

•Select * from users where username = ‘john’

and password = ‘smith’ or 1=1

Privilege Abuse

select * from students where username = ? and password = ?

CONFIDENTIAL

Legitimate Privilege Abuse


Database Top 10 Threats Legitimate Privilege Abuse


• Abuse legitimate db privileges for unauthorized purposes

•Definition

DemoFiles/excel-demo1.mp4



• Use simple and available desktop tools

• Retrieve large quantities of data • Store sensitive data locally • Make unauthorized changes

Analysis

• Data theft • Data loss • Embezzlement

Consequence


Mitigation • More granular ACL: Context based ACL • ACL augmented with the context of query

E.g. Client machine, client software, time-of-day

CONFIDENTIAL

Privilege Elevation


Database Top 10 Threats Privilege Elevation


• Low privileged user exploits database vulnerabilities to gain administrative privileges.

•

Definition



Part 1



Part 2



Part 3



Part 4



Part 5



• Susceptible objects • Stored procedures and built-in

functions • SQL Statements

• Types of vulnerabilities • Buffer overflow • SQL Injection

Analysis

• Any “minor” breach becomes a major incident

• Built-in access control becomes ineffective

Consequence



Mitigation • More granular ACL: Query level ACLs • Automatic and dynamic ACL profiling • Monitoring access to vulnerable objects

CONFIDENTIAL

Weak Audit


« In God I trust. For everyone else, I keep

log files. »

Database Top 10 Threats Weak Audit


• Audit policies that rely on built-in database mechanisms suffer a number of weaknesses

•

Definition

DemoFiles/audit-demo1.avi



Performance degradation and DBA attention span

Knowing what matters in the mountain of audit data

Limited Granularity



Proprietary

Vulnerable to database attacks

No End to End User-Tracking



No End-to-End User Tracking



• Regulatory problems • Data is not there when you

need it

•

•Consequence

• Independent audit device Mitigation

CONFIDENTIAL

SQL Injection

Database Top 10 Threats SQL Injection


• Attacker inserts an unauthorized SQL statement through a SQL data channel

••

Definition

DemoFiles/sql-injection-demo1.mp4



• Caused by non-validated input parametersAnalysis input parameters

• Access to unauthorized data • Unauthorized data

manipulation • Denial of service • Privilege elevation

Consequence



Mitigation • More granular ACL: Query level ACLs • Automatic and dynamic ACL profiling

CONFIDENTIAL

Unauthorized Copies of Sensitive Data


Database Top 10 Threats Unauthorized Copies of Sensitive Data


• Sensitive data copied to new databases without any individual held responsible

•

Definition



• Databases created without knowledge of security team

• Correct security controls not applied

Analysis

• Sensitive data “Out-of-Scope” of assessment

• Illegal access of data

Consequence



Mitigation Data Discovery Data Classification

CONFIDENTIAL

Exploitation of Vulnerable, Mis-Configured Databases


Database Top 10 Threats Exploitation of Vulnerable, Mis-configured Databases


• Vulnerable and unpatched databases, and databases with default accounts and configuration parameters which allow unauthorized access

•

Definition



• Lengthy database patching process • Default accounts and configuration

parameters • Weak account names and/ or

passwords • Weakened audit parameters

Analysis

• Access to unauthorized data • Unauthorized data manipulation • Privilege elevation • Credential theft

Consequence



Mitigation • Database assessment • Configuration assessment • Virtual patching

CONFIDENTIAL

Denial of Service

Database Top 10 Threats Denial of Service


• Attacks that affect the availability of information from the database to users

• Attacks that affect the availability of Definition

DemoFiles/buffer overflow.mp4



• Specific vulnerabilities • Resource oriented attacks Analysis

• Critical for modern day organizations

• Paralyzing the entire operation of an organization or part of it

Consequence



Mitigation • Specific mechanisms for specific vulnerabilities • Resource control mechanisms

•Timing responses •Sizing responses •Connection Control

• Problem detection •Timing latency in system

CONFIDENTIAL

Database Communication Protocol Vulnerabilities


Database Top 10 Threats Database Communication Protocol Vulnerabilities


• Tampering with db related network protocol messages

•Definition



• Proprietary network protocols to communicate data and commands

• Complex (and mostly obscure) protocols are prone to security vulnerabilities

•

•Analysis

00000000 12 01 00 34 00 00 00 00 00 00 15 00 FF 01 00 1b

00000010 00 01 02 00 1c 00 0c 03 00 28 00 04 ff 08 00 01

00000020 55 00 00 00 4d 53 53 51 4c 53 65 72 76 65 72 00

00000030 a8 07 00 00

Record Size = 52 Field Size = 255


51


52



• Unauthorized data access • Unauthorized data manipulation • Denial of service

Consequence



Mitigation •Protocol validation engine (addresses even unknown vulnerabilities) •Reactive protocol validation (addresses known vulnerabilities)

CONFIDENTIAL

Backup Data Exposure


Database Top 10 Threats Backup Data Exposure


• Unencrypted data on Back-up Tapes and Disk

•Definition





• Many recent incidents where backup media is lost or stolen Analysis

• Exposure of huge amounts of sensitive information

Consequence



Mitigation •End to end encryption •Disk encryption •Database encryption •A better solution is yet to be found!

Database Top 10 Threats Summary

Imperva Confidential Imperva ConfidentialImperva Confidential

Question & Answer

More Information: www.imperva.com

Blog blog.imperva.com

iTunes/Podcasts www.imperva.com/resources/podcasts.asp

YouTube www.youtube.com/user/ImpervaChannel

Twitter twitter.com/Imperva

Linkedin www.linkedin.com/companies/Imperva

Facebook www.facebook.com/imperva

http://blog.imperva.com/

http://www.imperva.com/resources/podcasts.asp

http://www.youtube.com/user/ImpervaChannel

http://twitter.com/Imperva

http://www.linkedin.com/companies/Imperva

http://www.facebook.com/imperva

Effective Database Security Database Top 10 Threats · Data Has Value Imperva Confidential 21% 20% 15% 12% 12% 11% 9% Top 7 Attacks Discussed in Hacker Forums dos/ddos SQL injection

Documents