Implementing Database Security - Report Example

Computer Security affiliation Security and privacy are an essential concept of building systems. Without assuring these factors, most of the systems lose their values regardless their performance or the value of the data that they have. This project aims to practice data security in two different aspects. First, the project team will build a secure system that is difficult to be attacked. So, Building a web application for a primary care clinic is the first step to achieving that. During this stage, three of the most significant aspects of data security will be covered to secure this system and to assure its privacy. Encrypting the data during its moves is one of these issues besides, the integrity, auditing, SQL injection and access control. The second part of this project is hacking other systems by discovering the weaknesses of these systems and finding ways to leak their data. That will give us insights to learn more about securing databases and the critical issues that we should consider when we design our systems in the future. OVERVIEW Today, with the growth of data and its resources, managing and securing databases become more challenging. Therefore, researchers and companies turned to find new techniques to protect their data and assure their customers’ privacies. On the other hand, hackers always try to invent new ways to leak or destroy data. So, computer scientists should expand their knowledge and predict the attacks that may harm their data before they occur. Meanwhile, there are many practical techniques that make sure data security and aid databases managers protect their data. During last decade, researchers addressed some of the security and privacy issues and as a result of their efforts to deal with these issues, there are many rich resources educate database administrators how to harden their databases to secure their data. Ben-Natan published one of these resources, and his book includes many critical topics that give the reader some insight to secure and audit databases. This project aims to give us an opportunity to discover and practice some tasks emphasized by this book’s author. Furthermore, there are other rich resources, which we could use to do our project’s goals such as lectures slides and some research papers provided by this course’s instructor (Ben-Natan 2005). In order to practice implementing database security and auditing we tried to find a system which, needs to be secure and the users who deal with it need to protect their privacies so our work on this system would be useful and improvable. Therefore, we found that building a primary care clinic system is what we were looking for because there are many needs to develop this system. Furthermore, the existence systems have many issues about securing their data and protecting their patients’ privacies. Due to this many efforts has been made efforts to discover the weaknesses of the current systems to improve them and find solutions to protect patients’ privacies. Indeed, we could use some of these researchers to give us some insight on building our system. Building a complete system requires an extended time to satisfy all needs of a primary clinic. It also requires considering other aspects, which we do not need to focus on since the purpose of this project is practicing database security and auditing skills. Therefore, we build a simple system that has some of the most significant components of clinic systems. Our system has two different entities, which are patients and physicians, and every one of them is authorized to do different tasks. For instance, a patient can view his/her information and he/she can set an appointment with a physician if the physical is available. A doctor can check his selection and, he can view the patient’s profile if and only if the patient has an appointment with this doctor. Therefore, the system should give its users the permissions that they need to practice their tasks successfully. Furthermore, the system should secure their data and assure their privacies (Ben-Natan 2005). While our work to develop our system, we considered many critical aspects that every database should satisfy. Data integrity is considered as one of these aspects, so we added many features to our system to assure that. Furthermore, we were concern about the performance of our database, and we used some techniques to improve that. The majority of our work was on increasing the level of our system security. Therefore, SQL injection, assess control, data cryptography, and other issues were considered while building our system. Meanwhile, we spent some efforts to audit our database so all the queries that issued on tables will be recorded in a log file and this file will not be saved on the system, so the users will not be able to use that. These are the aspects that we focused on to secure our system, and they will be described with more details in Section 4. DESIGN OVERVIEW In order to build our system, we had to design and create web pages to connect the systems users with the database that, is used to save their data. We found that PHP is one of the dominant languages which, used for or developing dynamic web pages. So, we decided to use this language to create our system pages. According to the policy purposes, we built fourteen pages, and every one of them is used for a particular purpose. For example, the login page allows users to get access to their information and update them. It is also used to add a new patient to his or her information to the tables of the clinic patients. Furthermore, there are other pages for the physicians so they can use their information or their patient’s records. Our system’s database was built using MySQL Workbench since