Database Security: A Comprehensive Approach - Coursework Example

Database Security: A Comprehensive Approach Database research has shifted significantly to the field of database security for the last few decades. This has been largely spurred by technological evolution that has impacted both individuals and businesses. Database represents one of the core elements in an organization’s information system whose contents must be handled sensitively. Database security focuses on data security in a database (DBMS), in a network and also in applications. Issues affecting database security are mainly concerned with data access, change or modification and database availability. These represent data confidentiality, integrity and availability respectively. Due to rapid changes and evolution in information technology, database management has been transformed into a dynamic process that is ever-changing to adapt to security changes in and around itself. The following research paper offers a technical approach to prevalent database security concerns coupled with effective mitigation strategies. It is important to note that database security is an evolutionary paradigm due to constant changes in technology which result in the creation of new threats and vulnerabilities for databases. Therefore, the most effective approach to database security is an in-depth and up-to-date analysis of prevailing database security issues and the existing solutions. Database Security: A Comprehensive Approach Database security refers to the processes and mechanisms implemented in a database in order to control and monitor its operations to ensure data integrity, confidentiality and availability. The rapid growth and development of the global information technology network has resulted in the formation of vast databases characterized by heterogeneity which demand the creation and maintenance of competent security mechanisms to ensure effective functionality. Database management systems have an obligation to create a competent database security system that protects data by controlling user access hence preserving its integrity and quality. As much as technological advancements improve the overall quality of life, here are inherent side effects in terms of knowledge exploitation by malicious users who aim to attack or intrude into the robust and distributed information systems. Organizations must embrace relevant database protection techniques such as authentication, encryption and auditing, in order to remain adrift in the unpredictable database maintenance environment. It is advisable to adopt a comprehensive technical approach to address the core database security concepts; integrity, secrecy ad availability. The following review is a comprehensive analysis of the prevailing data security issues and threats and the most effective mitigation techniques and strategies. The most insightful and realistic approach to database security is an in-depth evaluation of the present threats and vulnerabilities and the recommended containment measures. Database Security Issues Excessive Privilege Abuse Role-based access control security models grant database users rights and privileges to access a database management system (DBMS) based on their roles in an organisation. Database users include human users and applications that manage operations in a DBMS. These rights and privileges can exceed the user’s work requirements and this presents an opportunity to misuse or abuse the additional access for malicious activities. The main reason why users get excessive rights and privileges is that database administrators lack sufficient resources such as time to define and update all the granular access control technicalities for all the users (Sandhu, 2003). Database administrators usually assign generic default access rights for all users or a similar group of users which do not match their specific work requirements. This means that a user who is granted rights to update specific data rows such as, contact information, may usurp excessive rights to change other data values in the same table such as, student grades. Excessive privilege abuse can be handled using automated query-level access control and dynamic profiling techniques. An automated query-level access control is a restrictive mechanism that defines and enforces query level control policies in a DBMS. Query-level control policies control users’ activities by limiting their actions to the least-possible SQL operations such as; SELECT and UPDATE actions. This mechanism is automated and hence eases the task of defining, updating and enforcing users’ rights and privileges for a database administrator. However, query level access control is not totally efficient in controlling excessive privilege abuse and hence should be combined with a dynamic profiling technique to enhance the mechanism. Dynamic profiling involves the use of automated learning algorithms in a DBMS to produce query-level user profiles for all users and applications that access the database. Dynamic profiling generates comprehensive user profiles extending from the general access patterns to the individual user queries and stored procedures and updated role changes. Combining these two mechanisms ensures highly accurate query assessments which triggers an alert is the query is suspicious. Legitimate Privilege Abuse Database security may also be compromised when users abuse legitimate database rights and privileges. Users can use granted rights to access data which may be used for unauthorized purposes (Sandhu, 2003). For example, a user can access all the records in a certain database that restricts viewing to single records