SlideShare a Scribd company logo

Top ten database_threats

F
FITSFSd
1 of 14
Download to read offline
Top Ten Database Security Threats How to Mitigate the Most Significant Database Vulnerabilities The enterprise database infrastructure is subject to an overwhelming range of threats. This document is intended to help organizations deal with the most critical of those threats by providing a list of the top ten as identified by Imperva’s Application Defense Center. Background information, general risk mitigation strategies, and an overview of Imperva’s SecureSphere Database Security Gateway protections are provided for each threat. Written by: Amichai Shulman Co-founder, CTO Imperva, Inc.
Top Ten Database Security Threats White Paper Introduction The enterprise database infrastructure is subject to an overwhelming range of threats. This document is intended to help organizations deal with the most critical of those threats by providing a list of the top ten database vulnerabilities as identified by Imperva’s Application Defense Center. Background information, general risk mitigation strategies, and Imperva’s SecureSphere Database Security Gateway protections are provided for each threat. 3. Privilege Elevation 4. Database Platform Vulnerabilities 5. SQL Injection 6. Weak Audit Trail 7. Denial of Service 8. Database Communication Protocol Vulnerabilities 9. Weak Authentication 10. Backup Data Exposure 2. Legitimate Privilege Abuse Top Ten Database Security Threats 1. Excessive Privilege Abuse By addressing these top ten threats, organizations will meet the compliance and risk mitigation requirements of the most regulated industries in the world. Page 2 Imperva, Inc.
White Paper Top Ten Database Security Threats Imperva, Inc. Page 3 Threat 1 - Excessive Privilege Abuse When users (or applications) are granted database access privileges that exceed the requirements of their job function, these privileges may be abused for malicious purpose. For example, a university administrator whose job requires only the ability to change student contact information may take advantage of excessive database update privileges to change grades. A given database user ends up with excessive privileges for the simple reason that database administrators do not have the time to define and update granular access privilege control mechanisms for each user. As a result, all users or large groups of users are granted generic default access privileges that far exceed specific job requirements. Preventing Excessive Privilege Abuse - Query-Level Access Control The solution to excessive privileges is query-level access control. Query-level access control refers to a mechanism that restricts database privileges to minimum-required SQL operations (SELECT, UPDATE, etc.) and data. The granularity of data access control must extend beyond the table to specific rows and columns within a table. A sufficiently granular query-level access control mechanism would allow the rogue university administrator described previously to update contact information, but issue an alert if he attempts to changes grades. Query-level access control is useful not only for detecting excessive privilege abuse by malicious employees, but also for preventing most of the other top ten threats described herein. Most database software implementations integrate some level of query-level access control (triggers, row- level security, etc), but the manual nature of these “built-in” features make them impractical for all but the most limited deployments. The process of manually defining a query-level access control policy for all users across database rows, columns and operations is simply too time consuming. To make matters worse, as user roles change over time, query policies must be updated to reflect those new roles! Most database administrators would have a hard time defining a useful query policy for a handful of users at a single point in time, much less hundreds of users over time. As a result, most organizations provide users with a generic set of excessive access privileges that work for a large number of users. Automated tools are necessary to make real query-level access control a reality. SecureSphere Dynamic Profiling – Automated Query Level Access Control The SecureSphere Database Security Gateway provides an automated mechanism for defining and enforcing query-level access control policies. SecureSphere’s Dynamic Profiling technology applies automated learning algorithms to create query-level usage profiles for each user and application accessing the database. Each profile extends from general usage patterns to each individual query and stored procedure. SecureSphere’s learning algorithms continuously update the profile over time to eliminate manual tuning as user roles change. If any user initiates an action that does not fit their profile, SecureSphere logs the event, issues an alert, and may optionally block the action depending upon severity. The grade-changing university administrator mentioned previously would be easily detected with Dynamic Profiling. The administrator’s profile would include a set of queries that reflect normal modifications to specific student contact information and perhaps read-only access to grades. However, a sudden attempt to change grades would trigger an alert.
Top Ten Database Security Threats White Paper Page 4 Imperva, Inc. Threat 2 - Legitimate Privilege Abuse Users may also abuse legitimate database privileges for unauthorized purposes. Consider a hypothetical rogue healthcare worker with privileges to view individual patient records via a custom Web application. The structure of the Web application normally limits users to viewing an individual patient’s healthcare history – multiple records cannot be viewed simultaneously and electronic copies are not allowed. However, the rogue worker may circumvent these limitations by connecting to the database using an alternative client such as MS-Excel. Using MS-Excel and his legitimate login credentials, the worker may retrieve and save all patient records. It is unlikely that such personal copies of patient record databases comply with any healthcare organization’s patient data protection policies. There are two risks to consider. The first is the rogue worker who is willing to trade patient records for money. The second (and perhaps more common) is the negligent employee that retrieves and stores large amounts of information to their client machine for legitimate work purposes. Once the data exists on an endpoint machine, it becomes vulnerable to, Trojans, laptop theft, etc. Preventing Legitimate Privilege Abuse – Understanding the Context of Database Access The solution to legitimate privilege abuse is database access control that applies not only to specific queries as described above, but to the context surrounding database access. By enforcing policy for client applications, time of day, location, etc., it’s possible to identify users who are using legitimate database access privileges in a suspicious manner. SecureSphere Dynamic Profiling – Context-Based Access Control In addition to query information (see Excessive Privileges above) SecureSphere’s Dynamic Profiling technology automatically creates a model of the context surrounding normal database interactions. Specific contextual information stored in the profile includes time of day, source IP address, volume of data retrieved, application client, etc. Any connection whose context does not match the information stored in the user’s profile triggers an alert. For example, the rogue healthcare worker described previously is detected by SecureSphere due not only to non-standard use of an MS-Excel client, but also due to the volume of data retrieved in a single session. In this specific case, deviations in the structure of the non-standard MS-Excel query would also trigger a query- level violation (see Excessive Privilege abuse above). Threat 3 Privilege Elevation Attackers may take advantage of database platform software vulnerabilities to convert access privileges from those of an ordinary user to those of an administrator. Vulnerabilities may be found in stored procedures, built-in functions, protocol implementations, and even SQL statements. For example, a software developer at a financial institution might take advantage of a vulnerable function to gain the database administrative privilege. With administrative privilege, the rogue developer may turn off audit mechanisms, create bogus accounts, transfer funds, etc. Preventing Privilege Elevation – IPS and Query Level Access Control Privilege elevation exploits can be prevented with a combination of traditional intrusion prevention systems (IPS) and query-level access control (see Excessive Privileges above). IPS inspects database traffic to identify patterns which correspond to known vulnerabilities. For example, if a given function is known to be vulnerable, then an IPS may either block all access to the vulnerable procedure, or (if possible) block only those procedures with embedded attacks.
White Paper Top Ten Database Security Threats Imperva, Inc. Page 5 Unfortunately, accurately targeting only those database requests with attacks can be difficult using IPS alone. Many vulnerable database functions are commonly used for legitimate purposes. Therefore, blocking all occurrences of such functions is not an option. The IPS must accurately separate legitimate functions from those with embedded attacks. In many cases, the infinite variations in attacks make this impossible. In such cases, IPS systems can be used in alert mode only (no blocking) since false positives are likely. To improve accuracy, IPS may be combined with alternative attack indicators such as query access control. IPS may be used to check whether or not a database request accesses a vulnerable function while query access control detects whether or not the request matches normal user behavior. If a single request indicates access to a vulnerable function and unusual behavior, then an attack is almost certainly in progress. SecureSphere Privilege Elevation – Integrated IPS and Dynamic Profiling SecureSphere integrates advanced IPS and Dynamic Profiling for query access control (see Excessive Privileges above). Together, these technologies provide extremely accurate privilege elevation protection. SecureSphere IPS delivers protection against attacks targeting known vulnerabilities with Snort®-compatible signature dictionaries for all protocols. In addition, Imperva’s international security research organization, the Application Defense Center, provides proprietary SQL-specific protections to ensure that SecureSphere represents the world’s leading database IPS security. The SecureSphere Security Update Service automatically updates all signature dictionaries to ensure that the most current protections are continuously enforced. SecureSphere IPS blocks certain easily identifiable attacks inline without requiring any additional attack confirmations. However, if a given request can be classified as suspicious-only, then SecureSphere correlates the request with related Dynamic Profile violations to validate an attack. To illustrate how SecureSphere integrates IPS and Dynamic Profiling, let’s return to the rogue financial services software developer described earlier. Imagine that the developer attempts to take advantage of a known buffer overflow in a database function to insert malicious code to elevate his privileges to those of a database administrator. In this case, SecureSphere identifies two simultaneous violations. First, any query which attempts to access a known vulnerable function triggers an IPS violation. Second, the unusual query triggers a profile violation. By correlating two violations in a single database request from the same user, an attack is validated with extreme accuracy and a high priority alert or blocking action may be issued. Threat 4 - Platform Vulnerabilities Vulnerabilities in underlying operating systems (Windows 2000, UNIX, etc.) and additional services installed on a database server may lead to unauthorized access, data corruption, or denial of service. The Blaster Worm, for example, took advantage of a Windows 2000 vulnerability to create denial of service conditions. Preventing Platform Attacks - Software Updates and Intrusion Prevention Protection of database assets from platform attacks requires a combination of regular software updates (patches) and Intrusion Prevention Systems (IPS). Vendor provided updates eliminate vulnerabilities found in database platform over time. Unfortunately, software updates are provided and implemented by enterprises according to periodic cycles. In between update cycles, databases are not protected. In addition, compatibility problems sometimes prevent software updates altogether. To address these problems, IPS should be implemented. As described previously, IPS inspects database traffic and identifies attacks targeting known vulnerabilities.
Top Ten Database Security Threats White Paper Page 6 Imperva, Inc. SecureSphere Platform Protection - IPS As described previously (see Privilege Elevation above), SecureSphere integrates advanced IPS for protection against database worms and other platform attacks. Imperva’s Application Defense Center research organization delivers unique database specific attack protections that ensure the world’s most robust database IPS security. In fact, SecureSphere IPS even includes protections against vulnerabilities that have not been made public by database platform vendors and for which fixes are not available. Threat 5 - SQL Injection In a SQL injection attack, a perpetrator typically inserts (or “injects”) unauthorized database statements into a vulnerable SQL data channel. Typically targeted data channels include stored procedures and Web application input parameters. These injected statements are then passed to the database where they are executed. Using SQL injection, attackers may gain unrestricted access to an entire database. Preventing SQL Injection Three techniques can be combined to effectively combat SQL injection: intrusion prevention (IPS), query-level access control (see Excessive Privilege Abuse), and event correlation. IPS can identify vulnerable stored procedures or SQL injection strings. However, IPS alone is not reliable since SQL injection strings are prone to false positives. Security managers who rely on IPS alone would be bombarded with “possible” SQL injection alerts. However, by correlating a SQL injection signature with another violation such as a query-level access control violation, a real attack can be identified with extreme accuracy. It’s unlikely that a SQL injection signature and another violation would appear in the same request during normal business operation. SecureSphere SQL Injection Protection SecureSphere integrates Dynamic Profiling, IPS, and Correlated Attack Validation technologies to identify SQL injection with unmatched accuracy. • Dynamic Profiling delivers query-level access control by automatically creating profiles of each user and application’s normal query patterns. Any query (such as a SQL injection attack query) that does not match previously established user or application patterns are immediately identified. • SecureSphere IPS includes unique database signature dictionaries designed specifically to identify vulnerable stored procedures and SQL injection strings. • Correlated Attack Validation correlates security violations originating from multiple SecureSphere detection layers. By correlating multiple violations from the same user, SecureSphere is able to detect SQL injection with a degree of accuracy that is not possible using any single detection layer. Consider the stored procedure SQL injection attack shown below. exec ctxsys.driload.validate_stmt (‘grant dba to scott’) In this attack, the attacker (scott) is attempting to grant himself database administrator privileges by embedding a “grant” operation into a vulnerable stored procedure. SecureSphere would handle this attack with one of two processes depending whether or not the stored procedure is part of a required business function. Vulnerable Stored Procedure Not Required Ideally vulnerable stored procedures are not used by any users or applications. If this is the case, SecureSphere IPS is sufficient to accurately identify and optionally block all instances of this attackk. Normal business activities will not match such a complex character string (…ctxsys.driload…).
White Paper Top Ten Database Security Threats Imperva, Inc. Page 7 Vulnerable Stored Procedure Required In some cases, a vulnerable stored procedure is part of a required business function. For example, it may be part of a legacy application that cannot be changed. In this case, SecureSphere will first alert security managers to the use of this function. Then, Correlated Attack Validation can be optionally applied to correlate occurrences of this signature with a list of users and applications that are approved to use the procedure. If any unapproved user attempts to use the procedure, SecureSphere can issue an alert or optionally block the request. Threat 6 - Weak Audit Trail Automated recording of all sensitive and/or unusual database transactions should be part of the foundation underlying any database deployment. Weak database audit policy represents a serious organizational risk on many levels. • Regulatory Risk - Organizations with weak (or sometimes non-existent) database audit mechanisms will increasingly find that they are at odds with government regulatory requirements. Sarbanes-Oxley (SOX) in the financial services sector and the Healthcare Information Portability and Accountability Act (HIPAA) in the healthcare sector are just two examples of government regulation with clear database audit requirements. • Deterrence – Like video cameras recording the faces of individuals entering a bank, database audit mechanisms serves to deter attackers who know that database audit tracking provide investigators with forensics link intruders to a crime. • Detection and Recovery – Audit mechanisms represent the last line of database defense. If an attacker manages to circumvent other defenses, audit data can identify the existence of a violation after the fact. Audit data may then be used to link a violation to a particular user and/or repair the system. Database software platforms typically integrate basic audit capabilities but they suffer from multiple weaknesses that limit or preclude deployment.