it is considered as one of the most popular open source database system. The database consists of five tables, which include the data that we need to deal with in our system. For example, there is a table for the patients and it has their information, which the system needs to give them the service that they need. There is also a table for physician’s information since they have different attributes and their roles in the system are different than the patients’ roles. In order to manage the access of the system’s users, we have created a table has their usernames and passwords. Furthermore, the system has a table for the appointments and a table for the patients’ records. Meanwhile, these tables have relationships to ease extracting and retrieving the needed information. ARCHITECTURE The system that we built is a web application. So, we created a login page to allow users to use the system and practice the tasks that they allowed to do. This page is also used to create a record for the new patients and allow him or her to set up his or her username and password that he or she needs to get access to the system in the future. When a user entered his or her username and password correctly, the system will recognize him or her and guide him or her to the pages contain his or her information. That means if the user is a patient, the system will open the patients page and from there he or she can do what he or she want to do. That is determined according to the username that he or she entered in the login page because the system will compare it with the associated record that has the type of this user. Then, if the user is a patient the patient page will allow him/her to view his or her information by retrieving the information from the patient table. Moreover, he can update some if his or her information using this page too. Furthermore, he can schedule a new appointment with the physician that he need to visit if the doctor is available in the specified time. So, the patients’ page is connected with other pages according to the service the patient needs. On the other hand, if the user is a physician, the system will give him or her with the page that guide him or her to the service that he or she needs. For example, the physician can view his or her information and update some of them if needed. He or she is also allowed to see the appointments scheduled with him for the same day that he accesses the system and from that page he or she can get access to the patients’ records if they have appointments with him or her in that day. Moreover, the physician can add a file that describes the patient’s status to the system so this record will be available to the patient and his physicians in the future (Ben-Natan 2005). IMPLEMENTATION As we built our database using SQL and connected it with the web pages that we created using PHP language, we had to add some features and functions to that so the system can satisfy the purpose that we built it for. We can classify these elements according to the aspects that we considered and the goals that planned to. Security and Privacy: During our work on this project, we concerned about securing the data that the system has and assuring its users’ privacies. Therefore, we addressed some of the security and privacy issues that may affect our system, and we could find techniques to deal with that. SQL injection: In order to protect our system against SQL Injection, we applied some techniques so attackers cannot enter illegal content, which could give to harm our system or leak its private information. To do that, we used a function named by “mysql_real_escape_string” to make sure that the content is safe and can be used as a query to be processed by the database system. Furthermore, when we create a view of users we added three digits to the username, so if the username is a critical word such as “select “ or “update”, the username will not affect the query and produce unwanted results (Ben-Natan 2005). Protecting Passwords: Because of the importance of the passwords and the risk that could happen to our data when these passwords become known. We made rules such that the passwords must satisfy, so predicting them will be harder. For Example, the password must be between 8 to 20 character, and it must contain letters, numbers, and symbols. Furthermore, the user cannot change his/her old password until he/she give the system with this password. Moreover, to avoid the brute force attack, the account will be locked after 3 failed attempts, and that will give to preventing predicting user’s passwords. Access control In order to manage the users’ authority to get access to our system. We specified a view for every of users so he or she will not be able to reach others records. Furthermore, to protect patient’s privacies, we limited the physician’s privileges so they cannot access patients’ records unless they have appointments with them in the accessing day. Moreover, after the time of the visiting is finished, the physician will not be able to use these records until the day of the new appointment. Additionally, we prevent the direct access to the pages by addressing their URL by creating a session for every client so users can not access the other pages until he or she entered his or her username and password correctly. Moreover, we created the view for each database user. The user can only access his record only by using his or her view (Ben-Natan 2005). Encrypting sensitive data. In order to protect our sensitive data, we coded them so even if someone could use our database he/she will not be able to leak them. According to the kind of this data and whether we need to retrieve they or not we determined the mechanism that we should use to encrypt that data. Since the passwords