Académique Documents
Professionnel Documents
Culture Documents
Database Security
Strictly Private
and Confidential
June 2015
Database Security A threat from within June 2015
PwC
Table of Contents
4 Data Anonymization 21
5 Authentication 24
May:
March: eBay
(145M)
Credentials Korean
Telecom
Email addresses February:
(12M)
Kickstarter
Credit cards information (5.6M)
Social security numbers January:
But whos to
Malware 3 blame? 4 Weak audit trail
Compromised Hosts Unable to detect
Network Admins
System Admins
Database Security A threat from within June 2015
PwC Testers 5
Section 1 Introduction: Threats to DB Security
7 8i 9i
Security
RADIUS) Fine Grained
Global roles
Native Network Auditing
Encryption Virtual Private
Database
Database Native
Auditing
Activity Separation of
Secure Backup Monitoring & Duty
2015
Database Security A threat from within June 2015
PwC 6
Section 1 Introduction: Threats to DB Security
RBAC (Roles) RBAC (Roles) No Roles RBAC (Roles) RBAC (Roles) RBAC (Roles)
Oracle Architecture
Memory (SGA)
Instance (SID)
Background Processes
Database
Datafiles, Online Redo logs,
Controlfiles, Backup files,
Parameter Files
Database Security A threat from within June 2015
PwC 9
Section 2 Architecture & Vocabulary
Logical vs Physical
Database
Segment
Extent
Logical Structures
Procedures
Synonyms Profiles Sequences & Functions
Triggers Packages
Dictionary
Tables Information about the database itself (Metadata)
Tables SYS
Indexes
Constraints
Catalog
Views on the dictionary
GRANT or REVOKE
Database Security A threat from within June 2015
PwC 13
Section 3
Access Control & Application Security
Classify
Data/Users
STRATEGY
TO SECURE
DATA
Map Anticipate
Controls Threats
Internal
DB2 DB3 Developers
DB1
Confidential
Managers
Databases
Top Secret
Secu. Admins
CONFIDENTIALITY INTEGRITY
Classification against their contents Impact when modifying data
Secret/Confidential/Internal/Public High/Medium/Low
AVAILABILITY
What Availability is required?
90%? 99.5%?
Database Security A threat from within June 2015
PwC 17
Section 3 Access Control & Application Security
App. Owner
App. Table
App. Table
~~~~
App. Table
~~~~
~~~~ App. Table
~~~~
~~~~
~~~~
Thomas ~~~~~~~~
~~~~
~~~~
~~~~
ANY ~~~~
With
Admin/Grant
!
Option
!
Ana Mike
Insert Select
Delete
Update Insert
Business User Select Select Select
DB
Password Lifetime
Password Complexity
Failed Login Attempts
CPU per Session
Lambda
Connect Time
Data Anonymization
Production Testing
NAME SSN SALARY NOTES Anonymize
Copy NAME SSN SALARY NOTES
Will be Will be
Schmitt 325-65-1469 60,000 GBerilQ
Schmitt 170-96-1765
325-65-1469 60,000 redacted
promoted promoted
Authentication
# root
Strong Authentication OS LEVEL
Accountability
Least Privileges
Non Repudiation
OS USER
# oracle STRONG AUTHENTICATION
Monitoring & Blocking
Users DB LEVEL
High Priv. Accounts sys (dba)
Database
LDAP USER
DB USER
Data Leakage
Oracle Encryption
KEY VAULT
Database
Wallet
OR TDE
Secure
Backup
Data
HSM
DBA Pump
()
Database Security A threat from within June 2015
PwC 26
Section 6
Governance, Risk and Compliance
Internal Network
Physical
Configuration Misconfigured
changes privileges
5
TCP port scanning
3 ~~~
Columns
~~~
scanning
1 SID: ORCL
6
7
SID scanning
Systems commands &
File upload, download Remote shell access
& deletion
Source: https://github.com/quentinhardy/odat
OS file
Audit
events
Fine Grained Audit
Very flexible
Complex
~~~
System log
~~~
~~~
~~~
Interoperability issues
Performance issues
Audit Trail can be accessed and altered!
Audit Vault centralizes audit logs from the databases, the OS, Active Directory
It allows easy reporting and custom alerts
Cooperate with Database Firewall, which filters request made to the database
Switch
Span monitoring
? S-TAP
Is it safe? F-TAP
Local traffic Change of (ip, port)
Collector
Change of (ip, port)
! Policies
Aggregator
Database Vault
Oracle Multitenant:
Consolidate several databases into a single
container:
Share resources & ease maintenance
Preserve segregation of data
Databases are pluggable
Database Vault:
Realm-based authorization
Preserve segregation of duties
Privileged accounts cannot access sensitive
data or data from other databases
Restriction according to Business Hours
Security Layer on the top of the DBAs