Post on 26-Dec-2015
transcript
NCAI Exchange NetworkTribal User Meeting
9-10 April 2008
Considerations for Tribal Database Application Security
Bill FarrPresident
ResourceVue, LLCT: 801-458-5900, bfarr@topvue.com
© 2008 ResourceVue, LLC, All Rights reserved
Integrated Data Environments forNatural Resource Management
3NCAI 9 Apr 2008
NCAI Tribal Data Types Examples
Departmental Data Tracking
Haz Waste
Land Use, Air
etc…
Water Resources
Departmental Unique Data Tracking
Contract, Grant Management
Program Management
etc…Finance
TribalCommon Processes
Tribal Business Applications
EPA ENNode
Clients
WaterAssets
GISLand
Assets
Air
Ag
4NCAI 9 Apr 2008
NCAI IT and Data Architectures
Databases typically run on servers that have basic protection
Internet Explorer
WebFirewall
SWCode
IIS
DB(Oracle)
IIS and Oracle can reside on the same server, where IIS communicates with the Oracle database through port 1521
WebServices
ServerClient
Client connects to IIS server over the Web and through a firewall using port 443
Users are authenticated using PKI certificates and strong passwords
5NCAI 9 Apr 2008
NCAI Threats to Database Applications
80% of malicious activity on data comes from the inside… (Forester)
Typical database application threats are:– SQL Injection
– Inference
– Web page hi-jacks
Result: Unauthorized access to data
6NCAI 9 Apr 2008
NCAI Threats to Database Applications
SQL Injection
“…SQL injection attacks allow a malicious activity to execute arbitrary SQL code on the server. The attack is issued by including a string delimiter (') in an input field and following it with SQL instructions. If the server does not properly validate input, the instructions may be executed against the database. “
Malicious DB query
7NCAI 9 Apr 2008
NCAI Threats to Database Applications
Inference– Inference occurs when users are able to piece together information at one
security level to determine a fact that should be protected at a higher security level.
Level 1
Level 2
Inference
TribalMember Name
AllotmentOwnership
8NCAI 9 Apr 2008
NCAI Threats to Database Applications
Web page Hi-jacks
A web page hi jack occurs when a malicious person tries to capture a URL/page name without going though any authentication.
AuthenticationWeb page
Malicious User
Hi-jack
Database
9NCAI 9 Apr 2008
NCAI What to ask the DB Developer
What tiers/layers do you have in your application, and what security is built in?
How do you handle SQL Injection attacks?
How do you handle Inference attacks?
How do you handle Web age Hijacks?
How do you handle User Security?
10NCAI 9 Apr 2008
NCAI Example Answers
What tiers/layers do you have……
Internet Explorer
IIS TVUtils DBUtils DB
The Internet Explorer client communicates to the IIS server through HTTPS
The IIS server passes user requests to the TVUtils object, which returns HTML and DHTML
The TVUtils object communicates with the DBUtils object using XML
The DBUtils object retrieves information from and updates information in the Oracle database using an OLEDB connection
WebServices
Middle Layer Data Layer
11NCAI 9 Apr 2008
NCAI Example Answers
How do you handle SQL Injection attacks?
“Our middle layer performs a format check on the DB request…”
DBUtils DB
Data LayerMiddle
Is this request the correct format???- NO: kick out- Yes: proceed
12NCAI 9 Apr 2008
NCAI Example Answers
How do you handle Inference attacks?
“1. If a user does not have the permissions they can not get to the next page, and…..
2. Error messages no display any data.”
Level 1
Level 2
Inference
TribalMember Name
AllotmentOwnership
X
13NCAI 9 Apr 2008
NCAI Example Answers
How do you handle Web page Hijacks?
“1. If a user does not have the permissions they can not get to the next page, and…..
2. each page checks the source of the request; if not authenticated, it throws a message:
AuthenticationWeb page
Malicious User
Hi-jack
Database
14NCAI 9 Apr 2008
NCAI Example Answers
How do you handle User Security?
“We use a multi-factored security model:
•Realm: Separate data into virtual instances
•Rule: Restrict DB operations to what is needed, when..
•Roles:Only allows users to perform the functions they need
•Policy: Written policies on the above
16NCAI 9 Apr 2008
NCAIMni Sose – Resourcevue Super Node
Example
Mni SoseCoalition DB
CoalitionTribe 1 DB
Omaha
CoalitionTribe 3 DB
CoalitionTribe 4 DB
CoalitionTribe 5 DB
CoalitionTribe 6 DB
CoalitionTribe 7 DB
Web Services
Web Services
Web Services
Web Services
Web Services
Web Services
Web Services
AggregatedMulti-tribal
Water QualityData
Mni Sose‘Super-Node’Node Client
Mni SosePortal DB
Kickapoo
Ponca
Prairie Band
Potawatomi
Sac and Fox
SanteeSioux
Winnebago
Web Services
Web Services
Web Services
Web Services
Web Services
Web Services
Web Services
AggregatedMulti-tribal
Environmental
Data Services
Mni Sose‘Super-Node’Node Client
Local Data Server
Spreadsheet
Realm: Separate, SecureTribal
Databases
Role: IndividualMemberLog In
EPA EN
SearchesReports
Documents
Roll-upQueries
Rule: Only allow operations
at certain hous
17NCAI 9 Apr 2008
NCAI A Solution
Web based – currently hosted at Mni Sose, Rapid City
Program Area Apps: Water, Air, Facilities
Document Library
Member access, security, admin
Multi-TribalPartitions
18NCAI 9 Apr 2008
NCAI Role: Access to Water Assets
Surface and Ground Water Sources
Monitoring Stations
Manage BaselineData of Water
Assets
ManageMonitoring
Stations
19NCAI 9 Apr 2008
NCAI Role: Manage of EPA Transactions
Track each node client data submission history– EPA token ID, XML file (WQX)
20NCAI 9 Apr 2008
NCAI The Process - Node Client Flow
Sample Process for Managing Water Quality Data Exchange
ManageMonitoring
Stations
WaterResources
Dept
Reviewers
Manage BaselineData of Water
Assets
Import DataInto CentralRepository
Prepare EPAData Exchange
Format
Invoke NodeClient to Push
Data Set to EPA
Review and Assess Water Quality Data
100
200
110 120
300
Water Quality
Engineers
ReceiveData Set
410
EPA
Gather WaterQuality Samples
210
130
SetStandards
400
DATA
STORE
PLANNING