ITSS 456

Database Security and Auditing

Dr. Christine Markarian

Information Security Concepts (Ch 1)

CLO1: Examine information security and auditing fundamentals to database

management systems (DBMS)
 Objectives

• Define the nature of database and information systems

security
• Identify the three main security objectives when protecting
information systems
• Identify security threats
• Define and identify the characteristics of viruses and how
they infiltrate systems
• Describe the information security life cycle
• Describe the multilayered nature of security architecture

2
 Why Database Security?
• Most databases provide access spanning several
networks and across the world
• Most online transactions involve a database
• Water supplies, electricity grids, and gas and oil
production depend on a computer network to thrive
– Breach could have catastrophic impact
• Network intruders are well trained and growing more
sophisticated

3
 A Secure Data Environment

• Multiple layers of security

– Most effective approach to minimizing risk of data
breach
• Example of multiple security layers to protect
against malicious e-mail attachments
User awareness training
+
Filter on exchange server to remove known malicious
attachments
+
Firewall configured to deny certain types of traffic
4
 A Secure Data Environment (cont’d.)

• Database security
– Set of established procedures, standards, policies,
and tools
– Helps in protecting against theft, misuse, and attacks
– Deals with permission and access to the data structure

• Common vendor features for database security

– Database-level access control
– Database-level authentication
– Data storage encryption
5
 A Secure Data Environment (cont’d.)

• Computer security
– Necessary element of database security
– Typically defined by the operating system (OS)

• Common computer security features

– OS-level access control
– OS-level authentication
– Application security
– Hardware and software monitors and logs

6
 A Secure Data Environment (cont’d.)

• Network security
– Outermost layer of the database
– Arguably biggest security concern
– Set of established procedures, standards, policies,
and tools
– Goal: protect network from theft, misuse, and attacks
• Hardware and software devices used to secure a
network
– Firewalls, antivirus programs, network monitors,
intrusion detections systems, proxy servers, and
authentication servers
7
Database Security, Computer Security
and Network Security

8
 Database Security Objectives

• Security measures
– Keep information private (privacy) from outside viewing
– Maintain consistency of data (integrity)
– Ensure resources remain at a high degree of
availability
• Key to achieving effective data security architecture
– Organization must maintain confidentiality, integrity,
and availability of its environment. These are called the
C.I.A features.

9
 Figure 1-1 C.I.A. triangle
Courtesy Course Technology/Cengage Learning

10
Database Security Objectives (cont’d.)

• Confidentiality requirements
– Ensure information remains private by limiting
authorized access to resources
– Block unauthorized access to resources
• Confidentiality protected using authentication and
access controls
– State and federal laws may apply to these measures
• Breaches in confidentiality could result in:
– Stolen identity
– Exposed business trade secrets
11
Database Security Objectives (cont’d.)

• Integrity
– Reliable, accurate, and consistent data stored in and
retrieved from the database
– Protected by preventing accidental or
deliberate modifications
– Most difficult item to measure
• Auditing used to compare data with older, backed-
up versions of the data
• Results of integrity breaches
– Unreliable data, flawed programs, system failures

12
Database Security Objectives (cont’d.)

• Availability
– Maintaining accessible network or
database resources
– Business cannot operate without it
• Must identify potential threats to availability
– Assess threat level
– Plan appropriate intervention
– Example of threats: technical failures, natural
disasters, intrusions, user-caused harm

13
 Who Are We Securing Ourselves
Against?
• Must understand what poses a threat
– More threats exist on the inside of a network than on
the outside

• Overly restrictive databases are as ineffective as

those that give too much access
– Healthy balance is needed

restriction access

14
 Hackers

• Hacker
– Person who has mastered firmware and software
of modern computer systems
– Person who enjoys exploration and analysis
of network security without intent to cause
harm
• Cracker
– Person who breaks into a network to destroy or
steal information with intent to cause harm

15
Table 1-1 Types of online intruders 16
 Social Engineers
• People who manipulate others to gain access to
systems, unauthorized areas, or confidential
information
– Often build trust with authorized user
– Use deception and trickery to convince
people to break normal security policies
– Example: asking for a
password, shoulder surfing, etc.

