Sunday, January 8, 2012

Part Two : Threats to Database Security

There's lot kind of database threats but we going to talk about the top 10 popular threats today in database




Top Ten Database Security Threats:


1. Excessive Privilege Abuse.
2. Legitimate Privilege Abuse.
3. Privilege Elevation.
4. Database Platform Vulnerabilities.
5. SQL Injection.
6. Weak Audit Trail.
7. Denial of Service.
8. Database Communication Protocol Vulnerabilities.
9. Weak Authentication.
10. Backup Data Exposure.


Now let's talk about every one of these threats shortly since I take lot time talking about Database
Security , as we see the previously we can merge the ten point in only five point since they are
talking on the same subject so it going to be like this :


My Five Point for Database Threats:
1. Privilege abuse.
2. Operating System vulnerabilities.
3. Database root kits.
4. Weak authentication.
5. Weak audit trails


Types of threats to database security

1. Privilege abuse:

When database users are provided with privileges that exceed their day-to-day job requirement, these privileges may be abused intentionally or unintentionally.Take, for instance, a database administrator in a financial institution. What will happen if he turns off audit trails or create bogus accounts? He will be able to transfer money from one account to another thereby abusing the excessive privilege intentionally.Having seen how privilege can be abused intentionally, let us see how privilege can be abused unintentionally. A company is providing a “work from home” option to its employees and the employee takes a backup of sensitive data to work on from his home. This not only violates the security policies of the organization, but also may result in data security breach if the system at home is compromised.



In this the pervious picture I connect as normal user but if we check the privileges you will know he takes all DBA (database administrator) privileges and that so wrong , actually there's 161 privileges was given to this normal user but I didn't know how to display it all in this picture .

2. Operating System vulnerabilities:

Vulnerabilities in underlying operating systems like Windows, UNIX, Linux, etc., and the services that are related to the databases could lead to unauthorized access. This may lead to a Denial of Service (DoS) attack. This could be prevented by updating the operating system related security patches as and when they become available.This example: the below test show the advantages and disadvantages for Oracle database on windows and Linux once you installed it.

  • Advantages of Oracle UNIX:
          o Significant performance improvement
          o Provides High Availability
          o Contains in-depth system utilities and open-source code
          o Highly respected by Oracle personnel


  • Advantages of Oracle Windows:
         o Very easy to deploy and support
         o Requires far less IT training
         o Simple interface to Microsoft tools such as ODBC and .NET.



And sure there's Disadvantage for both operating system

  • Disadvantages of Oracle UNIX:
        o Required specialized skills (vi editor, shell scripting, etc.)
        o Required highly-technical Systems Administrators and DBA
        o Contains in-depth system utilities and open-source code
        o Security Holes (if mis-configured)
        o Susceptible to root kit attacks


  •  Disadvantages of Oracle Windows:
        o Slower than Linux
        o Less glamorous for the SA and DBA
        o History of poor reliability (bad reputation)
        o Security Holes (if mis-configured)
        o Susceptible to Internet viruses


But if you need to keep your computer fast without effecting on your work then we talk about linux but to make your computer slower then we talking about Windows. Because you don't have any idea about how oracle database need resources.


3. Database root kits:


A database root kit is a program or a procedure that is hidden inside the database and that provides administrator-level privileges to gain access to the data in the database. These root kits may even turn off alerts triggered by Intrusion Prevention Systems (IPS). It is possible to install aroot kit only after compromising the underlying operating system. This can be avoided by periodical audit trails; else the presence of the database root kit may go undetected.




Some day while I am doing my job as Oracle Database Consultant, I found this produce hidden in
database for company (Guys without name please); and guess what? Its work after the DBA who
responsible for this database resign from his work as Job (in specific date and time) .it will me
disaster because this is two major table in the company .



4. Weak authentication:


Weak authentication models allow attackers to employ strategies such as social engineering and brute force to obtain database login credentials and assume the identity of legitimate database users.Look for the following figures it's contain username/password for some users but unfortunately it's too weak and so easy to Decryption and in some cases it's contain only one letter.




Weak audit trails:

A weak audit logging mechanism in a database server represents a critical risk to an organization
especially in retail, financial, healthcare, and other industries with stringent regulatory compliance. Regulations such as PCI, SOX, and HIPAA demand extensive logging of actions to
reproduce an event at a later point of time in case of an incident. Logging of sensitive or unusual
transactions happening in a database must be done in an automated manner for resolving
incidents. Audit trails act as the last line of database defense. Audit trails can detect the existence
of a violation that could help trace back the violation to a particular point of time and a particular
user.




In below picture we the DBA has been disable something called Audit trial (Monitoring the database)




The Audit trial is features in the database give you monitor the database and when I talk about monitoring i mean save the query, update and insert (For each user in the database). In this case we enable audit Trail with DB attribute.




Even if you any one connect to database you can see when; user test connect to database and lets see how the DBA can manage this???







Finally Thank you to give me this change to express and share my knowledge with others Professional I.T people .


Thank you 
Osama mustafa 

Follow me On Twitter Or Linked-In 

1 comment:

  1. Really Amazing Sir. It is useful information for us thanks for the sharing..........

    Thanks and Regards :
    Mr. Qadir Shaikh.
    Visit at http://www.oratc.com

    ReplyDelete