Cyber-attack rates have been on the rise in recent times, and the need for protection of corporate networks cannot be overemphasized. Databases are the most common targets due to the fact that they contain valuable and sensitive information. Whether the data is financial or holds corporate secrets, there is always serious benefit to the hackers if they are able to access such information. The most common database security threats whether the internal or external are as follows:
1. Excessive Privilege Abuse
When a user is granted database access privileges that exceed that which is required for their job functions. These privileges may be abused and used as an avenue for conducting devious acts in the system.
The solution for excessive privileges abuse is the use query-level access control. Query-level access control mechanism restrict database privileges to the minimum-required SQL operations and data.
2. Legitimate Privilege Abuse
This is where a user abuses legitimate privileges to conduct unauthorized actions. Consider hypothetical a rogue worker who uses his or her legitimate privileges to access sensitive data. This definitely does not comply with the corporation’s policies.
There are two risks to consider. The first a rogue worker who is willing to trade the information for money. Secondly the negligent employee who retrieves and stores a large amount of data to another machine for example personal laptop. Once the data exists in another machine it becomes vulnerable to wrong such as Trojans and laptop theft.
The solution to legitimate privilege abuse is the use specific queries to the context surrounding database access. By enforcing policy for client applications, time of day, location, etc… it will be possible to identify users who are using legitimate database access privileges in a suspicious manner.
3. Elevation of Privileges
Attacker or rogue workers’ may take advantage of database platforms software vulnerabilities to convert access privileges from those of an ordinary user to that of an administrator. This vulnerabilities may be found in: built in function, SQL statements, stored procedures and even protocol implementations.
Elevation of privileges can be prevented with a combination of traditional intrusion prevention systems (IPS) and query level access controls.
4. Platform Vulnerabilities
Vulnerabilities in underlying operating systems (windows 07) and additional services installed on a database server may lead to unauthorized access, data corruption or denial of service.
This can be prevented using the combination of regular software updates and intrusion prevention systems (IPS). Vendor provided updates eliminate vulnerabilities found in database platform over time. The IPS is the used to inspect database traffic and identify attacks targeting known vulnerabilities.
5. SQL Injections
In this kind of attack, a perpetrator typically inserts unauthorized database statements into vulnerable SQL data channel. The most targeted data channels include stored procedures and web application input parameters. These injected statements are then passed to the database where they are executed. Using SQL injection, attackers may gain unrestricted access to an entire database.
Three techniques can be combined to effectively protect against SQL injection: intrusion prevention (IPS), query-level access control and event correlation.
6. Poor Audit Trail
Automated recording of all sensitive or unusual database transactions should be part of the foundation underlying any database deployment. Poor database policy represents a serious risk to organizations in many levels.
First they always tend to be at odds with the governments regulatory requirements. Secondly it is disadvantage during the investigations, for the investigators will lack proper forensics to link the intruders to a crime.
Proper audit trail also aids in the protection of the database for if an attacker manages to circumnavigate other defenses, auditing of the data can identify the existence of a violation in the system. This are among the many importance of proper audit trail.
Poor audit trail can be prevented by: offloading audit processes to network appliances, separating duties and cross-platform auditing.
7. Denial of Services
This is a general attack category in which access to network applications or data is denied to intended users. This conditions can be created by many techniques such as: taking advantage of database vulnerability to crash server, data corruption, network flooding or server resource overload
Denial of services can be prevented, through protection at multiple level. At the network, application and database levels protections are all necessary.
8. Database Communications Protocol Vulnerabilities
All database vendors have identified a growing number of security vulnerabilities in database communication protocols. Fraudulent activity targeting these vulnerabilities can range from unauthorized data access, to data corruption or to denial of services.
Database communication protocol attacks can prevented by technology commonly referred to as protocol validation. Protocol validation technology essentially parses database traffic and compares it to expectations. In the event that live traffic does not match expectations, alerts or blocking actions may be taken.
9. Weak Authentication
Weak authentication allows attackers to assume the identity of legitimate database users by stealing or otherwise obtaining log in credentials. An attacker may employ any number of strategies to obtain credentials.
This can be prevented using strong authentication and the use of directory integration to be able to protect accounts.
10. Backup Data Exposure
With the backups not being protected mostly, they tend to always be the target. As a result several high profile security breaches have involved theft of database backup tapes and hard disks.
This can be prevented by ensuring all the database backups are encrypted. All organizations should always try to protect their backups as they do for online products in this way ensuring proper protection of sensitive information.
- Top 5 Database Security Threats
- Securing Website Applications And Databases For Pci Compliance
- Common Database Threats And How To Curb Them