Top Ten Database Security Threats White Paper Page 8 Imperva, Inc. • Lack of User Accountability – When users access the database via Web applications (such as SAP, Oracle E-Business Suite, or PeopleSoft), native audit mechanisms have no awareness of specific user identities. In this case, all user activity is associated with the Web application account name. Therefore, when native audit logs reveal fraudulent database transactions, there is no link to the responsible user. • Performance Degradation - Native database audit mechanisms are notorious for consuming CPU and disk resources. The performance decline experienced when audit features are enabled forces many organizations to scale back or altogether eliminate auditing. • Separation of Duties – Users with administrative access (either legitimately or maliciously obtained – see privilege elevation) to the database server can simply turn off auditing to hide fraudulent activity. Audit duties should ideally be separate from both database administrators and the database server platform. • Limited Granularity – Many native audit mechanisms do not record details necessary to support attack detection, forensics and recovery. For example, database client application, source IP addresses, query response attributes, and failed queries (an important attack reconnaissance indicator) are not recorded by many native mechanisms. • Proprietary – Audit mechanisms are unique to database server platform - Oracle logs are different from MS-SQL, MS-SQL logs are different form Sybase, etc. For organizations with mixed database environments, this virtually eliminates implementation of uniform, scalable audit processes across the enterprise. Preventing Weak Audit Quality network-based audit appliances address most of the weaknesses associated with native audit tools. • High Performance – Network-based audit appliances can operate at line speed with zero impact on database performance. In fact, by offloading audit processes to network appliances, organizations can expect to improve database performance. • Separation of Duties – Network-based audit appliances may operate independently of database administers making it possible to separate audit duties from administrative duties as appropriate. In addition, since network devices are independent of the server itself, they are also invulnerable to privilege elevation attacks carried out by non-administrators. • Cross-Platform Auditing - Network audit appliances typically support all leading database platforms enabling uniform standards and centralized audit operations across large heterogeneous database environments Together, these attributes reduce database server costs, load-balancing requirements, and administrative costs. They also deliver better security. SecureSphere Audit Capabilities In addition to the general advantages associated with network-base audit appliances described above, SecureSphere delivers a series of unique audit capabilities that set it apart for alternative approaches.
White Paper Top Ten Database Security Threats Imperva, Inc. Page 9 • Universal User Tracking makes individual users accountable for their actions - even when they access the database via commercial (Oracle, SAP, PeopleSoft, etc) or custom Web applications. To identify Web application user names, a dedicated SecureSphere interface captures application login information, tracks subsequent Web user sessions, and correlates those with database transactions. The resulting audit logs include unique Web application user names. • Granular Transaction Tracking supports advanced fraud detection, forensics, and recovery. Log details include details such as source application name, complete query text, query response attributes, source OS, source host name, and much more. • Distributed Audit Architecture enables granular transaction tracking (see above) while retaining the ability to scale across large data centers. The architecture distributes necessary storage and computing resources across distributed SecureSphere Gateway appliances. The SecureSphere Management Server present audit staff with a unified view of the data center. The Management Server effectively enables many gateways to be managed as if they were a single gateway from the perspective of audit staff. Alternative approaches either recommend restricted transaction logging or force administrators to manage many distributed devices independently. • External Data Archival capabilities automate long term data archival processes. SecureSphere may be configured to periodically archive data to external mass storage systems. Data may be optionally compressed, encrypted, signed prior to archival. • Integrated Graphical Reporting provides administrators with a flexible and easy-to-understand mechanism for analyzing the audit trail. It includes preconfigured reports that answer common audit questions, while allowing for the creation of customized reports to meet enterprise-specific requirements. Alternatively, any ODBC compliant external reporting package may be used to analyze SecureSphere audit data. • Local Console Activity Auditing is provided through the SecureSphere DBA Security Monitor. The DBA Monitor is a lightweight host agent installed on the database server to monitor local database administrator activity. Together, the DBA Security Monitor and SecureSphere Gateways provide a comprehensive audit trail with negligible impact, or in some cases improving database performance. Threat 7 - Denial of Service Denial of Service (DOS) is a general attack category in which access to network applications or data is denied to intended users. Denial of service (DOS) conditions may be created via many techniques - many of which are related to previously mentioned vulnerabilities. For example, DOS may be achieved by taking advantage of a database platform vulnerability to crash a server. Other common DOS techniques include data corruption, network flooding, and server resource overload (memory, CPU, etc.). Resource overload is particularly common in database environments. The motivations behind DOS are similarly diverse. DOS attacks are often linked to extortion scams in which a remote attacker will repeatedly crash servers until the victim deposits funds to an international bank account. Alternatively, DOS may be traced to a worm infection. Whatever the source, DOS represents a serious threat for many organizations. Preventing Denial of Service DOS prevention requires protections at multiple levels. Network, application, and database level protections are all necessary. This document focuses on database-specific protections. In this database-specific context, deployment of connection rate control, IPS, query access control, and response timing control are recommended.
Top Ten Database Security Threats White Paper Page 10 Imperva, Inc. SecureSphere DOS Protections • Connection Controls prevents server resource overload by limiting connection rates, query rates, and other variables for each database user. • IPS and Protocol Validation prevent attackers from exploiting known software vulnerabilities to create DOS. Buffer overflow, for example, is a common platform vulnerability that may be exploited to crash database servers. Refer to the Privilege Elevation and Database Communications Protocol Vulnerabilities sections of this document for more complete descriptions of SecureSphere IPS and Database Communications Protocol Validation technologies • Dynamic Profiling automatically provides query access control to detect any unauthorized queries that may lead to DOS. DOS attacks targeting platform vulnerabilities, for example, would be likely to trigger both IPS and Dynamic Profile violations. By correlating these violations, SecureSphere can achieve unmatched accuracy. Refer to the Excessive Privilege Abuse section of this paper for a more complete description of Dynamic Profiling. • Response Timing – Database DOS attacks designed to overload server resources lead to delayed database responses. SecureSphere’s Response Timing feature detects delays in both individual query responses and the overall system. Threat 8 - Database Communications Protocol Vulnerabilities A growing number of security vulnerabilities are being identified in the database communication protocols of all database vendors. Four out of seven security fixes in the two most recent IBM DB2 FixPacks address protocol vulnerabilities1. Similarly, 11 out of 23 database vulnerabilities fixed in the most recent Oracle quarterly patch relate to protocols. Fraudulent activity targeting these vulnerabilities can range from unauthorized data access, to data corruption, to denial of service. The SQL Slammer2 worm, for example, took advantage of a flaw in the Microsoft SQL Server protocol to force denial of service. To make matters worse, no record of these fraud vectors will exist in the native audit trail since protocol operations are not covered by native database audit mechanisms. Preventing Database Communication Protocol Attacks Database communication protocol attacks can be defeated with technology commonly referred to as protocol validation. Protocol validation technology essentially parses (disassembles) database traffic and compares it to expectations. In the event that live traffic does not match expectations, alerts or blocking actions may be taken. SecureSphere Database Communication Protocol Validation SecureSphere’s Database Communication Protocol Validation audits and protects against protocol threats by comparing live database communications protocols to expected protocol structures. No other database security or audit solution provides this capability. It is derived through the Imperva Application Defense Center’s (ADC) ongoing research into proprietary database communication protocols and vulnerabilities. Database and application vendors including Oracle, Microsoft, and IBM have credited the ADC with the discovery of serious vulnerabilities and mitigation techniques that have led to increased security in their products. Based upon this research, Imperva is able to incorporate unmatched protocol knowledge into SecureSphere. 1 Two of these vulnerabilities were discovered and reported by the Imperva Application Defense Center. See http://www.imperva.com/application_defense_center/papers/ibm-dbms-05052006.html and http://www.imperva.com/application_defense_center/papers/ibm-dbms-09052006.html . 2 The SQL slammer worm caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic on January 25, 2003. It spread rapidly, infecting most of its 75,000 victims within 10 minutes. Source: http://en.wikipedia.org
White Paper Top Ten Database Security Threats Imperva, Inc. Page 11 Threat 9 - Weak Authentication Weak authentication schemes allow attackers to assume the identity of legitimate database users by stealing or otherwise obtaining login credentials. An attacker may employ any number of strategies to obtain credentials. • Brute Force - The attacker repeatedly enters username/password combinations until he finds one that works. The brute force process may involve simple guesswork or systematic enumeration of all possible username/password combinations. Often an attacker will use automated programs to accelerate the brute force process. • Social Engineering – A scheme in which the attacker takes advantage the natural human tendency to trust in order to convince others to provide their login credentials. For example, an attacker may present himself via phone as an IT manager and request login credentials for “system maintenance” purposes. • Direct Credential Theft – An attacker may steal login credentials by copying post-it notes, password files, etc. Preventing Authentication Attacks Strong Authentication The strongest practical authentication technologies and policies should be implemented. Two-factor authentication (tokens, certificates, biometrics, etc.) are preferable whenever possible. Unfortunately, cost and ease of use issues often make two-factor authentication impractical. In such cases, strong username/password policy (minimum length, character diversity, obscurity, etc) should be enforced. Directory Integration For scalability and ease of use, strong authentication mechanisms should be integrated with enterprise directory infrastructure. Among other things, a directory infrastructure can enable a user to use a single set of log-in credentials for multiple databases and applications. This makes two-factor authentication systems more cost effective and/or makes it much easier for users to memorize regularly change passwords. SecureSphere Authentication Protections Unfortunately, despite best efforts at strong authentication, breakdowns occasionally occur. Password policies are ignored; a lucky attacker may successfully brute force even a reasonably strong password; a legacy authentication scheme may be required for practical reasons; the list goes on. To deal with these situations, SecureSphere’s Dynamic Profiling, Failed Login Detection, and Authentication Assessment provide broadly applicable authentication protection. Dynamic Profiling Dynamic Profiling (see Excessive Privileges and Privilege Abuse above) automatically tracks a range of user attributes that detect compromised login credentials. These attributes include user IP addresses, hostnames, operating system username and client application. For example, the previously described attacker who manages to gain login credentials by posing as an IT administrator would trigger multiple SecureSphere alerts when trying to use stolen credentials. The attacker’s hostname, operating system username, and possibly even the IP address would not match the profile of the real owner of the compromised login credentials. To further illustrate the power of Dynamic Profiling, assume an attacker somehow manages to compromise a user’s database credentials and operating system credentials. Further assume the attacker finds a way to also use the victim’s actual computer. SecureSphere is still extremely likely to identify the attack! At least two SecureSphere violations come into play.
Top Ten Database Security Threats White Paper Page 12 Imperva, Inc. o Unauthorized Query - Attack activity is likely to violate the compromised user’s normal usage profile. The attacker may access an unusual table or use an unusual database operation (UPDATE, DELETE, etc). o Time of Day – To gain access to the compromised user’s computer, the attacker is likely use the machine at night or during other off-hours. Since the SecureSphere Dynamic Profile includes a model of normal hours, unusual off-hours access will trigger a Time of Day violation. Failed Login Detection SecureSphere’s Failed Login Detection optionally enforces a failed database login threshold (count and timeframe) to prevent brute force attacks. Password Policy Assessment 3 As part of it’s active assessment capability, SecureSphere evaluates password policy controls that are enforced by the database. For example, SecureSphere can determine whether or not password length, character diversity, and reset intervals are enforced by the database server. Threat 10 - Backup Data Exposure Backup database storage media is often completely unprotected from attack. As a result, several high profile security breaches have involved theft of database backup tapes and hard disks. Preventing Backup Data Exposure All database backups should be encrypted. In fact, some vendors have suggested that future DBMS products may not support the creation of unencrypted backups. Encryption of on-line production database information is often suggested, but performance and cryptographic key management drawbacks often make this impractical and are generally acknowledged to be a poor substitute for granular privilege controls described above. 3 Available Q2, 2007
White Paper Top Ten Database Security Threats Imperva, Inc. Page 13 Summary Although databases information is vulnerable to a host of attacks, it is possible to dramatically reduce risk by focusing on the most critical threats. By addressing the top 10 threats outlined above, organizations will meet the compliance and risk mitigation requirements of the most regulated industries in the world. About the Author Amichai Shulman is co-founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva’s internationally recognized research organization focused on security and compliance. Mr. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. The press draws on Mr. Shulman’s expertise to comment on breaking news, including security breaches, mitigation techniques, and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM, and Microsoft. Prior to Imperva, Mr. Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Mr. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology. For More Information For more information on identity theft see the Imperva “Top 5 On-line Identity Theft Attacks” Webinar at .http://www.imperva.com/company/webcasts.html For more information on the Imperva SecureSphere Web Application Firewall see .http://www.imperva.com/products/securesphere/web_application_firewall.html
Top Ten Database Security Threats White Paper US Headquarters International Headquarters 950 Tower Lane 12 Hachilazon Street Suite 1550 Ramat-Gan 52522 Foster City, CA 94404 Israel Tel: (650) 345-9000 Tel: +972-3-6120133 Fax: (650) 345-9004 Fax: +972-3-7511133 © 2006 Imperva, Inc. All rights reserved. Imperva and SecureSphere are registered trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders. Page 14 Imperva, Inc.

