Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Top 10 Database Security Threats and How to Stop Them Rob Rachwald Director of Security Strategy Imperva Confidential Data Has Value Data Has Value Top 7 Attacks Discussed in Hacker Forums 11% 12% 12% 9% 21% 20% 15% dos/ddos SQL injection spam brute-force shell code zero-day html injection Imperva Confidential Sources of a Data Breach Malicious Insider 33% Hacker 29% Non malicious 38% Source: 2010 Securosis-Imperva survey of more than 1100 U.S. and multinational IT security practitioners. https://www.imperva.com/ld/data_security_survey.asp? Agenda Top 10 Database Security Threats • Definition • Analysis • Consequence • Mitigation Imperva Confidential Excessive Privilege Abuse CONFIDENTIAL Database Top 10 Threats Excessive Privilege Abuse Definition • Users (or applications) granted database access privileges in excess of “business need-to-know” Imperva Confidential Database Top 10 Threats Excessive Privilege Abuse Analysis • Hard to obtain a true list of required privileges • Database ACL semantics are too limited Consequence • Any “minor” breach becomes a major incident! • See SQL Injection Imperva Confidential Database Top 10 Threats Excessive Privilege Abuse Mitigation •More granular ACLs: Query ACLs •What queries are allowed against the table by this user •Automatic and Dynamic ACL profiling Imperva Confidential Mitigation Query Access Control Lists Data Leakage via Database Access select * from classes where class_id = ? Normal Usage • select * from classes where class_id = 101 Privilege Abuse • select username, password from students Imperva Confidential Mitigation Query Access Control Lists Data Leakage via Web Application select * from students where username = ? and password = ? Normal Usage • Select * from users where username = ‘john’ and password = ‘smith’ Privilege Abuse • Select * from users where username = ‘john’ and password = ‘smith’ or 1=1 Imperva Confidential Legitimate Privilege Abuse Imperva Confidential CONFIDENTIAL Database Top 10 Threats Legitimate Privilege Abuse Definition • Abuse legitimate db privileges for unauthorized purposes Imperva Confidential Database Top 10 Threats Legitimate Privilege Abuse Analysis Consequence • Use simple and available desktop tools • Retrieve large quantities of data • Store sensitive data locally • Make unauthorized changes • Data theft • Data loss • Embezzlement Imperva Confidential Database Top 10 Threats Legitimate Privilege Abuse Mitigation • More granular ACL: Context based ACL • ACL augmented with the context of query E.g. Client machine, client software, time-ofday Privilege Elevation Imperva Confidential CONFIDENTIAL Database Top 10 Threats Privilege Elevation Definition • Low privileged user exploits database vulnerabilities to gain administrative privileges. Imperva Confidential Database Top 10 Threats Privilege Elevation Part 1 Imperva Confidential Database Top 10 Threats Privilege Elevation Part 2 Imperva Confidential Database Top 10 Threats Privilege Elevation Part 3 Imperva Confidential Database Top 10 Threats Privilege Elevation Part 4 Imperva Confidential Database Top 10 Threats Privilege Elevation Part 5 Imperva Confidential Database Top 10 Threats Privilege Elevation Analysis Consequence • Susceptible objects • Stored procedures and built-in functions • SQL Statements • Types of vulnerabilities • Buffer overflow • SQL Injection • Any “minor” breach becomes a major incident • Built-in access control becomes ineffective Imperva Confidential Database Top 10 Threats Privilege Elevation Mitigation • More granular ACL: Query level ACLs • Automatic and dynamic ACL profiling • Monitoring access to vulnerable objects Imperva Confidential Weak Audit « In God I trust. For everyone else, I keep log files. » Imperva Confidential CONFIDENTIAL Database Top 10 Threats Weak Audit Definition • Audit policies that rely on built-in database mechanisms suffer a number of weaknesses Imperva Confidential Database Top 10 Threats Weak Audit Performance degradation and DBA attention span Knowing what matters in the mountain of audit data Limited Granularity Imperva Confidential Database Top 10 Threats Weak Audit Proprietary Vulnerable to database attacks No End to End UserTracking Imperva Confidential Database Top 10 Threats Weak Audit No End-to-End User Tracking Imperva Confidential Database Top 10 Threats Weak Audit Consequence Mitigation • Regulatory problems • Data is not there when you need it • Independent audit device Imperva Confidential SQL Injection CONFIDENTIAL Database Top 10 Threats SQL Injection Definition • Attacker inserts an unauthorized SQL statement through a SQL data channel Imperva Confidential Database Top 10 Threats SQL Injection Analysis Consequence • Caused by