17
 Computer Users

• Network users cause over half of security breaches

• Major contributing factors
- Lack of education - Disregard of policy

• Examples of most common user errors

– Poor habits (computers unlocked and unattended)
– Password error (writing passwords on sticky notes)
– Disregard for company policy (downloading unauthorized software)
– Opening unknown e-mail attachments
– Inappropriate disclosure (giving information over the phone to a social
engineer)
– Procrastination (failing to report computer issues in a timely manner)
18
Network and Database Administrators
• Not often viewed as threats to networks they run
– Room for error exists
– Their mistakes have consequences for integrity,
availability, and reliability of the network

• Dynamic nature of the data environment

– Can cause new security flaws to be created
– Network components must be regularly audited

• Common mistake
– Not removing a user’s rights and account credentials
19
 The Internet

• Billions of Internet users

• Millions of Web sites
• Majority of human beings have Internet access
• Online education and social networking increasing in
popularity
• Threats on the Internet continue to increase
• The estimated annual cost over global cyber crime is
100 billion US dollars.
• Social interactions contribute to growing number of
identity thefts (Instagram, Facebook, Snapshot, etc.)
20
 The Internet (cont’d.)

• Web page code purposes

– To inform browser how to display the content
– To inform browser how to react to user responses
• Hijacking
– Web pages rewritten to distribute malicious code or
redirect user to attacker’s Web site
• Malware
– Malicious software
– Written and used by unauthorized intruders
– Often intended to be harmful and destructive
21
 The Internet (cont’d.)

• Spoofing
– Fraudulent Web site made to look identical to legitimate
Web site (e.g., Bank Phishing Website)
– Objective: draw in a user to gather personal information
(such as a password)
– Can be easy as registering a domain name that is a
slight misspelling of legitimate site (example: gogle
instead
google) of 22
 The Internet (cont’d.)

• Web browser
– Application that interfaces client machine to Internet
– Responsible for sending and receiving user pages
– Has built-in programming language that can be manipulated
– Examples of Internet Web browser are like Chrome,
Firefox, Safari, etc.

23
 The Internet (cont’d.)

• SQL injection
– Intruders append malicious code onto a
database- directed URL
– Intended to manipulate database into
sending confidential information

24
 The Internet (cont’d.)

• Domain name server (DNS)

– Database of domain names and their respective IP
addresses
• DNS poisoning
– Cracker gains control over DNS server
– Cracker substitutes their site IP address for the
legitimate domain name IP address
– User may be fooled into providing
personally identifiable information (PII)
• Browser menu settings can also be manipulated

25
How DNS Works

26
Table 1-2 Common characteristics for dangerous Web sites

27
 Misleading Applications
• Applications designed to deceive users into
believing their computer’s security has been
breached
– User downloads and purchases fake antivirus tools
– Tools deliver malware to user’s computer
– User has no knowledge of true security breach

28
 E-mails

• One of most common forms of communication today

• Biggest threat to network and database environment

– Simple channel of attack for crackers
– Most common way malicious code gains access to
a business

• Common threats to e-mail

– Attachments, phishing, HTML code attacks

29
 E-mails (cont’d.)

• Attachments
– Difficult to identify a fake attachment
– Crackers use attachment names and file
extensions to gain trust
• Spoofing e-mail address
– Using a false e-mail address in the “from” and
“reply” fields
– Increases likelihood that user will open
the attachment

30
 E-mails (cont’d.)

• Phishing
– Attempt to obtain PII using spoofed e-
mail addresses and URLs
– Act of trying to fish information out of people
– May include convincing a user to click a link to
a cracker-owned Web site
– Common technique: fake holiday and birthday
card e-mails
• Web-embedded HTML
– HTML allows email to be formatted like a word
procession application
31
 Instant Messages

• Web-embedded HTML (cont’d.)