Recommended

A Review Report on Security Threats on Database
A Review Report on Security Threats on DatabaseA Review Report on Security Threats on Database
A Review Report on Security Threats on DatabaseShivnandan Singh
 
A1802030104
A1802030104A1802030104
A1802030104IOSR Journals
 
Csec 610 Believe Possibilities / snaptutorial.com
Csec 610 Believe Possibilities / snaptutorial.comCsec 610 Believe Possibilities / snaptutorial.com
Csec 610 Believe Possibilities / snaptutorial.comDavis10a
 
CSEC 610 Education Specialist / snaptutorial.com
CSEC 610 Education Specialist / snaptutorial.comCSEC 610 Education Specialist / snaptutorial.com
CSEC 610 Education Specialist / snaptutorial.comMcdonaldRyan78
 
CSEC 610 Effective Communication/tutorialrank.com
CSEC 610 Effective Communication/tutorialrank.com CSEC 610 Effective Communication/tutorialrank.com
CSEC 610 Effective Communication/tutorialrank.comjonhson198
 
Csec 610 Education Organization-snaptutorial.com
Csec 610 Education Organization-snaptutorial.comCsec 610 Education Organization-snaptutorial.com
Csec 610 Education Organization-snaptutorial.comrobertlesew5
 
CSEC 610 Effective Communication - snaptutorial.com
CSEC 610 Effective Communication - snaptutorial.comCSEC 610 Effective Communication - snaptutorial.com
CSEC 610 Effective Communication - snaptutorial.comdonaldzs7
 
Cyb 610Education Specialist / snaptutorial.com
Cyb 610Education Specialist / snaptutorial.comCyb 610Education Specialist / snaptutorial.com
Cyb 610Education Specialist / snaptutorial.comMcdonaldRyan80
 

Recommended

A Review Report on Security Threats on Database
A Review Report on Security Threats on DatabaseA Review Report on Security Threats on Database
A Review Report on Security Threats on DatabaseShivnandan Singh
 
A1802030104
A1802030104A1802030104
A1802030104IOSR Journals
 
Csec 610 Believe Possibilities / snaptutorial.com
Csec 610 Believe Possibilities / snaptutorial.comCsec 610 Believe Possibilities / snaptutorial.com
Csec 610 Believe Possibilities / snaptutorial.comDavis10a
 
CSEC 610 Education Specialist / snaptutorial.com
CSEC 610 Education Specialist / snaptutorial.comCSEC 610 Education Specialist / snaptutorial.com
CSEC 610 Education Specialist / snaptutorial.comMcdonaldRyan78
 
CSEC 610 Effective Communication/tutorialrank.com
CSEC 610 Effective Communication/tutorialrank.com CSEC 610 Effective Communication/tutorialrank.com
CSEC 610 Effective Communication/tutorialrank.comjonhson198
 
Csec 610 Education Organization-snaptutorial.com
Csec 610 Education Organization-snaptutorial.comCsec 610 Education Organization-snaptutorial.com
Csec 610 Education Organization-snaptutorial.comrobertlesew5
 
CSEC 610 Effective Communication - snaptutorial.com
CSEC 610 Effective Communication - snaptutorial.comCSEC 610 Effective Communication - snaptutorial.com
CSEC 610 Effective Communication - snaptutorial.comdonaldzs7
 
Cyb 610Education Specialist / snaptutorial.com
Cyb 610Education Specialist / snaptutorial.comCyb 610Education Specialist / snaptutorial.com
Cyb 610Education Specialist / snaptutorial.comMcdonaldRyan80
 
Cyb 610 Education Organization-snaptutorial.com
Cyb 610 Education Organization-snaptutorial.comCyb 610 Education Organization-snaptutorial.com
Cyb 610 Education Organization-snaptutorial.comrobertlesew8
 
CYB 610 Effective Communication - snaptutorial.com
CYB 610 Effective Communication - snaptutorial.comCYB 610 Effective Communication - snaptutorial.com
CYB 610 Effective Communication - snaptutorial.comdonaldzs9
 
CYB 610 Exceptional Education - snaptutorial.com
CYB 610 Exceptional Education - snaptutorial.comCYB 610 Exceptional Education - snaptutorial.com
CYB 610 Exceptional Education - snaptutorial.comDavisMurphyA98
 
Cyb 610 Believe Possibilities / snaptutorial.com
Cyb 610 Believe Possibilities / snaptutorial.comCyb 610 Believe Possibilities / snaptutorial.com
Cyb 610 Believe Possibilities / snaptutorial.comDavis12a
 
CST 610 RANK Introduction Education--cst610rank.com
CST 610 RANK Introduction Education--cst610rank.comCST 610 RANK Introduction Education--cst610rank.com
CST 610 RANK Introduction Education--cst610rank.comagathachristie265
 
CST 610 RANK Educational Specialist--cst610rank.com
CST 610 RANK Educational Specialist--cst610rank.comCST 610 RANK Educational Specialist--cst610rank.com
CST 610 RANK Educational Specialist--cst610rank.comVSNaipaul15
 
CST 610 RANK Become Exceptional--cst610rank.com
CST 610 RANK Become Exceptional--cst610rank.comCST 610 RANK Become Exceptional--cst610rank.com
CST 610 RANK Become Exceptional--cst610rank.comagathachristie112
 
CST 610 RANK Inspiring Innovation--cst610rank.com
CST 610 RANK Inspiring Innovation--cst610rank.comCST 610 RANK Inspiring Innovation--cst610rank.com
CST 610 RANK Inspiring Innovation--cst610rank.comKeatonJennings104
 
CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.com CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.comjonhson199
 
