Database Security

DATABASE SECURITY WHY?

Database security is given much importance only in the last couple of years, however, that it is beginning to draw more attention from industry analysts and security and database professionals. The combination of worsening and highly publicized data breaches on the one hand, and stricter regulatory compliance demands on the other hand are pushing database security to the foreground.

Today many database professionals are not familiar with security aspects of database management, while many security professionals are familiar with network and desktop security, but not with database security. This is beginning to change as the importance of securing databases becomes apparent.

UNDERSTANDING THE THREAT

Databases are subject to some unique types of threat that cannot be handled by firewalls, intrusion detection and prevention systems and other perimeter defenses. The threat scene is constantly evolving and becoming more stylish and specialized (e.g. attacking through memory backdoors inside databases).

Who Are The Intruders?

The Intruders could be any; the high-school student hacking into the Pentagon just to prove that he can do it; could be a professional hacker doing so with the aim of making a profit; or could be a sick person doing for fun.

This has changed the nature of intrusion attempts from ones that try to penetrate, then perhaps deface or wreak havoc, to ones that strive to be stealthy and leave no tracks with the aim of stealing data for financial gain.

Insider Threat, Privileged Users

Concurrently with the change in the nature of the external threat, there is increasing attention being given to the “insider threat”. This umbrella term refers to damage caused by individuals within the organization, either maliciously or accidentally.

Is the insider threat serious? It certainly is. Recent breaches such as the one at Fidelity National
Information Services, where a senior DBA sold millions of customer credit card records is proof of that. This does not mean that all insiders are suspects – however it is clear that insiders bent on stealing data have a greater chance of succeeding at it than outside intrusion attempts.

VULNERABILITIES

As database management systems have grown in complexity, they have become more vulnerable to attacks. The nature of these vulnerabilities ranges from relatively gentle to ones that allow unauthorized users to own the database through privilege elevation.

Much has been said and written about how DBMS vendors cope with vulnerabilities and how quickly they should patch them. The reality over the past few years shows that the number of reported vulnerabilities is rising, and while vendors are doubling their efforts to patch them, the number is constantly rising.

Additionally, it usually takes the vendor several months or more to distribute a patch, and it takes an additional several months for customer to install the patches, which usually require testing and database downtime. Many customers do not apply the patches at all, and their databases remain vulnerable to severe attacks.

The existing steps taken by organization towards database security measures are not adequate and could potentially allow intruders to attack. The organizations need to understand severity of these attacks and should take strong measures to prevent them.