only. The user may retrieve the additional data using legitimate login details by using alternative client access applications such as MS-Excel. The user can then sell the records or in other cases the data can be stored in vulnerable endpoints by the user exposing it to theft. Legitimate privilege abuse can also result in inference and aggregation where a low-level user associates accessible data segments or database activities and discovers classified and authorized data meanings or values. Legitimate privilege abuse can be controlled combining appropriate database control mechanisms such as mandatory access control with dynamic profiling (Sandhu, 2003). These multilevel database access controls define and enforce extensive database access policies which extend from specific queries by a user to the inherent database access context. These policies outline and enforce various database access attributes including, time of access, location and client applications. Dynamic profiling in this context extends its user profile features to include; time of access, retrieved data volume, source IP address, application client and other relevant details. Using the two mechanisms, any unusual activity by a user that does not match with the existing profile triggers an alert in the DBMS. In the example above, the system will notice the use of MS-Excel which is a new client application and also the large data volume requested will trigger an alert. Privilege Elevation Database users may take advantage of technical vulnerabilities in a database to elevate their rights and privileges with malicious intent. For example, an IT adept user may exploit DBMS vulnerabilities in stored procedures, protocol implementations, SQL statements and built-in functions to elevate his or her access levels to the level of a database administrator. The user may use the elevated privileges to tamper with the DBMS for malicious purposes such as turning off auditing protocols or to transfer an organization’s money. Privilege elevation can be contained by managing the existing vulnerabilities in a DBMS and also by controlling database access. This involves combining two mechanisms in a DBMS; intrusion prevention systems (IPS) and query-level access control. IPS refers to a database inspection mechanism to identify access patterns similar to acknowledged vulnerabilities. IPS maintains signature dictionaries that contain specifically identified vulnerable functions, procedures and SQL-statements across all protocols (Scime, 2010). This means that an IPS identifies and blocks access to functions or procedures which are known to be vulnerable to attacks or which contain embedded attacks. This mechanism has a limitation because many vulnerable procedures are also used legitimately and hence IPS is mainly used to give alerts and not top block suspicious procedures. In order to achieve significant control in this context, IPS should be combined with query-level access control mechanisms such as dynamic profiling. The integrated system works sequentially that is, IPS followed by dynamic profiling assessments. The IPS system identifies vulnerable procedures and gives an alert, and then the dynamic profiling system evaluates query-access profiles giving an accurate assessment regarding the action which qualifies for blocking. Database Platform Vulnerabilities Platform vulnerabilities occur in the various operating systems that are used in a database. DBMSs are created on proprietary operating systems such as UNIX. These operating systems harbor various vulnerabilities which are exploited by attackers and intruders to access a database illegitimately. Unauthorized accesses can result in various database calamities including information corruption and theft (Gertz & Jajodia, 2008). Platform vulnerabilities can be managed by installing operating system updates or patches regularly as they are released. This problem can also be maintained more satisfactorily by implementing strong and up-to-date IPSs. Updates or patches resolve vulnerabilities in an operating system over time. However, operating system vendors produce updates periodically allowing for a “vulnerability window” which attackers can exploit before subsequent releases. Some database security systems like McAfee support virtual patching which is advantageous because it minimizes the platform vulnerability window (Anley & Koziol, 2007). Implementing effective IPSs helps to identify and track potential attacks on known vulnerabilities. The IPS should be developed and updated to contain unique identified database specific attackers and intruders. There are also advanced IPSs that protect databases from worms and other malicious attackers. Database Communications Protocol Vulnerabilities This is similar to database platform vulnerabilities but it is mainly concerned with attacks and intrusions in the communication protocols of a database. Attackers and intruders exploit vulnerabilities in a database communication protocol to engage in malicious activities such as DOS, data access and corruption (Sandhu, 2003). The main problem with attacks on database communication protocols is that the attack details are not recorded in the audit trail because protocol activities are not included in native database auditing. These vulnerability attacks can be mitigated using protocol validation. Protocol validation is a technological mechanism that parses database traffic then compares it with expected database traffic. If there are discrepancies in the traffic, an alert is issued or the transaction is blocked. SQL Injection SQL injections are used in many system intrusions such as the privilege elevation menace