Csec 610 Enhance teaching / snaptutorial.com
Csec 610 Enhance teaching / snaptutorial.comCsec 610 Enhance teaching / snaptutorial.com
Csec 610 Enhance teaching / snaptutorial.comBaileyabv
 
Cst 610 Believe Possibilities / snaptutorial.com
Cst 610 Believe Possibilities / snaptutorial.comCst 610 Believe Possibilities / snaptutorial.com
Cst 610 Believe Possibilities / snaptutorial.comDavis10a
 
CST 610 Effective Communication/tutorialrank.com
CST 610 Effective Communication/tutorialrank.comCST 610 Effective Communication/tutorialrank.com
CST 610 Effective Communication/tutorialrank.comjonhson198
 
CST 610 RANK Achievement Education--cst610rank.com
CST 610 RANK Achievement Education--cst610rank.comCST 610 RANK Achievement Education--cst610rank.com
CST 610 RANK Achievement Education--cst610rank.comkopiko146
 
CST 610 RANK Remember Education--cst610rank.com
CST 610 RANK Remember Education--cst610rank.comCST 610 RANK Remember Education--cst610rank.com
CST 610 RANK Remember Education--cst610rank.comchrysanthemu49
 
Cyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.comCyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.comBaileyaby
 
CST 610 RANK Redefined Education--cst610rank.com
CST 610 RANK Redefined Education--cst610rank.comCST 610 RANK Redefined Education--cst610rank.com
CST 610 RANK Redefined Education--cst610rank.comclaric240
 
CST 610 Exceptional Education - snaptutorial.com
CST 610 Exceptional Education - snaptutorial.comCST 610 Exceptional Education - snaptutorial.com
CST 610 Exceptional Education - snaptutorial.comDavisMurphyA97
 
CST 610 Effective Communication - snaptutorial.com
CST 610 Effective Communication - snaptutorial.comCST 610 Effective Communication - snaptutorial.com
CST 610 Effective Communication - snaptutorial.comdonaldzs7
 
Cst 610 Enhance teaching / snaptutorial.com
Cst 610 Enhance teaching / snaptutorial.comCst 610 Enhance teaching / snaptutorial.com
Cst 610 Enhance teaching / snaptutorial.comBaileyabw
 
Web application sec_3
Web application sec_3Web application sec_3
Web application sec_3vhimsikal
 
Why Use Cloud Computing in Claims
Why Use Cloud Computing in ClaimsWhy Use Cloud Computing in Claims
Why Use Cloud Computing in Claimsjgladman
 
Diplomado modulo ii sesion 1
Diplomado modulo ii sesion 1Diplomado modulo ii sesion 1
Diplomado modulo ii sesion 1La Enredadera
 

More Related Content

What's hot

Cyb 610 Education Organization-snaptutorial.com
Cyb 610 Education Organization-snaptutorial.comCyb 610 Education Organization-snaptutorial.com
Cyb 610 Education Organization-snaptutorial.comrobertlesew8
 
CYB 610 Effective Communication - snaptutorial.com
CYB 610 Effective Communication - snaptutorial.comCYB 610 Effective Communication - snaptutorial.com
CYB 610 Effective Communication - snaptutorial.comdonaldzs9
 
CYB 610 Exceptional Education - snaptutorial.com
CYB 610 Exceptional Education - snaptutorial.comCYB 610 Exceptional Education - snaptutorial.com
CYB 610 Exceptional Education - snaptutorial.comDavisMurphyA98
 
Cyb 610 Believe Possibilities / snaptutorial.com
Cyb 610 Believe Possibilities / snaptutorial.comCyb 610 Believe Possibilities / snaptutorial.com
Cyb 610 Believe Possibilities / snaptutorial.comDavis12a
 
CST 610 RANK Introduction Education--cst610rank.com
CST 610 RANK Introduction Education--cst610rank.comCST 610 RANK Introduction Education--cst610rank.com
CST 610 RANK Introduction Education--cst610rank.comagathachristie265
 
CST 610 RANK Educational Specialist--cst610rank.com
CST 610 RANK Educational Specialist--cst610rank.comCST 610 RANK Educational Specialist--cst610rank.com
CST 610 RANK Educational Specialist--cst610rank.comVSNaipaul15
 
CST 610 RANK Become Exceptional--cst610rank.com
CST 610 RANK Become Exceptional--cst610rank.comCST 610 RANK Become Exceptional--cst610rank.com
CST 610 RANK Become Exceptional--cst610rank.comagathachristie112
 
CST 610 RANK Inspiring Innovation--cst610rank.com
CST 610 RANK Inspiring Innovation--cst610rank.comCST 610 RANK Inspiring Innovation--cst610rank.com
CST 610 RANK Inspiring Innovation--cst610rank.comKeatonJennings104
 
CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.com CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.comjonhson199
 
Csec 610 Enhance teaching / snaptutorial.com
Csec 610 Enhance teaching / snaptutorial.comCsec 610 Enhance teaching / snaptutorial.com
Csec 610 Enhance teaching / snaptutorial.comBaileyabv
 
Cst 610 Believe Possibilities / snaptutorial.com
Cst 610 Believe Possibilities / snaptutorial.comCst 610 Believe Possibilities / snaptutorial.com
Cst 610 Believe Possibilities / snaptutorial.comDavis10a
 
CST 610 Effective Communication/tutorialrank.com
CST 610 Effective Communication/tutorialrank.comCST 610 Effective Communication/tutorialrank.com
CST 610 Effective Communication/tutorialrank.comjonhson198
 
CST 610 RANK Achievement Education--cst610rank.com
CST 610 RANK Achievement Education--cst610rank.comCST 610 RANK Achievement Education--cst610rank.com
CST 610 RANK Achievement Education--cst610rank.comkopiko146
 
CST 610 RANK Remember Education--cst610rank.com
CST 610 RANK Remember Education--cst610rank.comCST 610 RANK Remember Education--cst610rank.com
CST 610 RANK Remember Education--cst610rank.comchrysanthemu49
 
Cyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.comCyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.comBaileyaby
 
CST 610 RANK Redefined Education--cst610rank.com
CST 610 RANK Redefined Education--cst610rank.comCST 610 RANK Redefined Education--cst610rank.com
CST 610 RANK Redefined Education--cst610rank.comclaric240
 
CST 610 Exceptional Education - snaptutorial.com
CST 610 Exceptional Education - snaptutorial.comCST 610 Exceptional Education - snaptutorial.com
CST 610 Exceptional Education - snaptutorial.comDavisMurphyA97
 
CST 610 Effective Communication - snaptutorial.com
CST 610 Effective Communication - snaptutorial.comCST 610 Effective Communication - snaptutorial.com
CST 610 Effective Communication - snaptutorial.comdonaldzs7
 
Cst 610 Enhance teaching / snaptutorial.com
Cst 610 Enhance teaching / snaptutorial.comCst 610 Enhance teaching / snaptutorial.com
Cst 610 Enhance teaching / snaptutorial.comBaileyabw
 
Web application sec_3
Web application sec_3Web application sec_3
Web application sec_3vhimsikal
 

What's hot (20)

Cyb 610 Education Organization-snaptutorial.com
Cyb 610 Education Organization-snaptutorial.comCyb 610 Education Organization-snaptutorial.com
Cyb 610 Education Organization-snaptutorial.com
 
CYB 610 Effective Communication - snaptutorial.com
CYB 610 Effective Communication - snaptutorial.comCYB 610 Effective Communication - snaptutorial.com
CYB 610 Effective Communication - snaptutorial.com
 
CYB 610 Exceptional Education - snaptutorial.com
CYB 610 Exceptional Education - snaptutorial.comCYB 610 Exceptional Education - snaptutorial.com
CYB 610 Exceptional Education - snaptutorial.com
 
Cyb 610 Believe Possibilities / snaptutorial.com
Cyb 610 Believe Possibilities / snaptutorial.comCyb 610 Believe Possibilities / snaptutorial.com
Cyb 610 Believe Possibilities / snaptutorial.com
 
CST 610 RANK Introduction Education--cst610rank.com
CST 610 RANK Introduction Education--cst610rank.comCST 610 RANK Introduction Education--cst610rank.com
CST 610 RANK Introduction Education--cst610rank.com
 
CST 610 RANK Educational Specialist--cst610rank.com
CST 610 RANK Educational Specialist--cst610rank.comCST 610 RANK Educational Specialist--cst610rank.com
CST 610 RANK Educational Specialist--cst610rank.com
 
CST 610 RANK Become Exceptional--cst610rank.com
CST 610 RANK Become Exceptional--cst610rank.comCST 610 RANK Become Exceptional--cst610rank.com
CST 610 RANK Become Exceptional--cst610rank.com
 
CST 610 RANK Inspiring Innovation--cst610rank.com
CST 610 RANK Inspiring Innovation--cst610rank.comCST 610 RANK Inspiring Innovation--cst610rank.com
CST 610 RANK Inspiring Innovation--cst610rank.com
 
CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.com CYB 610 Effective Communication/tutorialrank.com
CYB 610 Effective Communication/tutorialrank.com
 
Csec 610 Enhance teaching / snaptutorial.com
Csec 610 Enhance teaching / snaptutorial.comCsec 610 Enhance teaching / snaptutorial.com
Csec 610 Enhance teaching / snaptutorial.com
 
Cst 610 Believe Possibilities / snaptutorial.com
Cst 610 Believe Possibilities / snaptutorial.comCst 610 Believe Possibilities / snaptutorial.com
Cst 610 Believe Possibilities / snaptutorial.com
 
CST 610 Effective Communication/tutorialrank.com
CST 610 Effective Communication/tutorialrank.comCST 610 Effective Communication/tutorialrank.com
CST 610 Effective Communication/tutorialrank.com
 
CST 610 RANK Achievement Education--cst610rank.com
CST 610 RANK Achievement Education--cst610rank.comCST 610 RANK Achievement Education--cst610rank.com
CST 610 RANK Achievement Education--cst610rank.com
 
CST 610 RANK Remember Education--cst610rank.com
CST 610 RANK Remember Education--cst610rank.comCST 610 RANK Remember Education--cst610rank.com
CST 610 RANK Remember Education--cst610rank.com
 
Cyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.comCyb 610 Enhance teaching / snaptutorial.com
Cyb 610 Enhance teaching / snaptutorial.com
 
CST 610 RANK Redefined Education--cst610rank.com
CST 610 RANK Redefined Education--cst610rank.comCST 610 RANK Redefined Education--cst610rank.com
CST 610 RANK Redefined Education--cst610rank.com
 
CST 610 Exceptional Education - snaptutorial.com
CST 610 Exceptional Education - snaptutorial.comCST 610 Exceptional Education - snaptutorial.com
CST 610 Exceptional Education - snaptutorial.com
 