– Malicious software can be created using
scripting language and active content
– Users do not have to download attachments or click
unfamiliar links, only read their e-mail to be attacked
• Instant messages
– Data is not encrypted on either file transfer or peer
dialog
– Provides ideal environment for phishing with
spoofed buddy names and redirection techniques

32
 Malware
• Capable of performing harmful and destructive
tasks on victim’s computers
• Can be written in many programming languages
• Types of malware
– Computer viruses
– Worms
– Trojans
– Spyware
– Adware
– Bots
– Ransomware
33
 Computer Viruses
• Form of malware designed to spread from one
computer to another without detection
• Degree of danger varies:
– From annoying disturbances to destruction of
entire systems
• Characteristics found in malicious code
– Self-encryption
• Virus disguises the way it appears to a network
– Stealth
• Viruses make changes to the system
• Need to avoid detection by antivirus programs
34
 Computer Viruses (cont’d.)
– Stealth (cont’d.)
• Intercepts requests from antivirus programs
and answers them, instead of the OS
– Polymorphism
• Ability to change forms to avoid detection
• Code changes signature each time it infects a file
– Residence (automated)
• Virus installs itself directly in computer’s main
system memory
• Virus does not need a user to make it active

35
 Computer Viruses (cont’d.)

• Classes of viruses
– Logic bombs: viruses that corrupt data when
certain conditions are met
– Time bombs: time-delayed viruses
– Spyware: software that intentionally monitors
user’s activities
– Adware: malware used for marketing purposes
• Virus types
– Boot sector viruses load themselves onto the hard
drive’s boot sector

36
 Computer Viruses (cont’d.)

• Virus types (cont’d.)

– Macro viruses: attached to or replace a macro
(a series of commands) in a document
– File-infected viruses attach themselves to
executable file which user must run to activate
– Multipartite viruses combine characteristics of
boot sector virus and file-infected virus

37
 Worms

• Self-replicating malware
• Do not need users to travel from one computer to
another
– Propagate across networks
• Elements of a worm’s travel
– Find a weak target
– Take control of the machine
– Interrogate the machine
– Test a new target

38
Table 1-3 Types of worms

39
 Trojan Viruses

• Malware that disguises itself and its harmful code

• Hide within programs such as software updates,
games, and movies
• Purpose: gain access to sensitive information,
destroy files, or create opportunities for installing
bigger threats
• Types of Trojans
– Remote access and administration Trojan (RAT)
• Allows attacker to control victim’s computer from
a remote location

40
 Trojan Viruses (cont’d.)

• Types of Trojans (cont’d.)

– Data-sending Trojan
• Sends information to attacker, usually with key loggers
– Destructive Trojan
• Randomly deletes files and corrupts the registry
– Proxy Trojan
• Attacker uses victim’s IP address to
commit cybercrime
– File transfer protocol (FTP) Trojan
• Allows attacker to download files from
victim’s computer
41
 Bots

• Also known as software robots

• Able to perform automated tasks for an intruder at
a remote location
• Used for spamming and launching DoS attacks
• Can be hidden in games and other programs
• Can be e-mailed from one infected machine to
another
• Able to disguise themselves, and run in the
background
• Many bots controlled together known as a botnet
42
 SecurityArchitecture:
A Never-Ending Cycle
• Creating a security architecture is not an easy task
• Complete security is an unattainable or
unreachable goal
• Techniques used to attack databases developed
using same technology used to protect the systems
– Intruders become more advanced as technology
advances
• New intrusions developed constantly
• Process of creating and maintaining security
architecture has four phases
43
 Phase 1: Assessment and Analysis

• Determining an organization’s data security needs

– Identify existing vulnerabilities, threats, and assets
• Security audit
– Used to identify threats
– Can be conducted internally or by a third party
• Determine cost of breached or lost asset
– Security measures should never exceed value
of assets they protect

44
 Phase 1: Assessment and Analysis
(cont’d.)
• Risk assessment steps
– List all devices and resources within a
database environment
– Identify vulnerabilities and assets involved with each
resource and device
– Define asset value and cost of damage from the
threats
– Create security measures to counteract the threats
– Prioritize the security measures

45
 Phase 2: Design and Modeling
• Create policies and prototype security architecture
to fit business needs
• Entire organization should be included in the
process
– Policies must be realistic for user and business
needs

46
 Phase 2: Design and Modeling
(cont’d.)
• Design steps
– Define needed policies and procedures
– Identify firmware and software changes to
support the policies
– Create an implementation plan
– Create baselines to determine success and failure
– Define a plan for user training and awareness

