CSO - A good detective understands the criminal mind, techniques, and tools of the trade. To protect your database and prevent it from becoming a crime scene, it is crucial to understand the common methods of attack, data theft, and cover up techniques. The suspect line-up can come from outside hackers and from within the ranks of trusted employees, contractors, and partners. Some threats are easily prevented or contained; while others more elusive. Fortunately, many of the security mechanisms and tools required to protect databases are readily available.
This article examines known attacks, methods, and tools used by criminals, as well as emerging exploit categories used to break into a database, establish control, compromise the system, steal the data, and cover up the tracks. We will also cover best practices for protecting databases against these attacks methods.
The database server as a target
Given the wealth of information stored in databases and its value on the open market, it is no surprise that databases are a primary target of criminals. The personal, identity, trade, and military data contained in many repositories can fetch top dollar. Meanwhile, employment instability, mergers, acquisitions, etc., can also contribute to insider data theft. In addition, data can leak out accidentally and though these acts are not criminal, they can result in severe data breaches.
It can be said that the database server provides an attacker with the perfect criminal opportunity, combining motive (the resale value of the information), means (easily available tools), and opportunity (direct access to the server through thick client-applications, lax internal network controls and ill written applications).
The Five-Step Program
Before attempting to implement effective database security, it is crucial to understand the processes that lead to a breach. These processes can be broken down into five basic steps:
1. Tools of the Trade
2. Initial Access
3. Privilege Abuse
4. Privilege Elevation
5. Covering the Tracks
1. Tools of the Trade
A perpetrator's first step toward attacking a database server is to obtain the right tools. These are surprisingly easy to obtain, even for internal users. Security officers often underestimate internal threats by making the following assumptions:
* Internal users are not "hackers" with hacking tools and they are not equipped to produce "hacking tools" themselves.
* Security policies on internal workstations will deny software installation by end-users.
While both assumptions are probably valid, they have nothing to do with the ability of end-users to get their hands on tools for database attacks. As is turns out, most types of attacks (SQL related) can be executed through standard database client software such as the one provided by default from the database vendor (e.g. Query Analyzer, SQL Plus, etc.). This software is usually part of the basic installation for any workstation in the enterprise.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!