220 likes | 362 Views
SEC835. Practical aspects of security implementation Part 1. Apply security services. Databases security Email security. STRIDE. Spoofing Any person or technology (Actor) component can be spoofed Tampering Data, or source code, or configuration parameters can be tampered Repudiation
E N D
SEC835 Practical aspects of security implementation Part 1
Apply security services • Databases security • Email security
STRIDE • Spoofing • Any person or technology (Actor) component can be spoofed • Tampering • Data, or source code, or configuration parameters can be tampered • Repudiation • A user’s actions can be repudiated • Information disclosure • Data, or any other information including system architectural design, are vulnerable to information disclosure • Denial of Service • Any technology resource is vulnerable to DoS • Elevation of Privileges • Any user or technology related level of privileges is vulnerable to elevation of privileges
Databases • Spoofing: • DBA • ODBC driver • Tampering • Data • Configuration parameters • Information disclosure • Data • DB structure • ODBC credentials • Denial of service • RDB as the technology resource • Elevation of privileges • DBA • RPC
DB security • Strong access control • Database • Tables • Columns • In most cases RBAC has been implemented • SQL language allow runtime granting of access privileges to users or roles
DB security • The GRANT command: • GRANT {privileges/role} • [ON table] • TO {user/role/public} • [IDENTIFIED BY password] • [WITH GRANT OPTION] • The command allows granting of privileges and/or roles to another user or to another role thus providing a lot of flexibility in runtime privileges management
DB security • What to GRANT? • Select – grantee is allowed to read entire DB, table, or columns • Insert – grantee may insert rows in a table, or insert rows with values for specific columns in a table • Update – similar to insert • Delete – delete rows from a table • References – grantee is allowed to define foreign keys in another table that refer to the specified columns
DB security • REVOKE {privileges/ role} • [ON table] • FROM {user/role/public}
DB security • Cascading authorization • Allow a user granting access to another user, and so on • Revoke assumes cascading revoking of access • Be aware about security issues: • May be exploited to elevate privileges • Complicated grant schema may confuse revoking, leaving a user with the access granted
DB security • Tampering and Information Disclosure • Discrete storing • Store sensitive data only when it is really necessary • Encryption • Symmetric encryption for confidentiality • Hash for integrity • Strong encryption • Secure key management
DB encryption • Encryption may apply to • The whole table • The attribute (column) • The field (just a single cell) • Encryption makes a negative impact on the DB searching when encrypted values must be used as searching criteria • To help, the table partitioning may apply, where each partition has the unique index used to identify the range of records
DB encryption • Table partitioning example • Employee salary is a searching criteria but must be encrypted • The table partitioning is supported by the index that is mapped to the range of rows, e.g.: • 1 – values from 35K to 75K • 2 – values from 76 K to 95 K • 3 – values from 96 and up • The table rows contain encrypted values and indices that replace real values
DB encryption (cont.) • To decrypt the table that was encrypted and partitioned the map of indices and the ranges is required in addition to encryption keys • This map must be stored on the client, not on the server • Decryption and converting data into its original value also has been performed on the client • Make sure that encryption key on client side is safe
DBMS technology components • Must be protected from DoS attack • Strong access control for all type of interfaces: • Users • Admins • API • Bulk data loading • Strong data input validation • Protect against SQL injection attacks
DB backups DB must be regularly backups Media – tapes, or mirror servers, or both Backups must be stored at different (remote) location
DB backups • Mode of backups: • Full backup • Incremental – backup files changed after last backup • Differential – backup any file that are changed since the last full backup
Records retention • Policy exists to specify the period of keepng data available • Secure destruction • Shredding • Magnetic destruction
DB Security • Inference problem • A possibility to derive additional information from small pieces or fraction of data • Fractions or pieces can be not confidential but derived data is • Often may be completed by combining queries • Protection: • Splitting tables and assigning fine-grained access control • Separation of duties • Perturbation of data
DB security • Privacy issue • For some databases, in particular for healthcare and financial data, personal identifiers must not be present in the records • Achieved by applying data sanitization service • That is about applying the algorithms of “masking” data in store, or in a user’s view • That is in addition to cryptography
Secure Email • Major threats • Unauthorized access (confidentiality, integrity) • Viruses sent with attachments • Spam • Spoofing email addresses
Protection • Encryption • PGP – encryption technology used to protect confidentiality, integrity and authenticate a sender. This is a hybrid technology. The following is in use: • Public/private key (RSA) • Secret key for symmetric encryption (AES, 3DES) • Digital signature (MD5, SHA-1)
Protection • ANTI-virus protection • Install and keep up-to-date • Spam • Anti-spam software