Top 10 Database Security Threats and How to Stop Them Rob Rachwald Director of Security Strategy
Data Has Value
Data Has Value Top 7 Attacks Discussed in Hacker Forums 11% 9% 12% 12% 15% 21% 20% dos/ddos SQL injection spam brute-force shell code zero-day html injection
Sources of a Data Breach Hacker 29% Malicious Insider 33% Non malicious 38% Source: 2010 Securosis-Imperva survey of more than 1100 U.S. and multinational IT security practitioners. https://www.imperva.com/ld/data_security_survey.asp?
Agenda Top 10 Database Security Threats Definition Analysis Consequence Mitigation
Excessive Privilege Abuse CONFIDENTIAL
Excessive Privilege Abuse Definition Users (or applications) granted database access privileges in excess of business need-to-know
Excessive Privilege Abuse Analysis Hard to obtain a true list of required privileges Database ACL semantics are too limited Consequence Any minor breach becomes a major incident! See SQL Injection
Excessive Privilege Abuse Mitigation More granular ACLs: Query ACLs What queries are allowed against the table by this user Automatic and Dynamic ACL profiling
Mitigation Query Access Control Lists Data Leakage via Database Access select * from classes where class_id =? Normal Usage Privilege Abuse select * from classes where class_id = 101 select username, password from students
Mitigation Query Access Control Lists Data Leakage via Web Application select * from students where username =? and password =? Normal Usage Privilege Abuse Select * from users where username = john and password = smith Select * from users where username = john and password = smith or 1=1
Legitimate Privilege Abuse CONFIDENTIAL
Legitimate Privilege Abuse Definition Abuse legitimate db privileges for unauthorized purposes
Legitimate Privilege Abuse Analysis Use simple and available desktop tools Retrieve large quantities of data Store sensitive data locally Make unauthorized changes Consequence Data theft Data loss Embezzlement
Legitimate Privilege Abuse Mitigation More granular ACL: Context based ACL ACL augmented with the context of query E.g. Client machine, client software, time-ofday
Privilege Elevation CONFIDENTIAL
Privilege Elevation Definition Low privileged user exploits database vulnerabilities to gain administrative privileges.
Privilege Elevation Part 1
Privilege Elevation Part 2
Privilege Elevation Part 3
Privilege Elevation Part 4
Privilege Elevation Part 5
Privilege Elevation Analysis Susceptible objects Stored procedures and built-in functions SQL Statements Types of vulnerabilities Buffer overflow SQL Injection Consequence Any minor breach becomes a major incident Built-in access control becomes ineffective
Privilege Elevation Mitigation More granular ACL: Query level ACLs Automatic and dynamic ACL profiling Monitoring access to vulnerable objects
Weak Audit «In God I trust. For everyone else, I keep log files.» CONFIDENTIAL
Weak Audit Definition Audit policies that rely on built-in database mechanisms suffer a number of weaknesses
Weak Audit Performance degradation and DBA attention span Knowing what matters in the mountain of audit data Limited Granularity
Weak Audit Proprietary Vulnerable to database attacks No End to End User- Tracking
Weak Audit No End-to-End User Tracking
Weak Audit Consequence Regulatory problems Data is not there when you need it Mitigation Independent audit device
SQL Injection CONFIDENTIAL
SQL Injection Definition Attacker inserts an unauthorized SQL statement through a SQL data channel
SQL Injection Analysis Caused by non-validated input parameters Consequence Access to unauthorized data Unauthorized data manipulation Denial of service Privilege elevation
SQL Injection Mitigation More granular ACL: Query level ACLs Automatic and dynamic ACL profiling
Unauthorized Copies of Sensitive Data CONFIDENTIAL
Unauthorized Copies of Sensitive Data Definition Sensitive data copied to new databases without any individual held responsible
Unauthorized Copies of Sensitive Data Analysis Databases created without knowledge of security team Correct security controls not applied Consequence Sensitive data Out-of-Scope of assessment Illegal access of data
Unauthorized Copies of Sensitive Data Mitigation Data Discovery Data Classification
Exploitation of Vulnerable, Mis-Configured Databases CONFIDENTIAL
Exploitation of Vulnerable, Mis-configured Databases Definition Vulnerable and unpatched databases, and databases with default accounts and configuration parameters which allow unauthorized access
Exploitation of Vulnerable, Mis-configured Databases Analysis Lengthy database patching process Default accounts and configuration parameters Weak account names and/ or passwords Weakened audit parameters Consequence Access to unauthorized data Unauthorized data manipulation Privilege elevation Credential theft
Exploitation of Vulnerable, Mis-configured Databases Mitigation Database assessment Configuration assessment Virtual patching
Denial of Service CONFIDENTIAL
Denial of Service Definition Attacks that affect the availability of information from the database to users
Denial of Service Analysis Specific vulnerabilities Resource oriented attacks Consequence Critical for modern day organizations Paralyzing the entire operation of an organization or part of it
Denial of Service Mitigation Specific mechanisms for specific vulnerabilities Resource control mechanisms Timing responses Sizing responses Connection Control Problem detection Timing latency in system
Database Communication Protocol Vulnerabilities CONFIDENTIAL
Database Communication Protocol Vulnerabilities Definition Tampering with db related network protocol messages
Database Communication Protocol Vulnerabilities Analysis Proprietary network protocols to communicate data and commands Complex (and mostly obscure) protocols are prone to security vulnerabilities
Database Communication Protocol Vulnerabilities Record Size = 52 Field Size = 255 0000 12 01 00 34 00 00 00 00 00 00 15 00 FF 01 00 1b 0000 0000 00 01 02 00 1c 00 0c 03 00 28 00 04 ff 08 00 01 0010 0000 55 00 00 00 4d 53 53 51 4c 53 65 72 76 65 72 00 0020 0000 a8 07 00 00 0030 51
Database Communication Protocol Vulnerabilities 52
Database Communication Protocol Vulnerabilities Consequence Unauthorized data access Unauthorized data manipulation Denial of service
Database Communication Protocol Vulnerabilities Mitigation Protocol validation engine (addresses even unknown vulnerabilities) Reactive protocol validation (addresses known vulnerabilities)
Backup Data Exposure CONFIDENTIAL
Backup Data Exposure Definition Unencrypted data on Backup Tapes and Disk
Backup Data Exposure
Backup Data Exposure Analysis Many recent incidents where backup media is lost or stolen Consequence Exposure of huge amounts of sensitive information
Backup Data Exposure Mitigation End to end encryption Disk encryption Database encryption A better solution is yet to be found!
Summary
Question & Answer
More Information: www.imperva.com Blog itunes/podcasts YouTube Twitter Linkedin Facebook blog.imperva.com www.imperva.com/resources/podcasts.asp www.youtube.com/user/impervachannel twitter.com/imperva www.linkedin.com/companies/imperva www.facebook.com/imperva