CST 610 Effective Communication - snaptutorial.com
CST 610 Effective Communication - snaptutorial.comCST 610 Effective Communication - snaptutorial.com
CST 610 Effective Communication - snaptutorial.com
 
Cst 610 Enhance teaching / snaptutorial.com
Cst 610 Enhance teaching / snaptutorial.comCst 610 Enhance teaching / snaptutorial.com
Cst 610 Enhance teaching / snaptutorial.com
 
Web application sec_3
Web application sec_3Web application sec_3
Web application sec_3
 

Viewers also liked

Why Use Cloud Computing in Claims
Why Use Cloud Computing in ClaimsWhy Use Cloud Computing in Claims
Why Use Cloud Computing in Claimsjgladman
 
Diplomado modulo ii sesion 1
Diplomado modulo ii sesion 1Diplomado modulo ii sesion 1
Diplomado modulo ii sesion 1La Enredadera
 
Dot Net Developer with 3.11 Years of experience
Dot Net Developer with 3.11 Years of experienceDot Net Developer with 3.11 Years of experience
Dot Net Developer with 3.11 Years of experiencePooja Sharma
 
Sp _le_shan__lawrence_-_como_meditar__pdf_
Sp _le_shan__lawrence_-_como_meditar__pdf_ Sp _le_shan__lawrence_-_como_meditar__pdf_
Sp _le_shan__lawrence_-_como_meditar__pdf_avancemunay
 
Liderazgo en la gestión i
Liderazgo en la gestión iLiderazgo en la gestión i
Liderazgo en la gestión iJuan Negrete
 
Information is a Material. Products are Services.
Information is a Material. Products are Services.Information is a Material. Products are Services.
Information is a Material. Products are Services.Mike Kuniavsky
 
Introduction to EclipseRT (JAX 2010)
Introduction to EclipseRT (JAX 2010)Introduction to EclipseRT (JAX 2010)
Introduction to EclipseRT (JAX 2010)Chris Aniszczyk
 
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and SolutionsSecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutionsijccsa
 
Online communitypolicingversie1.2a
Online communitypolicingversie1.2aOnline communitypolicingversie1.2a
Online communitypolicingversie1.2aFrank Smilda
 
Steam: Policy Primer - Warwick Janetzki NET303: Internet Politics and Power C...
Steam: Policy Primer - Warwick Janetzki NET303: Internet Politics and Power C...Steam: Policy Primer - Warwick Janetzki NET303: Internet Politics and Power C...
Steam: Policy Primer - Warwick Janetzki NET303: Internet Politics and Power C...WarwickJanetzki
 

Viewers also liked (20)

Why Use Cloud Computing in Claims
Why Use Cloud Computing in ClaimsWhy Use Cloud Computing in Claims
Why Use Cloud Computing in Claims
 
Diplomado modulo ii sesion 1
Diplomado modulo ii sesion 1Diplomado modulo ii sesion 1
Diplomado modulo ii sesion 1
 
Dot Net Developer with 3.11 Years of experience
Dot Net Developer with 3.11 Years of experienceDot Net Developer with 3.11 Years of experience
Dot Net Developer with 3.11 Years of experience
 
Sp _le_shan__lawrence_-_como_meditar__pdf_
Sp _le_shan__lawrence_-_como_meditar__pdf_ Sp _le_shan__lawrence_-_como_meditar__pdf_
Sp _le_shan__lawrence_-_como_meditar__pdf_
 
Liderazgo en la gestión i
Liderazgo en la gestión iLiderazgo en la gestión i
Liderazgo en la gestión i
 
Information is a Material. Products are Services.
Information is a Material. Products are Services.Information is a Material. Products are Services.
Information is a Material. Products are Services.
 
Introduction to EclipseRT (JAX 2010)
Introduction to EclipseRT (JAX 2010)Introduction to EclipseRT (JAX 2010)
Introduction to EclipseRT (JAX 2010)
 
Logistic aenvases
Logistic aenvasesLogistic aenvases
Logistic aenvases
 
Berkley Law Writing Competition
Berkley Law Writing CompetitionBerkley Law Writing Competition
Berkley Law Writing Competition
 
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and SolutionsSecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
 
Xarxes socials AOC-workshop estrategia
Xarxes socials AOC-workshop estrategiaXarxes socials AOC-workshop estrategia
Xarxes socials AOC-workshop estrategia
 
Documentacion investigacion
Documentacion investigacionDocumentacion investigacion
Documentacion investigacion
 
Open Spatial Data: Sources and Tools
Open Spatial Data: Sources and ToolsOpen Spatial Data: Sources and Tools
Open Spatial Data: Sources and Tools
 
Zeit
ZeitZeit
Zeit
 
Globalizacion
GlobalizacionGlobalizacion
Globalizacion
 
DeloitteFML2010
DeloitteFML2010DeloitteFML2010
DeloitteFML2010
 
Online communitypolicingversie1.2a
Online communitypolicingversie1.2aOnline communitypolicingversie1.2a
Online communitypolicingversie1.2a
 
20100910 tesis
20100910 tesis20100910 tesis
20100910 tesis
 
Hhh
HhhHhh
Hhh
 
Steam: Policy Primer - Warwick Janetzki NET303: Internet Politics and Power C...
Steam: Policy Primer - Warwick Janetzki NET303: Internet Politics and Power C...Steam: Policy Primer - Warwick Janetzki NET303: Internet Politics and Power C...
Steam: Policy Primer - Warwick Janetzki NET303: Internet Politics and Power C...
 

Similar to Top ten database_threats

Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsKaran Nagrecha
 
Database Security—Concepts,Approaches, and ChallengesElisa
Database Security—Concepts,Approaches, and ChallengesElisaDatabase Security—Concepts,Approaches, and ChallengesElisa
Database Security—Concepts,Approaches, and ChallengesElisaOllieShoresna
 
Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityFredReynolds2
 
A hybrid technique for sql injection attacks detection and prevention
A hybrid technique for sql injection attacks detection and preventionA hybrid technique for sql injection attacks detection and prevention
A hybrid technique for sql injection attacks detection and preventionijdms
 
Security Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational DatabaseSecurity Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational DatabaseDavid Murphy
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security FrameworkMaria Perkins
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKijcsit
 
Data base security and injection
Data base security and injectionData base security and injection
Data base security and injectionA. Shamel
 
1639(pm proofreading)(tracked)
1639(pm proofreading)(tracked)1639(pm proofreading)(tracked)
1639(pm proofreading)(tracked)Aida Harun
 
Introduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxIntroduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxvrickens
 
5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business AccountsAnayaGrewal
 
IT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docxIT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docxpriestmanmable
 
In your role as a highly paid consultant, you are given a list of.docx
In your role as a highly paid consultant, you are given a list of.docxIn your role as a highly paid consultant, you are given a list of.docx
In your role as a highly paid consultant, you are given a list of.docxdoylymaura
 
Study of Web Application Attacks & Their Countermeasures
Study of Web Application Attacks & Their CountermeasuresStudy of Web Application Attacks & Their Countermeasures
Study of Web Application Attacks & Their Countermeasuresidescitation
 

Similar to Top ten database_threats (20)

Database Security - IK
Database Security - IKDatabase Security - IK
Database Security - IK
 
Core defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applicationsCore defense mechanisms against security attacks on web applications
Core defense mechanisms against security attacks on web applications
 
Database security
Database securityDatabase security
Database security
 
Database Security—Concepts,Approaches, and ChallengesElisa
Database Security—Concepts,Approaches, and ChallengesElisaDatabase Security—Concepts,Approaches, and ChallengesElisa
Database Security—Concepts,Approaches, and ChallengesElisa
 
Locking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database SecurityLocking Down Your Data: Best Practices for Database Security
Locking Down Your Data: Best Practices for Database Security
 
A hybrid technique for sql injection attacks detection and prevention
A hybrid technique for sql injection attacks detection and preventionA hybrid technique for sql injection attacks detection and prevention
A hybrid technique for sql injection attacks detection and prevention
 
Security Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational DatabaseSecurity Issues Surrounding Data Manipulation in a Relational Database
Security Issues Surrounding Data Manipulation in a Relational Database
 
A Database System Security Framework
A Database System Security FrameworkA Database System Security Framework
A Database System Security Framework
 
A DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORKA DATABASE SYSTEM SECURITY FRAMEWORK
A DATABASE SYSTEM SECURITY FRAMEWORK
 
Data base security and injection
Data base security and injectionData base security and injection
Data base security and injection
 
1639(pm proofreading)(tracked)
1639(pm proofreading)(tracked)1639(pm proofreading)(tracked)
1639(pm proofreading)(tracked)
 
Introduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docxIntroduction All research reports begin with an introduction. (.docx
Introduction All research reports begin with an introduction. (.docx
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts5 Reasons to Always Keep an Eye on Privileged Business Accounts
5 Reasons to Always Keep an Eye on Privileged Business Accounts
 
Sub1582
Sub1582Sub1582
Sub1582
 
Owasp Top 10-2013
Owasp Top 10-2013Owasp Top 10-2013
Owasp Top 10-2013
 
IT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docxIT 650 Principles of Database DesignProject Milestone – 5.docx
IT 650 Principles of Database DesignProject Milestone – 5.docx
 
In your role as a highly paid consultant, you are given a list of.docx
In your role as a highly paid consultant, you are given a list of.docxIn your role as a highly paid consultant, you are given a list of.docx
In your role as a highly paid consultant, you are given a list of.docx
 
System security
System securitySystem security
System security
 
Study of Web Application Attacks & Their Countermeasures
Study of Web Application Attacks & Their CountermeasuresStudy of Web Application Attacks & Their Countermeasures
Study of Web Application Attacks & Their Countermeasures
 

More from FITSFSd

Personalize the forms how to oracle applications release 11.5.10 a technica...
Personalize the forms how to oracle applications release 11.5.10 a technica...Personalize the forms how to oracle applications release 11.5.10 a technica...
Personalize the forms how to oracle applications release 11.5.10 a technica...FITSFSd
 
Data and database security and controls
Data and database security and controlsData and database security and controls
Data and database security and controlsFITSFSd
 
Oracle® application server
Oracle® application serverOracle® application server
Oracle® application serverFITSFSd
 
Oracle calendar-server-wp-1449649
Oracle calendar-server-wp-1449649Oracle calendar-server-wp-1449649
Oracle calendar-server-wp-1449649FITSFSd
 
Oracle® application server forms and reports services installation guide
Oracle® application server forms and reports services installation guideOracle® application server forms and reports services installation guide
Oracle® application server forms and reports services installation guideFITSFSd
 
Otn 9ides-fut-130867
Otn 9ides-fut-130867Otn 9ides-fut-130867
Otn 9ides-fut-130867FITSFSd
 
Oracle portal 10g release 2 technical overview an oracle white paper august 2005
Oracle portal 10g release 2 technical overview an oracle white paper august 2005Oracle portal 10g release 2 technical overview an oracle white paper august 2005
Oracle portal 10g release 2 technical overview an oracle white paper august 2005FITSFSd
 