and platform vulnerability attacks. They involve inserting or “injecting” unauthorized and malicious statements into a vulnerable SQL database statement. SQL injections usually target stored functions and Web application input parameters (Scime, 2010). Computer adept users use known SQL statements to manipulate access procedures and to gain unauthorized access into a database when the inserted statements are executed by the DBMS (Scime, 2010). SQL injections present a formidable problem in database security and they demand a comprehensive three-pronged strategy to achieve satisfactory success in combating them. The three-pronged strategy involves combining IPS with query-level processing and correlated attack validation techniques to ensure optimal effectiveness. IPSs are used to identify SQL strings and procedures. For the query-level access control, dynamic profiling compares user or application access patterns with identified threat. Correlated attack validation involves validating a user attack by correlating previous security violations by the same user retrieved from multiple detection layers in a database. By combining the three mechanisms, it is possible to achieve high accuracy in detecting SQL injections. Database intruders can target any of the two types of vulnerable procedures or both; vulnerable stored procedure not required and vulnerable procedure required (Klein & Roggero, 2012). In most cases, vulnerable stored procedures are dormant, that is they are not accessed or used by users and applications. In such cases, IPS is sufficient to identify and block the threat. However, some business functions require the use of vulnerable stored procedures. In such cases, the IPS identifies and alerts regarding the procedure, then the system runs a correlated attack validation to correlate the action with authorized users and applications. The system can block the procedure if the correlation discovers any anomalies in the action. Weak Audit Trail Many organizations maintain a record of all database activities for a given period of time. Database security concerns dictate that organizations should implement an automated recording of all sensitive database activities (Scime, 2010). These records are essential for several reasons: Firstly, there are mandatory government regulations regarding database auditing and maintenance of audit trails (Gertz & Jajodia, 2008). Examples of government audit regulations are the Healthcare Information Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX) in the health and financial services sectors respectively. Secondly, database audit trails are effective deterrents to database intruders and attackers. This is because database audit trails contain forensic evidence that can be used to link database intruders and attackers with their crimes. Thirdly, data trails are the endpoints in database security. They are especially effective in cases where database intruders and attackers elude all other protection mechanisms (Sandhu, 2003). In such cases, audit trails identify attacks after they have occurred, to link attacks to perpetrators and also to aid in system repair and recovery. DBMSs maintain weak audit trails because of several weaknesses which limit or hinder the implementation of an effective database audit tracking. Web-based database interactions deny native audit systems access to specific client identity details (Gertz & Jajodia, 2008). In cases where users access databases using web applications such as Oracle E-Business Suite, users’ activities are linked to the application’s account name. This means that individual users cannot be identified incase of illegitimate database activities. Native database audit systems consume a vast amount of computing resources in terms of CPU and disk resources. This compromises the performance of a DBMS forcing organizations to limit their audit tracking activities or to abandon them totally. High-level users with administrative rights and privileges can exploit their access privileges to turn off auditing activities with malicious intentions (Scime, 2010). These users can either be using the administrative access rights illegitimately such as, privilege elevation, or can be legitimately authorized to access administrative levels in a database. DBMSs should separate auditing rights and privileges from database server platforms and also from database administrators’ access (Lesov, 2008). A large number of the native audit systems do not maintain comprehensive details regarding database transactions (Klein & Roggero, 2012). They do not record important details such as source IP address, database client application, failed queries and database client application. These details are essential to identify or detect attacks, useful as forensic evidence and also vital in system recovery. Database audit systems are different for individual database server platforms or operating systems. For example, MS-SQL audit logs are different from Oracle audit logs. Organizations that have heterogeneous database environments lack the capability to implement uniform, scalable audit mechanisms. Weak audit trails can be prevented by implementing network-based audit systems instead of native audit systems in databases (Gertz & Jajodia, 2008). Network-based systems have many strengths. They can operate optimally without compromising DBMS performance. In contrast to native audit tools, deploying network-based systems to handle auditing, the performance of a database is bound to increase from the reduced load (Gertz & Jajodia, 2008). Their operations are independent from both the database server and database administrator. This helps to separate