Top 10 Database Security Threats and How to Stop Them. Rob Rachwald Director of Security Strategy

Transcription

1 Top 10 Database Security Threats and How to Stop Them Rob Rachwald Director of Security Strategy

2

3 Data Has Value

4 Data Has Value Top 7 Attacks Discussed in Hacker Forums 11% 9% 12% 12% 15% 21% 20% dos/ddos SQL injection spam brute-force shell code zero-day html injection

5 Sources of a Data Breach Hacker 29% Malicious Insider 33% Non malicious 38% Source: 2010 Securosis-Imperva survey of more than 1100 U.S. and multinational IT security practitioners.

6 Agenda Top 10 Database Security Threats Definition Analysis Consequence Mitigation

7 Excessive Privilege Abuse CONFIDENTIAL

8 Excessive Privilege Abuse Definition Users (or applications) granted database access privileges in excess of business need-to-know

9 Excessive Privilege Abuse Analysis Hard to obtain a true list of required privileges Database ACL semantics are too limited Consequence Any minor breach becomes a major incident! See SQL Injection

10 Excessive Privilege Abuse Mitigation More granular ACLs: Query ACLs What queries are allowed against the table by this user Automatic and Dynamic ACL profiling

11 Mitigation Query Access Control Lists Data Leakage via Database Access select * from classes where class_id =? Normal Usage Privilege Abuse select * from classes where class_id = 101 select username, password from students

12 Mitigation Query Access Control Lists Data Leakage via Web Application select * from students where username =? and password =? Normal Usage Privilege Abuse Select * from users where username = john and password = smith Select * from users where username = john and password = smith or 1=1

13 Legitimate Privilege Abuse CONFIDENTIAL

14 Legitimate Privilege Abuse Definition Abuse legitimate db privileges for unauthorized purposes

15 Legitimate Privilege Abuse Analysis Use simple and available desktop tools Retrieve large quantities of data Store sensitive data locally Make unauthorized changes Consequence Data theft Data loss Embezzlement

16 Legitimate Privilege Abuse Mitigation More granular ACL: Context based ACL ACL augmented with the context of query E.g. Client machine, client software, time-ofday

17 Privilege Elevation CONFIDENTIAL

18 Privilege Elevation Definition Low privileged user exploits database vulnerabilities to gain administrative privileges.

19 Privilege Elevation Part 1

20 Privilege Elevation Part 2

21 Privilege Elevation Part 3

22 Privilege Elevation Part 4

23 Privilege Elevation Part 5

24 Privilege Elevation Analysis Susceptible objects Stored procedures and built-in functions SQL Statements Types of vulnerabilities Buffer overflow SQL Injection Consequence Any minor breach becomes a major incident Built-in access control becomes ineffective

25 Privilege Elevation Mitigation More granular ACL: Query level ACLs Automatic and dynamic ACL profiling Monitoring access to vulnerable objects

26 Weak Audit «In God I trust. For everyone else, I keep log files.» CONFIDENTIAL

27 Weak Audit Definition Audit policies that rely on built-in database mechanisms suffer a number of weaknesses

28 Weak Audit Performance degradation and DBA attention span Knowing what matters in the mountain of audit data Limited Granularity

29 Weak Audit Proprietary Vulnerable to database attacks No End to End User- Tracking

30 Weak Audit No End-to-End User Tracking

31 Weak Audit Consequence Regulatory problems Data is not there when you need it Mitigation Independent audit device

32 SQL Injection CONFIDENTIAL

33 SQL Injection Definition Attacker inserts an unauthorized SQL statement through a SQL data channel

34 SQL Injection Analysis Caused by non-validated input parameters Consequence Access to unauthorized data Unauthorized data manipulation Denial of service Privilege elevation

35 SQL Injection Mitigation More granular ACL: Query level ACLs Automatic and dynamic ACL profiling

36 Unauthorized Copies of Sensitive Data CONFIDENTIAL

37 Unauthorized Copies of Sensitive Data Definition Sensitive data copied to new databases without any individual held responsible

38 Unauthorized Copies of Sensitive Data Analysis Databases created without knowledge of security team Correct security controls not applied Consequence Sensitive data Out-of-Scope of assessment Illegal access of data

39 Unauthorized Copies of Sensitive Data Mitigation Data Discovery Data Classification

40 Exploitation of Vulnerable, Mis-Configured Databases CONFIDENTIAL

41 Exploitation of Vulnerable, Mis-configured Databases Definition Vulnerable and unpatched databases, and databases with default accounts and configuration parameters which allow unauthorized access

42 Exploitation of Vulnerable, Mis-configured Databases Analysis Lengthy database patching process Default accounts and configuration parameters Weak account names and/ or passwords Weakened audit parameters Consequence Access to unauthorized data Unauthorized data manipulation Privilege elevation Credential theft

43 Exploitation of Vulnerable, Mis-configured Databases Mitigation Database assessment Configuration assessment Virtual patching

44 Denial of Service CONFIDENTIAL

45 Denial of Service Definition Attacks that affect the availability of information from the database to users

46 Denial of Service Analysis Specific vulnerabilities Resource oriented attacks Consequence Critical for modern day organizations Paralyzing the entire operation of an organization or part of it

47 Denial of Service Mitigation Specific mechanisms for specific vulnerabilities Resource control mechanisms Timing responses Sizing responses Connection Control Problem detection Timing latency in system

48 Database Communication Protocol Vulnerabilities CONFIDENTIAL

49 Database Communication Protocol Vulnerabilities Definition Tampering with db related network protocol messages

50 Database Communication Protocol Vulnerabilities Analysis Proprietary network protocols to communicate data and commands Complex (and mostly obscure) protocols are prone to security vulnerabilities

51 Database Communication Protocol Vulnerabilities Record Size = 52 Field Size = FF b c 00 0c ff d c a

52 Database Communication Protocol Vulnerabilities 52

53 Database Communication Protocol Vulnerabilities Consequence Unauthorized data access Unauthorized data manipulation Denial of service

54 Database Communication Protocol Vulnerabilities Mitigation Protocol validation engine (addresses even unknown vulnerabilities) Reactive protocol validation (addresses known vulnerabilities)

55 Backup Data Exposure CONFIDENTIAL

56 Backup Data Exposure Definition Unencrypted data on Backup Tapes and Disk

57 Backup Data Exposure

58 Backup Data Exposure Analysis Many recent incidents where backup media is lost or stolen Consequence Exposure of huge amounts of sensitive information

59 Backup Data Exposure Mitigation End to end encryption Disk encryption Database encryption A better solution is yet to be found!

60 Summary

61 Question & Answer

62 More Information: Blog itunes/podcasts YouTube Twitter Linkedin Facebook blog.imperva.com twitter.com/imperva