47
 Phase 3: Deployment

• Security policies, firmware, and tools put in place

• Test environment usually created first
• Firmware and software purchased and tested
• Deployment steps
– Adjust user awareness training as needed
– Test firmware and software changes in a controlled
simulation environment
– Deploy changes according to the deployment plan

48
 Phase 4: Management and Support

• Monitor security system performance

• Reevaluate architecture after any failures or
breaches
• Management and support steps
– Monitor performance of security architecture and
user security awareness and training
– Make minor policy revisions as necessary
– Identify need for a reassessment and initiate
the start of the security life cycle

49
 Global Policies for the Database
Environment
• Operational information security
– Ensures secure operation of an organization
– Uses reliable policies and procedures
– Has necessary component for maintaining
database environment
• Aspects of information security
– Security policies
– Change management
– Update management
– Disaster recovery plan
50
 Security Policies

• Security policy objectives

– Define overall security goal
– Identify scope of what to secure
– Define roles and responsibilities of people in the
organization
– Identify specific communication processes
– Discuss policy enforcement
• Should be created by a committee of invested
stakeholders
• Plan for communicating policy should be created
51
 Update and Upgrade Management

• Update
– Small change to already installed software
or firmware
• Upgrade
– Replacement for older version of software
• Components of an update management policy
– Patch update procedures
– Software update procedures
– OS upgrade procedures
– Firmware change procedures
52
 Update and Upgrade Management
(cont’d.)
• Upgrades should not be applied to a database
immediately after release
– Good practice to wait months or years until stable
• Questions to ask
– Is the update/upgrade really necessary?
– What are the possible repercussions of the install?
• Create a test environment to test the upgrade
• Put a recovery and restore plan in place to reverse
the upgrade if needed
– Back up files in case reversal does not work
53
 Update and Upgrade Management
(cont’d.)
• Types of updates and upgrades
– Patch
• Small program used to fix or update
software programs or firmware devices
• Often created in response to newly
discovered vulnerability
– Software upgrade
– OS upgrade
• Most significant and risky upgrade
• Involves radical changes to both clients and servers

54
 Backup Management Plan

• Backup
– Intentional copy of data, files, and
system configurations
– Used to archive and store information
– Used to replace files after network failure or attack
• Backup management plan
– Process to ensure safety of network data
• Backup solutions
– Many available today
– Choose best fit for data and business goals
55
 Backup Management Plan (cont’d.)
• Questions to answer when choosing backup
strategy
– What media should I use?
– Where will backup be placed?
– What should be backed up?
– How often should information be saved?
– What time of day should backup occur?
– What type of backup should be completed?

56
 The Disaster Plan
• Plan developed to ensure quick reinstatement of a
network after a human-caused or natural disaster
– Goal: restore most critical aspects of the business
• Plan should include:
– Contact information for emergency responders
– Roles and responsibilities of response staff
– Location and details of network backups
– Agreements with national service carriers
– Communications strategies
– Contract information for disaster recovery services
57
 The Disaster Plan (cont’d.)

• Physical site recovery options

– Cold site
• Provides basic necessities for rebuilding a network
– Warm site
• Provides basic necessities and hardware and
software devices
– Hot site
• Exact replica of organization’s network
• Shared site agreements distribute cost of
maintaining backup site among similar companies

58
 Summary
• Database security refers to policy, procedure, and
design efforts to mitigate threats to a database
system
• Effective database security requires confidentiality,
integrity, and availability
• Malware can exist in many forms
• Viruses spread from computer to computer without
detection
• Worms self-replicate by harnessing power of
networks and using power to attack networks
59
 Summary (cont’d.)

• A Trojan horse is malware that disguises itself

• Bots have ability to perform automated tasks for an
attacker at a remote location
– Difficult to detect
• Security is a continual cycle of assessing a
network, designing security policies, deploying
security architecture, and testing security
performance
• A disaster plan defines steps to reinstate a network
after a disaster occurs
60
 Reference
• Basta, Alfred, and Melissa Zgola. Database
security. Cengage Learning, 2011.

61