Database Threats and Security Measures to Protect Against them
The following are a few well-known threats to database and Database Management Systems (DBMS), and mitigating strategies used to help protect against them.
Excessive privileges. When users or applications granted database access privileges that exceed what is needed to complete tasks opens the opportunity to abuse privileges for malicious purposes. Query-level access controls are mechanisms that restrict database privileges to minimum-required for operations and data access. Query-level access control is useful not only for detecting excessive privilege abuse by attackers, but also helpful in preventing other threats like injection. Database access should be based on the principle of least privilege. Permissions should be group based. Privileges are assigned to a group based on the minimum amount of access needed to accomplish tasks. Users are then assigned to applicable groups. This method greatly simplifies the administration process.
Legitimate privilege abuse. Authorized users may also abuse legitimate privileges for unauthorized purposes. Example, there are many ways to access a database. An authorized user might have access to see certain business and accounting records in databases but not others. The front end application has checks and restriction mechanisms in place to enforce desired access controls to who has access to what. In this scenario, the restricted user may try and access the database using an alternative program that can interface with databases. Microsoft Excel is an example program that has built-in mechanisms for interacting with databases. In this case, the user attempts to open the database with Excel and gets a login screen allowing them to log on using their credentials. The issue now is that access control at the granular level by the front end application are no longer being applied. The user essentially bypassed access controls and has access to information they are supposed to be restricted from. To prevent privilege abuse, access controls should apply not only to specific queries but also to the context surrounding database access. Enforcing policy for client applications makes it possible to identify users who are using legitimate database access privileges in unauthorized ways.
Platform vulnerabilities. Vulnerabilities in underlying operating systems and other installed services on a database server may lead to unauthorized access, data corruption, or denial of service. Protection of database systems from platform attacks requires regular software updates from vendors, and Intrusion Prevention Systems (IPS). IPS inspects database traffic and identifies attacks targeting known vulnerabilities.
SQL injection is where an attacker inserts or “injects” unauthorized database statements into a vulnerable SQL data channel. Typically targeted data channels include stored procedures and Web application input parameters. These injected statements are then passed to the database and executed. Using SQL injection attackers may gain unrestricted access to an entire database. Three technique used to guard against SQL injection are; IPS, query-level access control, and event correlation. IPS can identify vulnerable stored procedures or SQL injection strings. Correlating SQL injection signatures with other violations such as a query-level access control violations can accurately identify injection attacks (Shulman, 2006).
Additional measures to protect against SQL injection attacks include (Weiss, 2012):
- Comprehensive data sanitization. Websites must filter all user input. User data input should be filtered for context. For example, email addresses should be filtered to allow only the characters allowed in an e-mail address, phone numbers should be filtered to allow only the characters allowed in a phone number.
- Use application firewalls to filter potentially dangerous web requests.
- Limit database user privileges and eliminate unnecessary database capabilities, especially those that escalate database privileges and those that spawn command shells
- Avoid constructing SQL queries with user input. Using SQL variable binding with prepared statements or stored procedures is much safer than constructing full queries.
- Regularly apply software patches.
- Suppress error messages since they can be used by attackers to get information about a database.
- Continuously monitor SQL statements from database-connected applications. This helps identify malicious SQL statements and vulnerabilities.
The above are some of the most common threats to database systems. Other threats include; weak audit trails, Denial of Service (DoS) attacks, database communication protocol attacks, weak authentication and passwords, and backup data exposure.
Shulman, A. (2006). Top Ten Database Security Threats. Retrieved July 16, 2015, from http://www.schell.com/Top_Ten_Database_Threats.pdf
Weiss, A. (2012, August 16). How to Prevent SQL Injection Attacks. Retrieved November 20, 2016, from http://www.esecurityplanet.com/hackers/how-to-prevent-sql-injection-attacks.html