SEC835

Practical aspects of security implementation

Part 1

Apply security services

Databases security

Email security

STRIDESpoofing

Any person or technology (Actor) component can be spoofedTampering

Data, or source code, or configuration parameters can be tamperedRepudiation

A user’s actions can be repudiatedInformation disclosure

Data, or any other information including system architectural design, are vulnerable to information disclosure

Denial of ServiceAny technology resource is vulnerable to DoS

Elevation of PrivilegesAny user or technology related level of privileges is vulnerable to elevation of privileges

DatabasesSpoofing:

DBAODBC driver

TamperingData Configuration parameters

Information disclosureDataDB structureODBC credentials

Denial of serviceRDB as the technology resource

Elevation of privilegesDBARPC

DB security

Strong access controlDatabase

Tables

Columns

In most cases RBAC has been implemented

SQL language allow runtime granting of access privileges to users or roles

DB securityThe GRANT command:

GRANT {privileges/role}[ON table]TO {user/role/public}[IDENTIFIED BY password][WITH GRANT OPTION]

The command allows granting of privileges and/or roles to another user or to another role thus providing a lot of flexibility in runtime privileges management

DB security

What to GRANT?Select – grantee is allowed to read entire DB, table, or columns

Insert – grantee may insert rows in a table, or insert rows with values for specific columns in a table

Update – similar to insert

Delete – delete rows from a table

References – grantee is allowed to define foreign keys in another table that refer to the specified columns

DB security

REVOKE {privileges/ role}

[ON table]

FROM {user/role/public}

DB security

Cascading authorizationAllow a user granting access to another user, and so on

Revoke assumes cascading revoking of access

Be aware about security issues:May be exploited to elevate privileges

Complicated grant schema may confuse revoking, leaving a user with the access granted

DB security

Tampering and Information DisclosureDiscrete storing

• Store sensitive data only when it is really necessary

Encryption• Symmetric encryption for confidentiality

• Hash for integrity

Strong encryption

Secure key management

DB encryptionEncryption may apply to

The whole tableThe attribute (column)The field (just a single cell)

Encryption makes a negative impact on the DB searching when encrypted values must be used as searching criteriaTo help, the table partitioning may apply, where each partition has the unique index used to identify the range of records

DB encryptionTable partitioning exampleEmployee salary is a searching criteria but must be encryptedThe table partitioning is supported by the index that is mapped to the range of rows, e.g.:

1 – values from 35K to 75K2 – values from 76 K to 95 K3 – values from 96 and up

The table rows contain encrypted values and indices that replace real values

DB encryption (cont.)To decrypt the table that was encrypted and partitioned the map of indices and the ranges is required in addition to encryption keysThis map must be stored on the client, not on the serverDecryption and converting data into its original value also has been performed on the clientMake sure that encryption key on client side is safe

DBMS technology components

Must be protected from DoS attack

Strong access control for all type of interfaces:Users

Admins

API

Bulk data loading

Strong data input validation

Protect against SQL injection attacks

DB backups

DB must be regularly backups

Media – tapes, or mirror servers, or both

Backups must be stored at different (remote) location

DB backups

Mode of backups:Full backup

Incremental – backup files changed after last backup

Differential – backup any file that are changed since the last full backup

Records retention

Policy exists to specify the period of keepng data available

Secure destructionShredding

Magnetic destruction

DB SecurityInference problem

A possibility to derive additional information from small pieces or fraction of dataFractions or pieces can be not confidential but derived data isOften may be completed by combining queries

Protection:Splitting tables and assigning fine-grained access controlSeparation of dutiesPerturbation of data

DB security

Privacy issueFor some databases, in particular for healthcare and financial data, personal identifiers must not be present in the records

Achieved by applying data sanitization service

That is about applying the algorithms of “masking” data in store, or in a user’s view

That is in addition to cryptography

Secure Email

Major threatsUnauthorized access (confidentiality, integrity)

Viruses sent with attachments

Spam

Spoofing email addresses

Protection

EncryptionPGP – encryption technology used to protect confidentiality, integrity and authenticate a sender. This is a hybrid technology. The following is in use:

• Public/private key (RSA)

• Secret key for symmetric encryption (AES, 3DES)

• Digital signature (MD5, SHA-1)

Protection

ANTI-virus protectionInstall and keep up-to-date

SpamAnti-spam software