audit activities from designated administrative activities. Operating independently from the server ensures that network-based audit systems are not threatened by privilege elevation attacks. These systems support a vast number of database platforms enabling uniform and centralized implementation of auditing activities across heterogeneous database environments. Organizations can also implement comprehensively developed auditing tools that can be used to complement the above advantages, solve all the problems presented by native audit tools and improve auditing significantly in a database (Gertz & Jajodia, 2008). These are auditing tools that record essential user identification details even when they access a database through a web application. They user a dedicated interface that generates unique web application usernames by capturing application login data, tracking subsequent web client sessions and then correlating this information with database activities. They also record essential user log details including; complete query text, query response details, source application identification and source host name. These details assist in attack identification and detection, forensics and database recovery. Creating comprehensive auditing tools involves developing an audit architectural model that solves performance problems while achieving granular activity tracking. It also involves distribution of various storage and computing resources across distributed network-based appliances. The various network-based appliances are linked using a management server which offers a central database management platform. An example is the McAfee Database Security that has a centralized management of the database security systems (Anley & Koziol, 2007). Comprehensive audit tools also involve automated data archival or storage periodically for long term storage. Data is compressed, encrypted and signed before being stored in external data storage systems. Finally, they use a simplified, flexible and user-friendly method of presenting audit reports and analyzing audit trails. Denial of Service Denial of service (DOS) is a type of database attack aimed to undermine database availability by hindering access to the data stored in the database or to network applications (Scime, 2010). This attack can be executed using many techniques some of which are discussed above such as; exploiting database platform vulnerability and database server resource overload. DOS attacks are carried out for many reasons including cash extortion and business competition motives where the attack paralyses the operations of a rival company. DOS attacks occur in many different forms and hence preventing this malpractice requires multiple strategies at multiple levels (Sandhu, 2003). In order to prevent DOS attacks, a database must be protected at the database, application and network levels. There are several effective strategies for preventing DOS at the database level: The first is a strategy that aims to prevent DOS attacks aimed at a database server through resource overload. It involves limiting connection rates to a database for each user for specific database transactions such as database queries. These are used to prevent DOS attacks that exploit database platform vulnerabilities such as, buffer overflow. The second is an automated query access control mechanism that detects unauthorized queries which may cause DOS. It is usually integrated with IPS to achieve optimal accuracy in pinpointing potential attacks. The third is a mechanism for detecting delays in database response time, for example, database query response time. It aims to detect DOS attacks that cause server resource overload causing delays in database responses. Weak Authentication These are illegitimate database access techniques that involve assuming the identity of authorized users by unlawfully acquiring their login details (Bertino & Sandhu, 2005). Attackers use various ways to obtain users’ login details including: Using brute force which involves trying different username and password combinations in a bid to get the correct login combination for an authorized database user. It ranges from simple guesswork to systematic trials of all possible login combinations using automated programs. Attackers can also use social engineering which is a fraud scheme that involves conning an authorized user to reveal their login credentials by winning their trust (Lesov, 2008). For example, an attacker can pretend to be a manager and then demand a worker’s login details on the phone. Also attackers can actually steal the login details from an authorized database user by maybe eavesdropping during login or accessing saved password files. Authentication problems can be solved using various strategies. Implementing strong authentication where database users use strong passwords and usernames to deter guessing of login credential. Strong usernames and passwords are based on minimum length, obscurity and character diversity. Organizations can also implement strong authentication technologies such as two-factor authentication which combines various authentication tools such as digital certificates, biometrics and tokens (Bertino & Sandhu, 2005). Finally, an organization can integrate authentication mechanisms into its directory infrastructure. This enables users to use one username/password credential for multiple databases (Klein & Roggero, 2012). Strong authentication policies should also be implemented across different database environments depending on data sensitivity and vulnerability perceptions. For example, the McAfee database security system ensures that there is a password