Safety LAMP: data security & agile languages

1,542 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,542
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Safety LAMP: data security & agile languages

  1. 1. Safety LAMPdata securityin the age of agile languages Josh Berkus PostgreSQL Experts, Inc. Enterprise LAMP 2009
  2. 2. LAMP 1.0 (1998)LinuxApacheMySQLPerl,PHP,Python
  3. 3. LAMP 1.1 (2002)LinuxApacheMiddlewarePostgreSQL
  4. 4. LAMP 2.0 (2008)Linux,Solaris, BSDApache,Lighttpd, appserversMySQL,PostgreSQL, SQLite,CouchDB, Memcached,etc.Python,Ruby,PHP,Perl, Javascript
  5. 5. LAMP 2.0 (2008)Linux,Solaris, BSDApache,Lighttpd, appserversMySQL,PostgreSQL, SQLite,CouchDB, Memcached,etc.Python,Ruby,PHP,Perl, Javascript
  6. 6. Why should you care aboutdata security?
  7. 7. “I dont need to know”“Our network security will takecare of it.”“I applied all the web server andPHP patches.”“Security belongs in theapplication layer.”“Database security slowsdevelopment.”“Nobody will hack my website. Werun Linux.”
  8. 8. microsoft
  9. 9. nokia
  10. 10. government agencies
  11. 11. the U.N.
  12. 12. political parties
  13. 13. The cost ofunsafe dataContacting 19,000 customers:$380,000Paying for credit reports for19,000 customers:$931,000Shipping stolen merchandise:$4,600,000Lost customer goodwill andreputation as an insecure &careless company:Priceless!
  14. 14. Why is LAMP special?1. Agility LAMP platforms are designed for rapid development and deployment2. Constant Upgrades LAMP components are rapidly advancing3. Lightweight LAMP stacks are simple and have few layers
  15. 15. Why is LAMP special?1. Agility rapidly deploy security holes2. Constant Upgrades new versions new exploits3. Lightweight few layers fast to hack
  16. 16. How do you makeyour data safe?
  17. 17. securityprinciples
  18. 18. one:security != control
  19. 19. control systems
  20. 20. control systemscorrectly employedimproved security
  21. 21. control systemsincorrectly employed reduced security
  22. 22. two: securityis a process
  23. 23. two: securityis a processnot a result
  24. 24. security process 1.plan 2.design 3.develop 4.test 5.deploy 6.monitor 7.repeat
  25. 25. perimeter-only security anti-DOS firewall open opendatabase webserver load- server balancer insecure secure
  26. 26. perimeter-only security anti-DOS firewall open opendatabase webserver load- server balancer insecure secure
  27. 27. perimeter-only security anti-DOS firewall open opendatabase webserver load- server balancer insecure secure
  28. 28. multilayer security permissions tripwire anti-DOS abstraction updates firewall restricted restrictedaudit database webserver load- server balancer secure
  29. 29. three:every component in your LAMP stackmust be secure
  30. 30. four:how much security do you need?
  31. 31. PerformanceDeployment Speed Cost Data Security
  32. 32. five:have a threat modelWhat is your vulnerable data?(assets)Who wants this data? (threats)How will they get it? (attackvectors)What are the consequences oflost data? (costs)
  33. 33. How do you makeyour data safe?
  34. 34. your database engine can help permissions tripwire anti-DOS abstraction updates firewall restricted restrictedaudit database webserver router server secure
  35. 35. attack vectors Primary attack vectors for data theft in LAMP:1.SQL injection2.direct connection3.application server compromise4.staff malfeasance/mistake5.physical access
  36. 36. attack vectors Primary attack vectors for data theft in LAMP:1.SQL injection2.direct connection3.application server compromise4.staff malfeasance/mistake5.physical access
  37. 37. database tools1.access control2.authentication3.drivers4.privileges5.data abstraction6.encryption7.data auditing8.advanced security frameworks
  38. 38. access controlGoal: Use database access controllists to prevent connections fromanywhere but specified networks. database webserver server
  39. 39. access controlNetwork Isolation: isolated network segment only appservers & admins can connect use firewall tools to restrict ports & networks
  40. 40. access controlDatabase Access Control restrict which users can connect to which databases from which networksPostgreSQL pg_hba.conf, listen_addresses, pgbouncerMySQL users table, MySQL Proxy
