Databases are at the heart of almost every organization’s computer system and are also the site of many serious security breaches. Most of the world’s sensitive data is stored in commercial database systems such as Oracle, Microsoft SQL Server, IBM DB2 and Sybase – making databases an increasingly favorite target for criminals. This may explain why SQL injection attacks jumped 134 percent in 2008, increasing from an average of a few thousand per day to several hundred thousand per day according to a recently-published report by IBM- ( Information Management White Paper ,October 2012)
Most businesses place a high value on network security and other security measures, database security often is neglected. As a result, databases are particularly vulnerable to fraudulent activity, which can damage companies reputations and can destroy customer confidence. Many companies know they need stronger protections, but they may lack the budget to employ full-time database security personnel. A Database Security Assessment from Systech Limited
(partners with IBM) offers a cost-effective alternative, providing strategic and technical assessments to vastly improve any organization’s database security posture.
“You can’t secure what you don’t know. You need good mapping of your sensitive assets — both of your database… Click To Tweet
Here are 8 essential best practices that provide a holistic approach to safeguarding databases .
You can’t secure what you don’t know. You need to have a good mapping of your sensitive assets – both of your database instances and your sensitive data inside the databases. Plus, you should automate the discovery process since the location of sensitive data is constantly changing due to new or modified applications, mergers and acquisitions, etc.
Figure: Using discovery tools to bootstrap an implementation. You need to map database instances as well as where your sensitive data is located.
In an interesting twist, some discovery tools can also find malware placed in your database as a result of SQL injection attacks. In addition to exposing confidential information, SQL injection vulnerabilities allow attackers to embed other attacks inside the database that can then be used against visitors to the website.
- Vulnerability and Configuration Assessment.
You need to assess the configuration of your databases to ensure they don’t have security holes. This includes verifying both the way the database is installed on the operating system (for example, checking file privileges for database configuration files and executables) and configuration options within the database itself (such as how many failed logins will result in a locked account, or which privileges have been assigned to critical tables). Plus, you need to verify that you’re not running database versions with known vulnerabilities.
Traditional network vulnerability scanners weren’t designed for this because they don’t have embedded knowledge about database structures and expected behavior, nor can they issue SQL queries (via credentialed access to the database) in order to reveal database configuration information.
Figure : Vulnerability assessment and change tracking use case.
The result of a vulnerability assessment is often a set of specific recommendations. This is the first step in hardening the database. Other elements of hardening involve removing all functions and options that you do not use.
- Change Auditing.
Once you’ve created a hardened configuration, you must continually track it to ensure that you don’t digress from your “gold” (secure) configuration. You can do this with change auditing tools that compare snapshots of the configurations (at both the operating system level and at the database level) and
immediately alert you whenever a change is made that could affect the security of the database.
Figure : Use case for database activity monitoring (DAM) and auditing.
- Database Activity Monitoring (DAM).
Real-time monitoring of database activity is key to limiting your exposure by immediately detecting intrusions and misuse. For example, DAM can alert on unusual access patterns indicating a SQL injection attack, unauthorized changes to financial data, elevation of account privileges, and configuration
changes executed via SQL commands. Monitoring privileged users is also a requirement for data
governance regulations such as SOX and data privacy regulations such as PCI DSS. It’s also important for detecting intrusions, since attacks will frequently result in the attacker gaining privileged user access (such as via credentials owned by your business applications).
DAM is also an essential element of vulnerability assessment, because it allows you to go beyond traditional static assessments to include dynamic assessments of “behavioral vulnerabilities” such as multiple users sharing privileged credentials or an excessive number of failed database logins.
“ Not all data and not all users are created equally. You must authenticate users,
ensure full accountability per user, and manage privileges to limit access to data.”
Finally, some DAM technologies offer application-layer monitoring, allowing you to detect fraud conducted via multi-tier applications such as PeopleSoft, SAP and Oracle e-Business Suite, rather than via direct connections to the database.
Secure, non-repudiable audit trails must be generated and maintained for any database activities that impact security posture, data integrity or viewing sensitive data. In addition to being a key compliance requirement, having granular audit trails is also important for forensic investigations. Most organizations currently employ some form of manual auditing utilizing traditional native database logging capabilities. However, these approaches are often found to be lacking because of their complexity and high operational costs due to manual efforts. Other disadvantages include high performance overhead, lack of separation of duties (since DBAs can easily tamper with the contents of database logs, thereby affecting non-repudiation) and the need to purchase and manage large amounts of storage capacity to handle massive amounts of unfiltered transaction information. Fortunately, a new class of DAM solutions are now available that provide granular, DBMS-independent auditing with minimal impact on performance, while reducing operational costs via automation, centralized cross-DBMS policies and audit repositories, filtering and compression.
- Authentication, Access Control and Entitlement Management.
Not all data and not all users are created equally. You must authenticate users, ensure full accountability per user, and manage privileges to limit access to data. And you should enforce these privileges – even for the most privileged database users. You also need to periodically review entitlement reports (also called User Right Attestation reports) as part of a formal audit process.
Use encryption to render sensitive data unreadable, so that an attacker cannot gain unauthorized access to data from outside the database. This includes both encryption of data-in-transit, so that an attacker cannot eavesdrop at the networking layer and gain access to the data when it is sent to the database
client, as well as encryption of data-at-rest, so that an attacker cannot extract the data even with access to the media files.
Figure: Managing the entire compliance lifecycle.