Oracle database 12c security and compliance
Oracle database 12c security and complianceOracle database 12c security and compliance
Oracle database 12c security and complianceFITSFSd
 
Oracle advance security transparent data encryption best practices
Oracle advance security transparent data encryption best practices Oracle advance security transparent data encryption best practices
Oracle advance security transparent data encryption best practices FITSFSd
 
Oracle intro to designer abridged
Oracle intro to designer abridgedOracle intro to designer abridged
Oracle intro to designer abridgedFITSFSd
 
Oracle forms 11g release 2 (11.1.2) new
Oracle forms 11g release 2 (11.1.2) newOracle forms 11g release 2 (11.1.2) new
Oracle forms 11g release 2 (11.1.2) newFITSFSd
 
Oracle forms 10 j – dynamic color customization 2udfoh community paper-colo...
Oracle forms 10 j – dynamic color customization 2udfoh community paper-colo...Oracle forms 10 j – dynamic color customization 2udfoh community paper-colo...
Oracle forms 10 j – dynamic color customization 2udfoh community paper-colo...FITSFSd
 
Oracle9i reports developer
Oracle9i reports developerOracle9i reports developer
Oracle9i reports developerFITSFSd
 
Oracle designer 6i web pl sql
Oracle designer 6i web pl sqlOracle designer 6i web pl sql
Oracle designer 6i web pl sqlFITSFSd
 
Oracle database administration technical services
Oracle database administration technical services Oracle database administration technical services
Oracle database administration technical services FITSFSd
 
Oracle9i application server
Oracle9i application serverOracle9i application server
Oracle9i application serverFITSFSd
 
Oracle9i application server release 2
Oracle9i application server release 2 Oracle9i application server release 2
Oracle9i application server release 2 FITSFSd
 
Oracle9i application server oracle forms services
Oracle9i application server oracle forms servicesOracle9i application server oracle forms services
Oracle9i application server oracle forms servicesFITSFSd
 

More from FITSFSd (18)

Personalize the forms how to oracle applications release 11.5.10 a technica...
Personalize the forms how to oracle applications release 11.5.10 a technica...Personalize the forms how to oracle applications release 11.5.10 a technica...
Personalize the forms how to oracle applications release 11.5.10 a technica...
 
Data and database security and controls
Data and database security and controlsData and database security and controls
Data and database security and controls
 
Oracle® application server
Oracle® application serverOracle® application server
Oracle® application server
 
Oracle calendar-server-wp-1449649
Oracle calendar-server-wp-1449649Oracle calendar-server-wp-1449649
Oracle calendar-server-wp-1449649
 
Oracle® application server forms and reports services installation guide
Oracle® application server forms and reports services installation guideOracle® application server forms and reports services installation guide
Oracle® application server forms and reports services installation guide
 
Otn 9ides-fut-130867
Otn 9ides-fut-130867Otn 9ides-fut-130867
Otn 9ides-fut-130867
 
Oracle portal 10g release 2 technical overview an oracle white paper august 2005
Oracle portal 10g release 2 technical overview an oracle white paper august 2005Oracle portal 10g release 2 technical overview an oracle white paper august 2005
Oracle portal 10g release 2 technical overview an oracle white paper august 2005
 
Oracle database 12c security and compliance
Oracle database 12c security and complianceOracle database 12c security and compliance
Oracle database 12c security and compliance
 
Oracle advance security transparent data encryption best practices
Oracle advance security transparent data encryption best practices Oracle advance security transparent data encryption best practices
Oracle advance security transparent data encryption best practices
 
Oracle intro to designer abridged
Oracle intro to designer abridgedOracle intro to designer abridged
Oracle intro to designer abridged
 
Oracle forms 11g release 2 (11.1.2) new
Oracle forms 11g release 2 (11.1.2) newOracle forms 11g release 2 (11.1.2) new
Oracle forms 11g release 2 (11.1.2) new
 
Oracle forms 10 j – dynamic color customization 2udfoh community paper-colo...
Oracle forms 10 j – dynamic color customization 2udfoh community paper-colo...Oracle forms 10 j – dynamic color customization 2udfoh community paper-colo...
Oracle forms 10 j – dynamic color customization 2udfoh community paper-colo...
 
Oracle9i reports developer
Oracle9i reports developerOracle9i reports developer
Oracle9i reports developer
 
Oracle designer 6i web pl sql
Oracle designer 6i web pl sqlOracle designer 6i web pl sql
Oracle designer 6i web pl sql
 
Oracle database administration technical services
Oracle database administration technical services Oracle database administration technical services
Oracle database administration technical services
 
Oracle9i application server
Oracle9i application serverOracle9i application server
Oracle9i application server
 
Oracle9i application server release 2
Oracle9i application server release 2 Oracle9i application server release 2
Oracle9i application server release 2
 
Oracle9i application server oracle forms services
Oracle9i application server oracle forms servicesOracle9i application server oracle forms services
Oracle9i application server oracle forms services
 

