Implementing comprehensive database security solutions can be an onerous task. Security requirements are always changing and new compliance requirements are constantly emerging. Despite this dynamic environment, there are simple steps that can be undertaken to dramatically and quickly reduce risk. Database security solutions are only as secure as the weakest link. Forward-thinking organizations should begin by addressing the vulnerabilities that are the most obvious and easiest to exploit.
A pragmatic approach initially addresses the following aspects of database security:
* Identification and elimination of password vulnerabilities
* Systematic installation of patches (service packs and hot fixes)
* OS file permissions and settings
* Database privileges and access controls
* Auditing and monitoring database access
Identification and Elimination of Password Vulnerabilities
One of the most prevalent security vulnerabilities is the presence of weak, default, or easily-guessed passwords. A poorly chosen password, or vendor default password that has not been changed, is one of the greatest security risks to a database. This risk is common, but fortunately, it can be quickly identified, and can be immediately corrected. Eliminating this commonly exploited risk can dramatically improve the security of your databases.
Default passwords are security passwords that ship with a database systems. The Oracle DBMS includes over 200 default passwords. These default settings are widely known, and if left unchanged, are easy to exploit. Manually checking default passwords can be a cumbersome task. Fortunately, third-party vulnerability assessment tools are available to automatically identify default passwords and recommend changes.
In addition to default passwords, weak or easily-guessed passwords represent another high-risk vulnerability. Hackers often take advantage of password dictionaries that can be found online. Password strength is essential to protect against security breaches. To ensure that passwords are sufficiently complex, security-conscious organizations should:
* Require the password to be distinct from the username
* Require that password contain a mix of letters, characters and numbers
* Require that passwords are of sufficient length
* Require that passwords are changed on a regular basis
* Require that passwords are not easily guessed
Scripts and third-party tools are readily available to assist in the identification of potentially risky passwords and recommend changes. After weak and default passwords have been changed, it remains important to monitor for attempts to crack the system. Repeated, failed log-in attempts are often a precursor to an attack. Monitoring and alerting on such activity can aid in efforts to identify and stop an attack before data is compromised.
Systematic Installation of Patches
Keeping protection current is essential to good security. Proactive organizations must be aware of new patches, service packs and hot-fixes that contain bug fixes and security updates. Timely implementation of patches, bug fixes and vulnerability protection, especially on an organization’s most critical databases is essential to maintaining secure database systems.
A service pack is a collection of updates, fixes and/or enhancements to a software program that is delivered as a single installable package. Many software companies issue a service pack when the quantity of individual patches reaches a predefined (often arbitrary) number. In addition to bug fixes, service packs may include added functionality or features.
A hot-fix is a package that includes one or more files that are used to address problems in a software product (i.e., a software bug). Typically, hot-fixes are designed to address specific issues, most commonly, freshly discovered security holes.
Service packs and hot-fixes can significantly reduce risk. Best practices dictate that these patches should be tested prior to deployment and deployed at the first available opportunity.
A second, more complicated step is to apply patches for known database vulnerabilities. Vulnerabilities can allow unauthorized data access or corruption of data. Organizations must be aware of current patches as well as older patches that address important vulnerabilities. Even an old vulnerability has the potential to cripple a system.
Extensive database patching can consume significant time and resources. For that reason, best practices dictate patches be prioritized. It is recommended that activity monitoring be implemented to manage the gap of time between patch release and deployment to ensure that if someone is trying to exploit a known vulnerability on a non-critical system, the administrator is notified and can take action to address the potential breach.
OS File Permissions and Settings
Vulnerabilities in underlying operating systems have the potential to lead to unauthorized data access and corruption. If an organization has locked down its database user passwords and access controls, but inadvertently grants read/write privileges on the database files in the OS, they have effectively undermined their previous work because a hacker can access the data in the data files directly. To ensure security is in place, OS file permissions and settings must be consistent with the organization’s overall database security policies.
Database Privileges and Access Controls
Security best practices dictate that organizations grant the minimum privileges necessary for individuals to perform their required job functions. When users (or applications) are granted database privileges that exceed these requirements, privileges may be used to gain access to confidential information. Even if employees, administrators, contractors, business partners, and consultants are beyond reproach, excess privileges can leave access points open to potential attack. By using these access points to locate and take advantage of database vulnerabilities, attackers can convert low-level access privileges to high-level access privileges resulting in greater and unauthorized access to data.
By leveraging the query-level access controls available in native database security programs (via triggers, RLS, etc.), user access can be restricted. Unfortunately, the manual effort required to implement these controls can be daunting. However, tools are available to can make this a streamlined deployment via customized policies. In addition to limiting access, policies can protect against and help identify users who abuse legitimate access for unauthorized purposes.
Auditing and Monitoring Database Access
Weak audit policies and technology represent risks in terms of compliance, detection, forensics and recovery. If you do not audit the database, it is impossible to investigate changes or unauthorized activity, making it essential to enable some form of auditing. Database management systems provide some level of native database auditing capabilities. However, due to performance degradation, native auditing is often disabled. In addition, DBMS are vulnerable to privilege-related attacks from developers or database administrators (DBAs), who have the authority to disable native auditing. While the information they provide is helpful, most DBMS audit solutions lack the granularity necessary to truly understand what happened. For example, these logs often omit data such as what application was used to access the database, IP address and failed queries, which are often a precursor to an attack
Organizations should consider adding a third-party solution to augment native auditing capabilities. These solutions can provide more granular auditing capabilities with near-zero performance impact.
Best practices dictate that comprehensive database security requires a combination of database discovery, vulnerability assessment, activity monitoring, intrusion detection, auditing, and compliance, but for organizations that seek a rapid and quantifiable improvement in their security posture, these first steps can deliver tangible results and reduce risk in a timely manner.