non-validated input parameters • Access to unauthorized data • Unauthorized data manipulation • Denial of service • Privilege elevation Imperva Confidential Database Top 10 Threats SQL Injection Mitigation • More granular ACL: Query level ACLs • Automatic and dynamic ACL profiling Imperva Confidential Unauthorized Copies of Sensitive Data Imperva Confidential CONFIDENTIAL Database Top 10 Threats Unauthorized Copies of Sensitive Data Definition • Sensitive data copied to new databases without any individual held responsible Imperva Confidential Database Top 10 Threats Unauthorized Copies of Sensitive Data Analysis Consequence • Databases created without knowledge of security team • Correct security controls not applied • Sensitive data “Out-of-Scope” of assessment • Illegal access of data Imperva Confidential Database Top 10 Threats Unauthorized Copies of Sensitive Data Mitigation Data Discovery Data Classification Imperva Confidential Exploitation of Vulnerable, Mis-Configured Databases Imperva Confidential CONFIDENTIAL Database Top 10 Threats Exploitation of Vulnerable, Mis-configured Databases Definition • Vulnerable and unpatched databases, and databases with default accounts and configuration parameters which allow unauthorized access Imperva Confidential Database Top 10 Threats Exploitation of Vulnerable, Mis-configured Databases Analysis • Lengthy database patching process • Default accounts and configuration parameters • Weak account names and/ or passwords • Weakened audit parameters Consequence • Access to unauthorized data • Unauthorized data manipulation • Privilege elevation • Credential theft Imperva Confidential Database Top 10 Threats Exploitation of Vulnerable, Mis-configured Databases Mitigation • Database assessment • Configuration assessment • Virtual patching Imperva Confidential Denial of Service CONFIDENTIAL Database Top 10 Threats Denial of Service Definition • Attacks that affect the availability of information from the database to users Imperva Confidential Database Top 10 Threats Denial of Service Analysis Consequence • Specific vulnerabilities • Resource oriented attacks • Critical for modern day organizations • Paralyzing the entire operation of an organization or part of it Imperva Confidential Database Top 10 Threats Denial of Service Mitigation • Specific mechanisms for specific vulnerabilities • Resource control mechanisms •Timing responses •Sizing responses •Connection Control • Problem detection •Timing latency in system Imperva Confidential Database Communication Protocol Vulnerabilities Imperva Confidential CONFIDENTIAL Database Top 10 Threats Database Communication Protocol Vulnerabilities Definition • Tampering with db related network protocol messages Imperva Confidential Database Top 10 Threats Database Communication Protocol Vulnerabilities Analysis • Proprietary network protocols to communicate data and commands • Complex (and mostly obscure) protocols are prone to security vulnerabilities Imperva Confidential Database Top 10 Threats Database Communication Protocol Vulnerabilities Record Size = 52 Field Size = 255 0000 0000 12 01 00 34 00 00 00 00 00 00 15 00 FF 01 00 1b 0000 0010 00 01 02 00 1c 00 0c 03 00 28 00 04 ff 08 00 01 0000 0020 55 00 00 00 4d 53 53 51 4c 53 65 72 76 65 72 00 0000 0030 a8 07 00 00 51 Database Top 10 Threats Database Communication Protocol Vulnerabilities 52 Database Top 10 Threats Database Communication Protocol Vulnerabilities Consequence • Unauthorized data access • Unauthorized data manipulation • Denial of service Imperva Confidential Database Top 10 Threats Database Communication Protocol Vulnerabilities Mitigation •Protocol validation engine (addresses even unknown vulnerabilities) •Reactive protocol validation (addresses known vulnerabilities) Imperva Confidential Backup Data Exposure Imperva Confidential CONFIDENTIAL Database Top 10 Threats Backup Data Exposure Definition • Unencrypted data on Backup Tapes and Disk Imperva Confidential Database Top 10 Threats Backup Data Exposure Imperva Confidential Database Top 10 Threats Backup Data Exposure Analysis • Many recent incidents where backup media is lost or stolen Consequence • Exposure of huge amounts of sensitive information Imperva Confidential Database Top 10 Threats Backup Data Exposure Mitigation •End to end encryption •Disk encryption •Database encryption •A better solution is yet to be found! Imperva Confidential Database Top 10 Threats Summary Imperva Confidential Imperva Confidential Question & Answer More Information: www.imperva.com Blog blog.imperva.com iTunes/Podcasts www.imperva.com/resources/podcasts.asp YouTube www.youtube.com/user/ImpervaChannel Twitter twitter.com/Imperva Linkedin www.linkedin.com/companies/Imperva Facebook www.facebook.com/imperva