Top ten database_threats

  • 1. Top Ten Database Security Threats How to Mitigate the Most Significant Database Vulnerabilities The enterprise database infrastructure is subject to an overwhelming range of threats. This document is intended to help organizations deal with the most critical of those threats by providing a list of the top ten as identified by Imperva’s Application Defense Center. Background information, general risk mitigation strategies, and an overview of Imperva’s SecureSphere Database Security Gateway protections are provided for each threat. Written by: Amichai Shulman Co-founder, CTO Imperva, Inc.
  • 2. Top Ten Database Security Threats White Paper Introduction The enterprise database infrastructure is subject to an overwhelming range of threats. This document is intended to help organizations deal with the most critical of those threats by providing a list of the top ten database vulnerabilities as identified by Imperva’s Application Defense Center. Background information, general risk mitigation strategies, and Imperva’s SecureSphere Database Security Gateway protections are provided for each threat. 3. Privilege Elevation 4. Database Platform Vulnerabilities 5. SQL Injection 6. Weak Audit Trail 7. Denial of Service 8. Database Communication Protocol Vulnerabilities 9. Weak Authentication 10. Backup Data Exposure 2. Legitimate Privilege Abuse Top Ten Database Security Threats 1. Excessive Privilege Abuse By addressing these top ten threats, organizations will meet the compliance and risk mitigation requirements of the most regulated industries in the world. Page 2 Imperva, Inc.
  • 3. White Paper Top Ten Database Security Threats Imperva, Inc. Page 3 Threat 1 - Excessive Privilege Abuse When users (or applications) are granted database access privileges that exceed the requirements of their job function, these privileges may be abused for malicious purpose. For example, a university administrator whose job requires only the ability to change student contact information may take advantage of excessive database update privileges to change grades. A given database user ends up with excessive privileges for the simple reason that database administrators do not have the time to define and update granular access privilege control mechanisms for each user. As a result, all users or large groups of users are granted generic default access privileges that far exceed specific job requirements. Preventing Excessive Privilege Abuse - Query-Level Access Control The solution to excessive privileges is query-level access control. Query-level access control refers to a mechanism that restricts database privileges to minimum-required SQL operations (SELECT, UPDATE, etc.) and data. The granularity of data access control must extend beyond the table to specific rows and columns within a table. A sufficiently granular query-level access control mechanism would allow the rogue university administrator described previously to update contact information, but issue an alert if he attempts to changes grades. Query-level access control is useful not only for detecting excessive privilege abuse by malicious employees, but also for preventing most of the other top ten threats described herein. Most database software implementations integrate some level of query-level access control (triggers, row- level security, etc), but the manual nature of these “built-in” features make them impractical for all but the most limited deployments. The process of manually defining a query-level access control policy for all users across database rows, columns and operations is simply too time consuming. To make matters worse, as user roles change over time, query policies must be updated to reflect those new roles! Most database administrators would have a hard time defining a useful query policy for a handful of users at a single point in time, much less hundreds of users over time. As a result, most organizations provide users with a generic set of excessive access privileges that work for a large number of users. Automated tools are necessary to make real query-level access control a reality. SecureSphere Dynamic Profiling – Automated Query Level Access Control The SecureSphere Database Security Gateway provides an automated mechanism for defining and enforcing query-level access control policies. SecureSphere’s Dynamic Profiling technology applies automated learning algorithms to create query-level usage profiles for each user and application accessing the database. Each profile extends from general usage patterns to each individual query and stored procedure. SecureSphere’s learning algorithms continuously update the profile over time to eliminate manual tuning as user roles change. If any user initiates an action that does not fit their profile, SecureSphere logs the event, issues an alert, and may optionally block the action depending upon severity. The grade-changing university administrator mentioned previously would be easily detected with Dynamic Profiling. The administrator’s profile would include a set of queries that reflect normal modifications to specific student contact information and perhaps read-only access to grades. However, a sudden attempt to change grades would trigger an alert.
  • 4. Top Ten Database Security Threats White Paper Page 4 Imperva, Inc. Threat 2 - Legitimate Privilege Abuse Users may also abuse legitimate database privileges for unauthorized purposes. Consider a hypothetical rogue healthcare worker with privileges to view individual patient records via a custom Web application. The structure of the Web application normally limits users to viewing an individual patient’s healthcare history – multiple records cannot be viewed simultaneously and electronic copies are not allowed. However, the rogue worker may circumvent these limitations by connecting to the database using an alternative client such as MS-Excel. Using MS-Excel and his legitimate login credentials, the worker may retrieve and save all patient records. It is unlikely that such personal copies of patient record databases comply with any healthcare organization’s patient data protection policies. There are two risks to consider. The first is the rogue worker who is willing to trade patient records for money. The second (and perhaps more common) is the negligent employee that retrieves and stores large amounts of information to their client machine for legitimate work purposes. Once the data exists on an endpoint machine, it becomes vulnerable to, Trojans, laptop theft, etc. Preventing Legitimate Privilege Abuse – Understanding the Context of Database Access The solution to legitimate privilege abuse is database access control that applies not only to specific queries as described above, but to the context surrounding database access. By enforcing policy for client applications, time of day, location, etc., it’s possible to identify users who are using legitimate database access privileges in a suspicious manner. SecureSphere Dynamic Profiling – Context-Based Access Control In addition to query information (see Excessive Privileges above) SecureSphere’s Dynamic Profiling technology automatically creates a model of the context surrounding normal database interactions. Specific contextual information stored in the profile includes time of day, source IP address, volume of data retrieved, application client, etc. Any connection whose context does not match the information stored in the user’s profile triggers an alert. For example, the rogue healthcare worker described previously is detected by SecureSphere due not only to non-standard use of an MS-Excel client, but also due to the volume of data retrieved in a single session. In this specific case, deviations in the structure of the non-standard MS-Excel query would also trigger a query- level violation (see Excessive Privilege abuse above). Threat 3 Privilege Elevation Attackers may take advantage of database platform software vulnerabilities to convert access privileges from those of an ordinary user to those of an administrator. Vulnerabilities may be found in stored procedures, built-in functions, protocol implementations, and even SQL statements. For example, a software developer at a financial institution might take advantage of a vulnerable function to gain the database administrative privilege. With administrative privilege, the rogue developer may turn off audit mechanisms, create bogus accounts, transfer funds, etc. Preventing Privilege Elevation – IPS and Query Level Access Control Privilege elevation exploits can be prevented with a combination of traditional intrusion prevention systems (IPS) and query-level access control (see Excessive Privileges above). IPS inspects database traffic to identify patterns which correspond to known vulnerabilities. For example, if a given function is known to be vulnerable, then an IPS may either block all access to the vulnerable procedure, or (if possible) block only those procedures with embedded attacks.
  • 5. White Paper Top Ten Database Security Threats Imperva, Inc. Page 5 Unfortunately, accurately targeting only those database requests with attacks can be difficult using IPS alone. Many vulnerable database functions are commonly used for legitimate purposes. Therefore, blocking all occurrences of such functions is not an option. The IPS must accurately separate legitimate functions from those with embedded attacks. In many cases, the infinite variations in attacks make this impossible. In such cases, IPS systems can be used in alert mode only (no blocking) since false positives are likely. To improve accuracy, IPS may be combined with alternative attack indicators such as query access control. IPS may be used to check whether or not a database request accesses a vulnerable function while query access control detects whether or not the request matches normal user behavior. If a single request indicates access to a vulnerable function and unusual behavior, then an attack is almost certainly in progress. SecureSphere Privilege Elevation – Integrated IPS and Dynamic Profiling SecureSphere integrates advanced IPS and Dynamic Profiling for query access control (see Excessive Privileges above). Together, these technologies provide extremely accurate privilege elevation protection. SecureSphere IPS delivers protection against attacks targeting known vulnerabilities with Snort®-compatible signature dictionaries for all protocols. In addition, Imperva’s international security research organization, the Application Defense Center, provides proprietary SQL-specific protections to ensure that SecureSphere represents the world’s leading database IPS security. The SecureSphere Security Update Service automatically updates all signature dictionaries to ensure that the most current protections are continuously enforced. SecureSphere IPS blocks certain easily identifiable attacks inline without requiring any additional attack confirmations. However, if a given request can be classified as suspicious-only, then SecureSphere correlates the request with related Dynamic Profile violations to validate an attack. To illustrate how SecureSphere integrates IPS and Dynamic Profiling, let’s return to the rogue financial services software developer described earlier. Imagine that the developer attempts to take advantage of a known buffer overflow in a database function to insert malicious code to elevate his privileges to those of a database administrator. In this case, SecureSphere identifies two simultaneous violations. First, any query which attempts to access a known vulnerable function triggers an IPS violation. Second, the unusual query triggers a profile violation. By correlating two violations in a single database request from the same user, an attack is validated with extreme accuracy and a high priority alert or blocking action may be issued. Threat 4 - Platform Vulnerabilities Vulnerabilities in underlying operating systems (Windows 2000, UNIX, etc.) and additional services installed on a database server may lead to unauthorized access, data corruption, or denial of service. The Blaster Worm, for example, took advantage of a Windows 2000 vulnerability to create denial of service conditions. Preventing Platform Attacks - Software Updates and Intrusion Prevention Protection of database assets from platform attacks requires a combination of regular software updates (patches) and Intrusion Prevention Systems (IPS). Vendor provided updates eliminate vulnerabilities found in database platform over time. Unfortunately, software updates are provided and implemented by enterprises according to periodic cycles. In between update cycles, databases are not protected. In addition, compatibility problems sometimes prevent software updates altogether. To address these problems, IPS should be implemented. As described previously, IPS inspects database traffic and identifies attacks targeting known vulnerabilities.
  • 6. Top Ten Database Security Threats White Paper Page 6 Imperva, Inc. SecureSphere Platform Protection - IPS As described previously (see Privilege Elevation above), SecureSphere integrates advanced IPS for protection against database worms and other platform attacks. Imperva’s Application Defense Center research organization delivers unique database specific attack protections that ensure the world’s most robust database IPS security. In fact, SecureSphere IPS even includes protections against vulnerabilities that have not been made public by database platform vendors and for which fixes are not available. Threat 5 - SQL Injection In a SQL injection attack, a perpetrator typically inserts (or “injects”) unauthorized database statements into a vulnerable SQL data channel. Typically targeted data channels include stored procedures and Web application input parameters. These injected statements are then passed to the database where they are executed. Using SQL injection, attackers may gain unrestricted access to an entire database. Preventing SQL Injection Three techniques can be combined to effectively combat SQL injection: intrusion prevention (IPS), query-level access control (see Excessive Privilege Abuse), and event correlation. IPS can identify vulnerable stored procedures or SQL injection strings. However, IPS alone is not reliable since SQL injection strings are prone to false positives. Security managers who rely on IPS alone would be bombarded with “possible” SQL injection alerts. However, by correlating a SQL injection signature with another violation such as a query-level access control violation, a real attack can be identified with extreme accuracy. It’s unlikely that a SQL injection signature and another violation would appear in the same request during normal business operation. SecureSphere SQL Injection Protection SecureSphere integrates Dynamic Profiling, IPS, and Correlated Attack Validation technologies to identify SQL injection with unmatched accuracy. • Dynamic Profiling delivers query-level access control by automatically creating profiles of each user and application’s normal query patterns. Any query (such as a SQL injection attack query) that does not match previously established user or application patterns are immediately identified. • SecureSphere IPS includes unique database signature dictionaries designed specifically to identify vulnerable stored procedures and SQL injection strings. • Correlated Attack Validation correlates security violations originating from multiple SecureSphere detection layers. By correlating multiple violations from the same user, SecureSphere is able to detect SQL injection with a degree of accuracy that is not possible using any single detection layer. Consider the stored procedure SQL injection attack shown below. exec ctxsys.driload.validate_stmt (‘grant dba to scott’) In this attack, the attacker (scott) is attempting to grant himself database administrator privileges by embedding a “grant” operation into a vulnerable stored procedure. SecureSphere would handle this attack with one of two processes depending whether or not the stored procedure is part of a required business function. Vulnerable Stored Procedure Not Required Ideally vulnerable stored procedures are not used by any users or applications. If this is the case, SecureSphere IPS is sufficient to accurately identify and optionally block all instances of this attackk. Normal business activities will not match such a complex character string (…ctxsys.driload…).
  • 7. White Paper Top Ten Database Security Threats Imperva, Inc. Page 7 Vulnerable Stored Procedure Required In some cases, a vulnerable stored procedure is part of a required business function. For example, it may be part of a legacy application that cannot be changed. In this case, SecureSphere will first alert security managers to the use of this function. Then, Correlated Attack Validation can be optionally applied to correlate occurrences of this signature with a list of users and applications that are approved to use the procedure. If any unapproved user attempts to use the procedure, SecureSphere can issue an alert or optionally block the request. Threat 6 - Weak Audit Trail Automated recording of all sensitive and/or unusual database transactions should be part of the foundation underlying any database deployment. Weak database audit policy represents a serious organizational risk on many levels. • Regulatory Risk - Organizations with weak (or sometimes non-existent) database audit mechanisms will increasingly find that they are at odds with government regulatory requirements. Sarbanes-Oxley (SOX) in the financial services sector and the Healthcare Information Portability and Accountability Act (HIPAA) in the healthcare sector are just two examples of government regulation with clear database audit requirements. • Deterrence – Like video cameras recording the faces of individuals entering a bank, database audit mechanisms serves to deter attackers who know that database audit tracking provide investigators with forensics link intruders to a crime. • Detection and Recovery – Audit mechanisms represent the last line of database defense. If an attacker manages to circumvent other defenses, audit data can identify the existence of a violation after the fact. Audit data may then be used to link a violation to a particular user and/or repair the system. Database software platforms typically integrate basic audit capabilities but they suffer from multiple weaknesses that limit or preclude deployment.
