Database security

Database security refers to the use of a wide range of information security controls , to databases to protect (possibly including the data , the database applications or the stored database functionality, the database management systems, database servers and associated network connections ) against threats to confidentiality , integrity and availability . It includes different types or categories of control such as technical, procedural / administrative, and physical. Database security is a special area that can be assigned to the more general areas of information security and risk management .

Risks

Security risks for database systems include, for example:

Unauthorized or unintentional activity or misuse by authorized users or hackers (such as inappropriate access to sensitive data, metadata or functions within databases, or inappropriate changes to database programs, structures or security settings);
Infestation of malicious programs that cause incidents such as unauthorized access , leakage or disclosure of personal or proprietary data, deletion of or damage to data or programs , interruption or denial of authorized database access, attacks on other systems and unexpected failure of database services;
Overloads, performance restrictions and capacity problems that result in an inability for authorized users to use the database as intended;
Physical damage to database servers caused by data center fire or flooding , overheating, lightning strikes, accidental liquid spills, electrostatic discharge , electronic malfunctions, or equipment failure or obsolescence;
Construction weaknesses or program errors in databases and programs and systems connected to them, which cause a wide variety of security vulnerabilities (such as unauthorized expansion of rights ), loss or corruption of data, degradation of performance etc .;
Data corruption and / or loss caused by the entry of invalid data or commands, errors in database or system administration processes, sabotage or criminal damage, etc.

Many layers and types of information security control are useful for databases, including:

Originally, databases were largely protected against hackers using network security measures such as firewalls and network- based intrusion detection systems . While network security controls remain valuable in this regard, it has become more crucial to protect the database systems themselves and the programs or functions and data within them, as networks are increasingly being opened up for further access, especially from the Internet . Furthermore, system, program, function and data access controls, together with the associated functions for user identification, authentication and rights management, have always been important in order to restrict the activities of authorized users and administrators , and in some cases also to record them. In other words, these are complementary approaches to database security.

Many organizations develop their own basic protection standards and designs that precisely define the security control measures for their database systems. These can include the general information security requirements or obligations, which are stipulated by company guidelines or applicable law (e.g. relating to data protection or corporate finance and reporting), in addition to generally accepted best practice (such as appropriate hardening of the underlying systems) and possibly relevant security recommendations Providers of database systems and software.

The security designs for special database systems typically specify further security administration and management functions (such as administration and reporting of user access rights, operation and analysis of logging , replication or synchronization and backup of databases) together with various business-driven information security controls within the database programs and functions (for example Checking data entries and checking the booking of new entries). In addition, various security-related activities (manual controls) are usually incorporated into the procedures, guidelines and the like that relate to the design, development, setting, use, control and administration of databases.

Assessment of weak points and compliance

One method of evaluating database security involves running vulnerability assessments or penetration tests on the database. The auditors try to find security vulnerabilities that could be used to overwhelm or circumvent security controls, break into the database, compromise the system, and so on. Administrators of databases or for information security may use automated vulnerability scans, for example, in order to identify incorrect configuration of controls between the above-mentioned layers as well as known weaknesses within the database software. The results of such scans are used to harden the database (improve security controls) and lock down the specific vulnerabilities identified, but unfortunately other vulnerabilities typically go undetected and unaddressed.

A program of constant monitoring of compliance with database security standards is another important task for mission-critical database environments. Two critical aspects of maintaining database security include patch control and reviewing and managing permissions (especially public) granted to objects within the database. Database objects include tables or other objects that are linked in the table. The permissions granted for commands of the SQL language on objects are considered in this process. It should be noted that monitoring compliance with guidelines is similar to vulnerability analysis with the main difference that the results of the vulnerability analysis generally influence the security standards, which then lead to the continuous monitoring program. Basically, vulnerability assessment is a preparatory process to identify risks, whereas a monitoring program is a process of ongoing risk assessment.

The monitoring program should take into account any dependencies at the application software level , since changes at the database level may affect the application software or the application servers .

abstraction

Authentication at the application level and authorization mechanisms should be viewed as an effective measure to achieve an abstraction of the database layer. The greatest benefit of an abstraction is the possibility of single sign-on across different databases and database platforms. A single sign-on system should store the credentials (login name and password) of the database users and authenticate the user in the database.

Monitoring of database activities

A monitoring database activity ( English Database activity monitoring (DAM)) is part of a further layer of safety of a more sophisticated nature. Either the analysis of protocol traffic ( SQL ) over the network or the observation of local database activities on each server by means of software agents are used , or both. The use of agents or native logging are required to record the activities that are carried out on the database server, which typically include the activities of the database administrators. Agents allow this information to be captured in a manner that does not allow deactivation by the database administrator, but while the database administrator is able to deactivate or change native audit logs.

Analysis can be performed to identify known exploits or breaks with the strategy, or baselines can be taken over time to establish a normal pattern to identify unusual activity that may indicate intrusion. In addition to intruding detection, these systems can provide comprehensive accounting control for databases, and some systems also provide protection by terminating user sessions and / or quarantining users who suspect suspicious behavior. There are also systems that support the separation of functions , which is a typical requirement for auditors . Segregation of duties requires that the database administrators, who are typically monitored as part of database activity, be unable to disable or modify monitoring. For this it is necessary that the audit records of the monitoring are safely stored in a separate system which is not administered by the database administrator group.

Native audit

In addition to the use of external auxiliary programs for monitoring or auditing, native programs for database audits are also available for many database platforms. The native audit logs are taken regularly and transferred to the intended security system to which the database administrators have no access. This ensures a certain level of segregation of duties, which can be used to prove that the native audit logs have not been modified by authenticated administrators. Turning to the native affects the performance of the server. In general, native database audit logs do not provide sufficient control to enforce segregation of duties; therefore, the measures that act on the level of the network and / or the kernel modules offer a higher degree of trust for searching for clues and preserving evidence.

Procedure and procedure

A database security program should include the regular checks of the authorizations granted to individually created user accounts and user accounts used by automated processes. The user accounts used by the automated processes should have adequate controls around password retention, such as adequate encryption and access controls, to reduce the risk of compromise. For individual user accounts, two-factor authentication should be considered, in which the risk is proportional to the effort for such an authentication system.

In conjunction with a reasonable database security program, an appropriate disaster recovery program should be in place to ensure that operations are not interrupted during a security incident or any other incident that may cause a failure of the primary database environment. An example of this is a replication of the primary databases at locations which are in different geographic regions.

After an incident occurs, forensic analysis should be performed to determine the extent of the breach and to identify appropriate adjustments to systems and / or processes to avoid similar incidents in the future.