SEC835
Practical aspects of security implementation
Part 1
Apply security services
Databases security
Email security
STRIDESpoofing
Any person or technology (Actor) component can be spoofedTampering
Data, or source code, or configuration parameters can be tamperedRepudiation
A user’s actions can be repudiatedInformation disclosure
Data, or any other information including system architectural design, are vulnerable to information disclosure
Denial of ServiceAny technology resource is vulnerable to DoS
Elevation of PrivilegesAny user or technology related level of privileges is vulnerable to elevation of privileges
DatabasesSpoofing:
DBAODBC driver
TamperingData Configuration parameters
Information disclosureDataDB structureODBC credentials
Denial of serviceRDB as the technology resource
Elevation of privilegesDBARPC
DB security
Strong access controlDatabase
Tables
Columns
In most cases RBAC has been implemented
SQL language allow runtime granting of access privileges to users or roles
DB securityThe GRANT command:
GRANT {privileges/role}[ON table]TO {user/role/public}[IDENTIFIED BY password][WITH GRANT OPTION]
The command allows granting of privileges and/or roles to another user or to another role thus providing a lot of flexibility in runtime privileges management
DB security
What to GRANT?Select – grantee is allowed to read entire DB, table, or columns
Insert – grantee may insert rows in a table, or insert rows with values for specific columns in a table
Update – similar to insert
Delete – delete rows from a table
References – grantee is allowed to define foreign keys in another table that refer to the specified columns
DB security
REVOKE {privileges/ role}
[ON table]
FROM {user/role/public}
DB security
Cascading authorizationAllow a user granting access to another user, and so on
Revoke assumes cascading revoking of access
Be aware about security issues:May be exploited to elevate privileges
Complicated grant schema may confuse revoking, leaving a user with the access granted
DB security
Tampering and Information DisclosureDiscrete storing
• Store sensitive data only when it is really necessary
Encryption• Symmetric encryption for confidentiality
• Hash for integrity
Strong encryption
Secure key management
DB encryptionEncryption may apply to
The whole tableThe attribute (column)The field (just a single cell)
Encryption makes a negative impact on the DB searching when encrypted values must be used as searching criteriaTo help, the table partitioning may apply, where each partition has the unique index used to identify the range of records
DB encryptionTable partitioning exampleEmployee salary is a searching criteria but must be encryptedThe table partitioning is supported by the index that is mapped to the range of rows, e.g.:
1 – values from 35K to 75K2 – values from 76 K to 95 K3 – values from 96 and up
The table rows contain encrypted values and indices that replace real values
DB encryption (cont.)To decrypt the table that was encrypted and partitioned the map of indices and the ranges is required in addition to encryption keysThis map must be stored on the client, not on the serverDecryption and converting data into its original value also has been performed on the clientMake sure that encryption key on client side is safe
DBMS technology components
Must be protected from DoS attack
Strong access control for all type of interfaces:Users
Admins
API
Bulk data loading
Strong data input validation
Protect against SQL injection attacks
DB backups
DB must be regularly backups
Media – tapes, or mirror servers, or both
Backups must be stored at different (remote) location
DB backups
Mode of backups:Full backup
Incremental – backup files changed after last backup
Differential – backup any file that are changed since the last full backup
Records retention
Policy exists to specify the period of keepng data available
Secure destructionShredding
Magnetic destruction
DB SecurityInference problem
A possibility to derive additional information from small pieces or fraction of dataFractions or pieces can be not confidential but derived data isOften may be completed by combining queries
Protection:Splitting tables and assigning fine-grained access controlSeparation of dutiesPerturbation of data
DB security
Privacy issueFor some databases, in particular for healthcare and financial data, personal identifiers must not be present in the records
Achieved by applying data sanitization service
That is about applying the algorithms of “masking” data in store, or in a user’s view
That is in addition to cryptography
Secure Email
Major threatsUnauthorized access (confidentiality, integrity)
Viruses sent with attachments
Spam
Spoofing email addresses
Protection
EncryptionPGP – encryption technology used to protect confidentiality, integrity and authenticate a sender. This is a hybrid technology. The following is in use:
• Public/private key (RSA)
• Secret key for symmetric encryption (AES, 3DES)
• Digital signature (MD5, SHA-1)
Protection
ANTI-virus protectionInstall and keep up-to-date
SpamAnti-spam software