  • 8. Top Ten Database Security Threats White Paper Page 8 Imperva, Inc. • Lack of User Accountability – When users access the database via Web applications (such as SAP, Oracle E-Business Suite, or PeopleSoft), native audit mechanisms have no awareness of specific user identities. In this case, all user activity is associated with the Web application account name. Therefore, when native audit logs reveal fraudulent database transactions, there is no link to the responsible user. • Performance Degradation - Native database audit mechanisms are notorious for consuming CPU and disk resources. The performance decline experienced when audit features are enabled forces many organizations to scale back or altogether eliminate auditing. • Separation of Duties – Users with administrative access (either legitimately or maliciously obtained – see privilege elevation) to the database server can simply turn off auditing to hide fraudulent activity. Audit duties should ideally be separate from both database administrators and the database server platform. • Limited Granularity – Many native audit mechanisms do not record details necessary to support attack detection, forensics and recovery. For example, database client application, source IP addresses, query response attributes, and failed queries (an important attack reconnaissance indicator) are not recorded by many native mechanisms. • Proprietary – Audit mechanisms are unique to database server platform - Oracle logs are different from MS-SQL, MS-SQL logs are different form Sybase, etc. For organizations with mixed database environments, this virtually eliminates implementation of uniform, scalable audit processes across the enterprise. Preventing Weak Audit Quality network-based audit appliances address most of the weaknesses associated with native audit tools. • High Performance – Network-based audit appliances can operate at line speed with zero impact on database performance. In fact, by offloading audit processes to network appliances, organizations can expect to improve database performance. • Separation of Duties – Network-based audit appliances may operate independently of database administers making it possible to separate audit duties from administrative duties as appropriate. In addition, since network devices are independent of the server itself, they are also invulnerable to privilege elevation attacks carried out by non-administrators. • Cross-Platform Auditing - Network audit appliances typically support all leading database platforms enabling uniform standards and centralized audit operations across large heterogeneous database environments Together, these attributes reduce database server costs, load-balancing requirements, and administrative costs. They also deliver better security. SecureSphere Audit Capabilities In addition to the general advantages associated with network-base audit appliances described above, SecureSphere delivers a series of unique audit capabilities that set it apart for alternative approaches.
  • 9. White Paper Top Ten Database Security Threats Imperva, Inc. Page 9 • Universal User Tracking makes individual users accountable for their actions - even when they access the database via commercial (Oracle, SAP, PeopleSoft, etc) or custom Web applications. To identify Web application user names, a dedicated SecureSphere interface captures application login information, tracks subsequent Web user sessions, and correlates those with database transactions. The resulting audit logs include unique Web application user names. • Granular Transaction Tracking supports advanced fraud detection, forensics, and recovery. Log details include details such as source application name, complete query text, query response attributes, source OS, source host name, and much more. • Distributed Audit Architecture enables granular transaction tracking (see above) while retaining the ability to scale across large data centers. The architecture distributes necessary storage and computing resources across distributed SecureSphere Gateway appliances. The SecureSphere Management Server present audit staff with a unified view of the data center. The Management Server effectively enables many gateways to be managed as if they were a single gateway from the perspective of audit staff. Alternative approaches either recommend restricted transaction logging or force administrators to manage many distributed devices independently. • External Data Archival capabilities automate long term data archival processes. SecureSphere may be configured to periodically archive data to external mass storage systems. Data may be optionally compressed, encrypted, signed prior to archival. • Integrated Graphical Reporting provides administrators with a flexible and easy-to-understand mechanism for analyzing the audit trail. It includes preconfigured reports that answer common audit questions, while allowing for the creation of customized reports to meet enterprise-specific requirements. Alternatively, any ODBC compliant external reporting package may be used to analyze SecureSphere audit data. • Local Console Activity Auditing is provided through the SecureSphere DBA Security Monitor. The DBA Monitor is a lightweight host agent installed on the database server to monitor local database administrator activity. Together, the DBA Security Monitor and SecureSphere Gateways provide a comprehensive audit trail with negligible impact, or in some cases improving database performance. Threat 7 - Denial of Service Denial of Service (DOS) is a general attack category in which access to network applications or data is denied to intended users. Denial of service (DOS) conditions may be created via many techniques - many of which are related to previously mentioned vulnerabilities. For example, DOS may be achieved by taking advantage of a database platform vulnerability to crash a server. Other common DOS techniques include data corruption, network flooding, and server resource overload (memory, CPU, etc.). Resource overload is particularly common in database environments. The motivations behind DOS are similarly diverse. DOS attacks are often linked to extortion scams in which a remote attacker will repeatedly crash servers until the victim deposits funds to an international bank account. Alternatively, DOS may be traced to a worm infection. Whatever the source, DOS represents a serious threat for many organizations. Preventing Denial of Service DOS prevention requires protections at multiple levels. Network, application, and database level protections are all necessary. This document focuses on database-specific protections. In this database-specific context, deployment of connection rate control, IPS, query access control, and response timing control are recommended.
  • 10. Top Ten Database Security Threats White Paper Page 10 Imperva, Inc. SecureSphere DOS Protections • Connection Controls prevents server resource overload by limiting connection rates, query rates, and other variables for each database user. • IPS and Protocol Validation prevent attackers from exploiting known software vulnerabilities to create DOS. Buffer overflow, for example, is a common platform vulnerability that may be exploited to crash database servers. Refer to the Privilege Elevation and Database Communications Protocol Vulnerabilities sections of this document for more complete descriptions of SecureSphere IPS and Database Communications Protocol Validation technologies • Dynamic Profiling automatically provides query access control to detect any unauthorized queries that may lead to DOS. DOS attacks targeting platform vulnerabilities, for example, would be likely to trigger both IPS and Dynamic Profile violations. By correlating these violations, SecureSphere can achieve unmatched accuracy. Refer to the Excessive Privilege Abuse section of this paper for a more complete description of Dynamic Profiling. • Response Timing – Database DOS attacks designed to overload server resources lead to delayed database responses. SecureSphere’s Response Timing feature detects delays in both individual query responses and the overall system. Threat 8 - Database Communications Protocol Vulnerabilities A growing number of security vulnerabilities are being identified in the database communication protocols of all database vendors. Four out of seven security fixes in the two most recent IBM DB2 FixPacks address protocol vulnerabilities1. Similarly, 11 out of 23 database vulnerabilities fixed in the most recent Oracle quarterly patch relate to protocols. Fraudulent activity targeting these vulnerabilities can range from unauthorized data access, to data corruption, to denial of service. The SQL Slammer2 worm, for example, took advantage of a flaw in the Microsoft SQL Server protocol to force denial of service. To make matters worse, no record of these fraud vectors will exist in the native audit trail since protocol operations are not covered by native database audit mechanisms. Preventing Database Communication Protocol Attacks Database communication protocol attacks can be defeated with technology commonly referred to as protocol validation. Protocol validation technology essentially parses (disassembles) database traffic and compares it to expectations. In the event that live traffic does not match expectations, alerts or blocking actions may be taken. SecureSphere Database Communication Protocol Validation SecureSphere’s Database Communication Protocol Validation audits and protects against protocol threats by comparing live database communications protocols to expected protocol structures. No other database security or audit solution provides this capability. It is derived through the Imperva Application Defense Center’s (ADC) ongoing research into proprietary database communication protocols and vulnerabilities. Database and application vendors including Oracle, Microsoft, and IBM have credited the ADC with the discovery of serious vulnerabilities and mitigation techniques that have led to increased security in their products. Based upon this research, Imperva is able to incorporate unmatched protocol knowledge into SecureSphere. 1 Two of these vulnerabilities were discovered and reported by the Imperva Application Defense Center. See http://www.imperva.com/application_defense_center/papers/ibm-dbms-05052006.html and http://www.imperva.com/application_defense_center/papers/ibm-dbms-09052006.html . 2 The SQL slammer worm caused a denial of service on some Internet hosts and dramatically slowed down general Internet traffic on January 25, 2003. It spread rapidly, infecting most of its 75,000 victims within 10 minutes. Source: http://en.wikipedia.org
  • 11. White Paper Top Ten Database Security Threats Imperva, Inc. Page 11 Threat 9 - Weak Authentication Weak authentication schemes allow attackers to assume the identity of legitimate database users by stealing or otherwise obtaining login credentials. An attacker may employ any number of strategies to obtain credentials. • Brute Force - The attacker repeatedly enters username/password combinations until he finds one that works. The brute force process may involve simple guesswork or systematic enumeration of all possible username/password combinations. Often an attacker will use automated programs to accelerate the brute force process. • Social Engineering – A scheme in which the attacker takes advantage the natural human tendency to trust in order to convince others to provide their login credentials. For example, an attacker may present himself via phone as an IT manager and request login credentials for “system maintenance” purposes. • Direct Credential Theft – An attacker may steal login credentials by copying post-it notes, password files, etc. Preventing Authentication Attacks Strong Authentication The strongest practical authentication technologies and policies should be implemented. Two-factor authentication (tokens, certificates, biometrics, etc.) are preferable whenever possible. Unfortunately, cost and ease of use issues often make two-factor authentication impractical. In such cases, strong username/password policy (minimum length, character diversity, obscurity, etc) should be enforced. Directory Integration For scalability and ease of use, strong authentication mechanisms should be integrated with enterprise directory infrastructure. Among other things, a directory infrastructure can enable a user to use a single set of log-in credentials for multiple databases and applications. This makes two-factor authentication systems more cost effective and/or makes it much easier for users to memorize regularly change passwords. SecureSphere Authentication Protections Unfortunately, despite best efforts at strong authentication, breakdowns occasionally occur. Password policies are ignored; a lucky attacker may successfully brute force even a reasonably strong password; a legacy authentication scheme may be required for practical reasons; the list goes on. To deal with these situations, SecureSphere’s Dynamic Profiling, Failed Login Detection, and Authentication Assessment provide broadly applicable authentication protection. Dynamic Profiling Dynamic Profiling (see Excessive Privileges and Privilege Abuse above) automatically tracks a range of user attributes that detect compromised login credentials. These attributes include user IP addresses, hostnames, operating system username and client application. For example, the previously described attacker who manages to gain login credentials by posing as an IT administrator would trigger multiple SecureSphere alerts when trying to use stolen credentials. The attacker’s hostname, operating system username, and possibly even the IP address would not match the profile of the real owner of the compromised login credentials. To further illustrate the power of Dynamic Profiling, assume an attacker somehow manages to compromise a user’s database credentials and operating system credentials. Further assume the attacker finds a way to also use the victim’s actual computer. SecureSphere is still extremely likely to identify the attack! At least two SecureSphere violations come into play.
  • 12. Top Ten Database Security Threats White Paper Page 12 Imperva, Inc. o Unauthorized Query - Attack activity is likely to violate the compromised user’s normal usage profile. The attacker may access an unusual table or use an unusual database operation (UPDATE, DELETE, etc). o Time of Day – To gain access to the compromised user’s computer, the attacker is likely use the machine at night or during other off-hours. Since the SecureSphere Dynamic Profile includes a model of normal hours, unusual off-hours access will trigger a Time of Day violation. Failed Login Detection SecureSphere’s Failed Login Detection optionally enforces a failed database login threshold (count and timeframe) to prevent brute force attacks. Password Policy Assessment 3 As part of it’s active assessment capability, SecureSphere evaluates password policy controls that are enforced by the database. For example, SecureSphere can determine whether or not password length, character diversity, and reset intervals are enforced by the database server. Threat 10 - Backup Data Exposure Backup database storage media is often completely unprotected from attack. As a result, several high profile security breaches have involved theft of database backup tapes and hard disks. Preventing Backup Data Exposure All database backups should be encrypted. In fact, some vendors have suggested that future DBMS products may not support the creation of unencrypted backups. Encryption of on-line production database information is often suggested, but performance and cryptographic key management drawbacks often make this impractical and are generally acknowledged to be a poor substitute for granular privilege controls described above. 3 Available Q2, 2007
  • 13. White Paper Top Ten Database Security Threats Imperva, Inc. Page 13 Summary Although databases information is vulnerable to a host of attacks, it is possible to dramatically reduce risk by focusing on the most critical threats. By addressing the top 10 threats outlined above, organizations will meet the compliance and risk mitigation requirements of the most regulated industries in the world. About the Author Amichai Shulman is co-founder and CTO of Imperva, where he heads the Application Defense Center (ADC), Imperva’s internationally recognized research organization focused on security and compliance. Mr. Shulman regularly lectures at trade conferences and delivers monthly eSeminars. The press draws on Mr. Shulman’s expertise to comment on breaking news, including security breaches, mitigation techniques, and related technologies. Under his direction, the ADC has been credited with the discovery of serious vulnerabilities in commercial Web application and database products, including Oracle, IBM, and Microsoft. Prior to Imperva, Mr. Shulman was founder and CTO of Edvice Security Services Ltd., a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Mr. Shulman served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology. For More Information For more information on identity theft see the Imperva “Top 5 On-line Identity Theft Attacks” Webinar at .http://www.imperva.com/company/webcasts.html For more information on the Imperva SecureSphere Web Application Firewall see .http://www.imperva.com/products/securesphere/web_application_firewall.html
  • 14. Top Ten Database Security Threats White Paper US Headquarters International Headquarters 950 Tower Lane 12 Hachilazon Street Suite 1550 Ramat-Gan 52522 Foster City, CA 94404 Israel Tel: (650) 345-9000 Tel: +972-3-6120133 Fax: (650) 345-9004 Fax: +972-3-7511133 © 2006 Imperva, Inc. All rights reserved. Imperva and SecureSphere are registered trademarks of Imperva, Inc. All other brand or product names are trademarks or registered trademarks of their respective holders. Page 14 Imperva, Inc.