  41. 41. authenticationGoal: prevent privilege escalationthrough direct connections to thedatabase.psql -U postgres -hmasterserver -c update usersset password = haxx0rwhere login = administrator
  42. 42. authentication methodsident: host OS responsible forsecurity good for: administrative tasks bad for: external users
  43. 43. authentication methodshashed user/password good for: most things bad for: application server / network compromise
  44. 44. authentication methodskrb5 / sspi / ldap: identitychecked against authenticationservers good for: network/application server compromises bad for: performance, troubleshooting, uptime
  45. 45. driver toolsGoal: prevent SQL injectionprepared queries: $q = prepare(“SELECT * FROM profile WHERE user = ?”); execute($q, db_escape($this_user));
  46. 46. driver toolsGoal: prevent SQL injectionswitches no multi-statement read-only connection
  47. 47. database privilegesGoal: prevent authenticated low-level users from modifying oraccessing restricted data. SELECT FROM users; UPDATE users;
  48. 48. database privileges Privileges Rule #1: your app should not be connectingas the database owner or superuser
  49. 49. ROLEscreate some ROLEs (users and groups) public application_user db_admin application_admin superuser users admins dataentry readonlyclaudio felipe leo wei-chen guest
  50. 50. privilegesbest way to restrict access tospecific dataSQL standardBoth MySQL & PostgreSQL support: database/schema, table, column
  51. 51. privilegesPostgreSQL privileges: tables: SELECT, INSERT, UPDATE, DELETE, ALTER schema: USAGE, CREATE, ALTER function: EXECUTE, ALTER database: CONNECT, TEMP, CREATE, OWNER
  52. 52. database abstractionGoal: prevent theft of sensitivedata by not allowing direct accessto base tablesschema admin schema member rights members settings profiles messages view user_names users login() change_pw()
  53. 53. database abstractionviews a VIEW is a “stored query” with its own permissions limit access to specific rows or columnsstored procedures SECURITY DEFINER procedures allow controlled privilege escalation make sure to lock them down, though!
  54. 54. encryptionGoal: prevent misuse of sensitivedata by anyone who has managed tocapture itthe only protection againstphysical possesionencrypt your backups!
  55. 55. encryption1. encrypted authentication2. encrypted connections3. encryption of specific data4. whole database encryption
  56. 56. the biggest problem with encryption ?
  57. 57. What do you do ifthey get in anyway?sometimes your other measures fail exploits loopholes misconfigurationsometimes the bad guys havelegitimate access users staff sysadmins
  58. 58. database auditingGoal: know what happened after ithappened, and be able to restoreyour data without searching backuptapes.
  59. 59. auditing: logsdozens of log options users connections queries run errorsthe log can help you analyze abreak-in maybe even tell you what was stolen
  60. 60. secure your logsbest way to find “DBA corruption” make sure that not even the admins can erase/alter all copies make sure few people can change postgresql.confuse a secured log server “syslog” is good for thismake a plan for secure logarchiving
  61. 61. data auditingGoal: figure out exactly which datachanged, when and how, and be able toreverse it.Methods Triggers Replication Snapshots
  62. 62. data auditingtable members.profiles member | interests josh | pottery, cookingtable audit_members.profiles member | interests | changed | change_by josh | gaming | 5/23/01 | claudio josh | pottery | 3/24/08 | felipe
  63. 63. xtreme security: multilevel
  64. 64. xtreme security: SE Postgres
  65. 65. contactJosh Berkus josh.berkus@pgexperts.com it.toolbox.com/blogs/database-soupPostgreSQL www.postgresql.org SEPostgres: http://code.google.com/p/sepgsqlPostgreSQL Experts, Inc. www.pgexperts.com Thanks to KaiGai Kohei for SEPostgres diagrams, and to Harrison Fisk for MySQL examples. Thanks to Google Images for the various images, which belong to their original owners. Copyright 2009 Josh Berkus, distributable under the creative commons attribution license

×