Computer Security: Principles and Practice PDF
Document Details
Uploaded by Deleted User
William Stallings, Lawrie Brown
Tags
Summary
This textbook, "Computer Security: Principles and Practice", covers crucial database security topics including SQL injection attacks and countermeasures. It delves into the intricacies of database management systems (DBMS) and related security vulnerabilities. The authors, William Stallings, and Lawrie Brown, provide a comprehensive overview for understanding database security.
Full Transcript
Computer Security: Principles and Practice Fifth Edition Chapter 5 Database and Data Center Security Copyright © 2024, 2018, 2015 Pearson Education, Inc. All Rights Reserv...
Computer Security: Principles and Practice Fifth Edition Chapter 5 Database and Data Center Security Copyright © 2024, 2018, 2015 Pearson Education, Inc. All Rights Reserved Databases Structured collection of data Database management stored for use by one or more system (DBMS) applications Suite of programs for Contains the relationships constructing and between data items and maintaining the groups of data items database Can sometimes contain Offers ad hoc query sensitive data that needs to be facilities to multiple secured users and applications Query language Provides a uniform interface to the database for users and applications Figure 5.1 DBMS Architecture Relational Databases Table of data consisting of rows and columns Each column holds a particular type of data Each row contains a specific value for each column Ideally has one column where all values are unique, forming an identifier/key for that row Enables the creation of multiple tables linked together by a unique identifier that is present in all tables Use a relational query language to access the database Allows the user to request data that fit a given set of criteria Figure 5.2 Example Relational Database Model A relational database uses multiple tables related to one another by a designated key; in this case, the key is the PhoneNumber field. Relational Database Elements Relation Primary key Table/file Uniquely identifies a row Tuple Consists of one or more column Row/record names Attribute Foreign key Column/field Links one table to attributes in another View/virtual table Result of a query that returns selected rows and columns from one or more tables Views are often used for security purposes Table 5.1 Basic Terminology for Relational Databases Formal Name Common Name Also Known As Relation Table File Tuple Row Record Attribute Column Field Figure 5.4 Relational Database Example Database Security Reasons database security has not kept pace with the increased reliance on databases are: There is imbalance between the complexity of modern database management systems (DBMS) and the security technique used to protect these critical systems Databases have a sophisticated interaction protocol, Structured Query Language (SQL), which is complex Effective database security requires a strategy based on a full understanding of the security vulnerabilities of SQL The typical organization lacks full-time database security personnel Most enterprise environments consist of a heterogeneous mixture of database platforms, enterprise platforms, and OS platforms, creating an additional complexity hurdle for security personnel The increasing reliance on cloud technology to host part or all of the corporate database Structured Query Language (SQL) Standardized language to define schema, manipulate, and query data in a relational database Several similar versions of ANSI/ISO standard All follow the same basic syntax and semantics SQL statements can be used to: Create tables Insert and delete data in tables Create views Retrieve data with query statements SQL Injection Attacks (SQLi) One of the most Most common attack goal is prevalent and bulk extraction of data dangerous network- Depending on the based security threats environment SQL injection Designed to exploit the can also be exploited to: nature of Web Modify or delete data application pages Execute arbitrary Sends malicious SQL operating system commands to the commands database server Launch denial-of-service (DoS) attacks Figure 5.5 Typical SQL Injection Attack Injection Technique The SQLi attack typically works by prematurely terminating a text string and appending a new command Because the inserted command may have additional strings appended to it before it is executed the attacker terminates the injected string with a comment mark “- -” Subsequent text is ignored at execution time SQLi Example Try it yourself Visit the Altoro Mutual Banking (Note: this is a test application and not an actual bank website): 1. Try to log in first using any username and password, you will receive a typical 2. Try to log in again and enter the following for the username: ‘ or 1=1 - - 3. Enter any password for the Password field. SQLi Attack Avenues (1 of 2) User input Attackers inject SQL commands by providing suitable crafted user input Server variables Attackers can forge the values that are placed in HTTP and network headers and exploit this vulnerability by placing data directly into the headers Second-order injection A malicious user could rely on data already present in the system or database to trigger an SQL injection attack, so when the attack occurs, the input that modifies the query to cause an attack does not come from the user, but from within the system itself SQLi Attack Avenues (2 of 2) Cookies An attacker could alter cookies such that when the application server builds an SQL query based on the cookie’s content, the structure and function of the query is modified Physical user input Applying user input that constructs an attack outside the realm of web requests Inband Attacks Uses the same communication channel for injecting SQL code and retrieving results The retrieved data are presented directly in application webpage Include: Tautology ▪ This form of attack injects code in one or more conditional statements so that they always evaluate to true End-of-line comment ▪ After injecting code into a particular field, legitimate code that follows is nullified through the use of end of line comments Piggybacked queries ▪ The attacker adds additional queries beyond the intended query, piggybacking the attack on top of a legitimate request Inferential Attack There is no actual transfer of data, but the attacker is able to reconstruct the information by sending particular requests and observing the resulting behavior of the Website/database server Include: Illegal/logically incorrect queries ▪ This attack lets an attacker gather important information about the type and structure of the backend database of a Web application ▪ The attack is considered a preliminary, information-gathering step for other attacks Blind SQL injection ▪ Allows attackers to infer the data present in a