do not need to be extracted as it created we used one of the one-way encryption technique so when we need to compare an entered password with the passwords stored in the database, we just apply the same hashing function and compare the produced result. Moreover, we added salt to the passwords, so every password has a different result even if two of them are matched before encrypting them. Therefore, if someone could predict one of the passwords, he will not be able to predict the other using the same way because everyone has a different salt. On the other hand, we found that patients’ record is paramount, however, applying the one-way hashing function to encrypt them will make them useless because we will not be able to decrypt them when we need to retrieve them. Therefore, we used one of the two-way techniques so when a patient or a physician want to look at them the system will decrypt them using the same key used for the encryption process. Performance: During our work on this project, we considered the performance of our system, so we used some techniques to improve that. We found that we need to check if a username is already in the system or not when a new patient tries to fill his or her information. This process requires comparing this new username with the others unless there is an index, which order them according to their alphabetic. So we created an index on the username column to speed retrieving the wanted usernames. Moreover, our system needs to generate a unique Id for every user, so we used the timestamp for that. So the system will not need to check if the Id is already there or not. That will also prevent predicting a user’s id using a known id number. Data integrity In order to satisfy data integrity, we checked the inputs that a user may need to provide the system with to see if they meet particular rules and then the system will confirm them or not. For example, a phone number must be ten digits while the first and last name should not be empty and must include only letters. So, these rules will make sure the reality of the data entered into the database. LESSONS LEARNED. Response to Attacking Team’s Feedback. Other Lessons. Our work on this projects assisted us to expand our knowledge and gain new experiences to deal with databases and securing them. Furthermore, it forced us to read and learn about the security and privacy aspects so we can apply them to our system correctly. Moreover, we did many mistakes since we began working on this project and until now, so spent some of efforts to fix them and find solutions for the problems caused by them and that definitely contributes to improving our understanding and our experiences to deal with similar problems in the future. For example, during building and designing the web pages we faced a lot of obstacles because some people do not have adequate experience to deal with the PHP language. But we assisted each other to drop that confusion, and we could go over that to make our goals. Moreover, we had to make some changes to our system and according to that we had to rebuild it to fit our new plan. For example, in the earlier phases our system consisted of three entities: reception, patient and physician. So we created pages for every one of them but we found during this period that we can cut the host object and rebuild our system without it to make our system simpler since the other entities can do the tasks that we assigned to the reception. We also made some changes to our plan as we learned more and more during the semester because we discovered more issues that we did not know about when we did the first and second phase. Furthermore, we found that we misunderstood some of these issues at the beginning of our work but now after we discussed some of them during the class times they become clearer and applying them become easier for us. We can say that every day we update our knowledge and that indeed is reflected in our work and our productions (Ben-Natan 2005). CURRENT STATUS AND FUTURE WORK. What has been done: in this phase, we built our system and it is ready to be used and evaluated by other teams to find vulnerabilities? Our techniques to attack other teams. We will look at the programming language version and database version. Then, we will do a research to find vulnerabilities in these versions. We will do SQL injection to be able to reach the database. We will use software such as Burp Spider to crawl all possible URLs. We will check how they pass confidential between database, application and clients (do they encrypted secret when they send them, do they use HTTPS). The brute force attack, we will try to attack them using a brute force attack. We will try to use default configuration (default users such as root), and we will see if they disabled default setting or not. We will try to use access direct to URL without authentications. We will use an invalid comment to break the system. (We will try keywords that are reserved for the DB and individual characters). We will use tools that are used to audit database vulnerabilities such as Nessus. We will check how they store confidential in a database if they use only hash algorithm without adding salt. We will use rainbow table technique to break their hash. FUTURE WORK The next plan is receiving the reports of the other groups, which will aid us to discover the weaknesses of our system. So, we can work to improve our system according to that. As we will have an opportunity to hack other teams systems, we can learn from their work and apply what they did to our system too. References Ben-Natan, R. (2005). Implementing database security and auditing: A guide for DBAs, information security administrators and auditors. Burlington, MA: Elsevier Digital Press. Read More