fitted for every data file to prevent unauthorized personnel from using the database or interfering with the data stored (McAfee, 2010). Secondly, users can sue dynamic profiling which involves automated tracking and correlation of user attributes to detect fake login details. The mechanism uses user profile details such as operating system name, host name and IP address to verify authorized users. This mechanism will also track user’s queries and compare them with normal user activities. Assuming that the attacker tries to login at night or past office hours, this mechanism will identify the attack by comparing the login with the normal user’s login details concerning time of login. Finally, they can track failed logins and enforce a failed login threshold in a database based on number of trials and the time frame. Conclusion Aaron (2006) defines database security as data security and a system security whereby both of them ask questions that are related to the security of data. For example, the data security enquires on questions involving the data such as the actions to be audited and the objects and data that the users have complete access to. Consequently, systems security enquires on specific questions that ensure that the individual trying to access the data is allowed; such as their password verifications and the database actions that they are allowed to perform (Aaron, 2006). Databases are run on proprietary operating systems which are not efficient at providing security. This means that database management systems must incorporate database security mechanisms to ensure high level protection for the different types of threats and vulnerabilities (McAfee, 2009). Databases are prone to operating system-oriented attacks as illustrated in the above discussions relating to platform vulnerabilities. However, competent database security systems offer multilevel protection for threats at the database level, application level and the network level. Database security systems are useful in organizations since they control all the stored data, manage all the data and make it secure for retrieval (Klein & Rogerrro, 2012). There are other analytical tools used to enhance database security in advanced database activities such a data mining and e-business. A multidimensional approach to business databases and data mining security concerns is online analytical processing. Jodia (2013) acknowledges and appreciates tools such as derivations and aggregations, which are very vital in the on-line analytical processing (OLAP) services. Although there are many challenges that are associated with this method, there are ways that can be used to reduce the risks involved. Jodia (2013) suggests that organizations should not store all their information in one place. This is because such companies can suffer massive loses incase of accidents since hey would lose all the data they depend on (Klein & Roggero, 2012). Another method of data protection; data sanitization has been proven insufficient in protecting data effectively since it is very prone to attacks. Additionally, the data is prone to indirect inferences and also the systems used for data protection are not effective because they use the detect-and-remove approach. Consequently, the best database security mechanism to use in this case is referred to as the Inference Framework, which denies unauthorized access of sensitive information and detects database attacks (Chen & Chu, 2014). The Inference Framework incorporates three important modules that consist of semantic inference model (SIM), a detection system that assists in maintaining security and information accusations (Chen & Chu, 2014). Despite the apparent advances in database security, new challenges are emerging everyday. The ever-changing information technology coupled with he development of new programming designs and concepts pose multiple threats t database security. These concerns ensure that database security remains a core information issue and business concern. References Aaron, N. (2006). Practical Oracle security (1st ed.). Rockland, Mass.: Syngress Pub. Anley, C., & Koziol, J. (2007). The shellcoders handbook (1st ed.). Indianapolis, IN: Wiley Pub. Bertino, E., & Sandhu, R. (January - March 2005). Database Security—Concepts, Approaches, and Challenges. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING,2(1). Retrieved from http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=1416861 Chen, Y., & Chu, W. (2014). Database Security Protection via Inference Detection1 (1st ed.). Los Angeles, CA: Computer Science Department. Gertz, M., & Jajodia, S. (2008). Handbook of database security (1st ed.). New York: Springer. Jodia, S. (2013). Database Security. Journal of Information Technology Education, 6(13), 154-198. Klein, S., & Roggero, H. (2012). Pro SQL Database for Windows Azure: SQL server in the cloud. New York: Apress. Lesov, P. (2008). Database Security: A Historical Perspective. University of Minnesota. arxiv.org/pdf/1004.4022 (Original work published 4022). Mcafee. (2010). S.l.: General Books. McAfee Database Security. (2009). Real-time protection for business-critical databases, and compliance. New York: Penguin Books. Murray, M. C. (2010). Database Security: What Students Need to Know. Journal of Information Technology Education: Innovations in Practice, 9. Retrieved from http://www.jite.org/documents/Vol9/JITEv9IIPp061-077Murray804.pdf Sandhu, S. (2003). Data and Database Security and Controls. Book of Information Security Management. Fairfax, VA. Scime, A. (2010). Database Security: What Students Need to Know. Journal of Information Technology Education, 23(9), 132-172. Read More