database system even when the system is sufficiently secure to not display any erroneous information back to the attacker Out-of-Band Attack Data are retrieved using a different channel This can be used when there are limitations on information retrieval but outbound connectivity from the database server is lax SQLi Countermeasures Three types: Defensive coding ▪ Manual defensive coding practices ▪ Parameterized query insertion ▪ SQL D OM Detection ▪ Signature based ▪ Anomaly based ▪ Code analysis Run-time prevention ▪ Check queries at runtime to see if they conform to a model of expected queries Database Access Control Database access control Can support a range of administrative policies system determines: Centralized administration If the user has access ▪ Small number of privileged users to the entire database may grant and revoke access rights or just portions of it Ownership-based administration What access rights the user has (create, ▪ The creator of a table may grant and insert, delete, update, revoke access rights to the table read, write) Decentralized administration ▪ The owner of the table may grant and revoke authorization rights to other users, allowing them to grant and revoke access rights to the table SQL Access Controls Two commands for managing access rights: Grant ▪ Used to grant one or more access rights or can be used to assign a user to a role Revoke ▪ Revokes the access rights Typical access rights are: Select Insert Update Delete References Figure 5.6 Bob Revokes Privilege From David Role-Based Access Control (RBAC) (1 of 2) Role-based access control eases administrative burden and improves security A database RBAC needs to provide the following capabilities: Create and delete roles Define permissions for a role Assign and cancel assignment of users to roles Role-Based Access Control (RBAC) (2 of 2) Categories of database users: Application owner ▪ An end user who owns database objects as part of an application End user ▪ An end user who operates on database objects via a particular application but does not own any of the database objects Administrator ▪ User who has administrative responsibility for part or all of the database Table 5.2 Fixed Roles in Microsoft SQL Server Figure 5.7 Indirect Information Access Via Inference Channel Figure 5.8 (1 of 2) Inference Example (a) Inventory table Item Availability Cost ($) Department Shelf support in-store/online 7.99 hardware Lid support online only 5.49 hardware Decorative chain in-store/online 104.99 hardware Cake pan online only 12.99 housewares Shower/tub cleaner in-store/online 11.99 housewares Rolling pin in-store/online 10.99 housewares (b) Two views Availability Cost ($) Item Department in-store/online 7.99 Shelf support hardware online only 5.49 Lid support hardware in-store/online 104.99 Decorative chain hardware Figure 5.8 (2 of 2) Inference Example (c) Table derived from combining query answers Item Availability Cost ($) Department Shelf support in-store/online 7.99 hardware Lid support online only 5.49 hardware Decorative chain in-store/online 104.99 hardware Inference Detection Two approaches Inference detection during database design ▪ Approach removes an inference channel by altering the database structure or by changing the access control regime to prevent inference ▪ Techniques in this category often result in unnecessarily stricter access controls that reduce availability Inference detection at query time ▪ Approach seeks to eliminate an inference channel violation during a query or series of queries ▪ If an inference channel is detected, the query is denied or altered Database Encryption (1 of 2) The database is typically the most valuable information resource for any organization Protected by multiple layers of security ▪ Firewalls, authentication, general access control systems, DB access control systems, database encryption ▪ Encryption becomes the last line of defense in database security Can be applied to the entire database, at the record level, the attribute level, or level of the individual field Database Encryption (2 of 2) Disadvantages to encryption: Key management ▪ Authorized users must have access to the decryption key for the data for which they have access Inflexibility ▪ When part or all of the database is encrypted it becomes more difficult to perform record searching Figure 5.9 A Database Encryption Scheme Figure 5.10 Encryption Scheme for Database of Figure 5.3 Table 5.3 Encrypted Database Example (a) Employee Table eid ename salary addr did 23 Tom 70K Maple 45 860 Mary 60K Main 83 320 John 50K River 50 875 Jerry 55K Hopewell 92 (b) Encrypted Employee Table with Indexes E(k, B) I(eid) I(ename) I(salary) I(addr) I(did) 1100110011001011... 1 10 3 7 4 0111000111001010... 5 7 2 7 8 1100010010001101... 2 5 1 9 5 0011010011111101... 5 5 2 4 9 Data Center Security Data center: An enterprise facility that houses a large number of servers, storage devices, and network switches and equipment The number of servers and storage devices can run into the tens of thousands in one facility Generally includes redundant or backup power supplies, redundant network connections, environmental controls, and various security devices Can occupy one room of a building, one or more floors, or an entire building Examples of uses include: Cloud service providers Search engines Large scientific research facilities IT facilities for large enterprises Figure 5.11 Key Data Center Elements Figure 5.12 Data Center Security Model Data Encryption, Password policy, Secure IDs, Data Protection Security (ISO 27002), Data masking, Data retention, etc. Network Firewalls, Anti-virus, Intrusion detection/prevention, Security Authentication, etc. Physical Surveillance, Mantraps, Two/three factor authentication, Security Security zones, ISO 27001/27002, etc. Site Setbacks, Redundant utilities Landscaping, Buffer zones, Security Crash barriers, Entry points, etc. TIA-492 (1 of 2) The Telecommunications Industry Association (TIA) TIA-492 (Telecommunications Infrastructure Standard for Data Centers) specifies the minimum requirements for telecommunications infrastructure of data centers TIA-492 (2 of 2) Includes topics such as: Network architecture Electrical design File storage, backup, and archiving System redundancy Network access control and security Database management Protection against physical hazards Power management Summary The need for database security Database access control Database management systems SQL-based access Relational databases definition Elements of a relational Cascading authorizations database system Role-based access control Structured Query Language Inference SQL injection attacks Database encryption A typical SQLi attack Data center security The injection technique Data center elements SQLi attack avenues and Data center security types considerations SQLi countermeasures TIA-492