Database Security Notes

Threats

malware: malicious software designed to disrupt, damage, or gain unauthorized access to computer systems.

phishing: a technique used by cybercriminals to deceive individuals into providing sensitive information, such as usernames, passwords, or credit card numbers, often by impersonating legitimate entities.

Distributed Denial of Service (DDoS) attacks overwhelm systems with traffic, rendering them unusable and potentially exposing vulnerabilities that can be exploited by malicious users.

Importance of Database Security

• Confidentiality, Integrity, Availability (CIA): Ensures that sensitive information is accessible only to authorized individuals (confidentiality), remains accurate and trustworthy (integrity), and is available when needed (availability).

• Protecting Sensitive Information: Safeguard different types of sensitive data such as personal details, financial records, and corporate secrets.

• Avoiding Financial Loss: Breaches can lead to significant financial repercussions; companies may face fines, loss of revenue, and costs related to remediation.

• Reputation Management: Companies with data breaches suffer reputational damage, affecting customer trust and market position.

• Regulatory Compliance: Adhering to regulations such as ISO 27001, GDPR, and HIPAA is crucial to avoid legal consequences.

Common Database Threats

• SQL Injection:

  • An attack where malicious SQL statements are executed to control a database server.

  • Example: Use of 'OR 1=1' -- to bypass authentication.

• Privilege Escalation:

  • Gaining unauthorized higher access rights by exploiting misconfigured permissions or flaws.

• Unauthorized Access:

  • Occurs due to weak passwords, absence of multi-factor authentication (MFA), or inadequate access controls.

• Data Corruption:

  • Modification of data either maliciously or inadvertently, causing integrity issues.

• Insider Threats:

  • Actions by employees or contractors that lead to data breaches or unauthorized access.

• Denial of Service (DoS):

  • Overloading the database with excessive requests, leading to service disruptions.

Security Models and Frameworks

• Discretionary Access Control (DAC): Users have the authority to manage data access rights, akin to file permissions in Windows.

• Mandatory Access Control (MAC): A central authority, such as a government or military, enforces access policies based on classification levels.

• Role-Based Access Control (RBAC): Access permissions are granted based on the user's role within the organization (e.g., Admin, User, Guest).

Best Practices for Securing Databases

• Encryption Techniques:

  • Symmetric Encryption (AES) and Asymmetric Encryption (RSA) to protect data confidentiality.

• Access Control Measures:

  • Implement the principle of least privilege, strong password policies, and multi-factor authentication (MFA).

• Database Auditing:

  • Continuous monitoring and recording of database activity is important for forensic investigations if a breach occurs.

• Backup and Recovery:

  • Regular backups (e.g., Full, Incremental, Differential) help recover lost data after an incident.

• Firewalls and Network Security:

  • Use database firewalls to shield from SQL injections and unauthorized access.

Incident Response Steps

1. Detection: Identify breaches or suspicious activities through monitoring and alerts.

2. Containment: Limit the impact of the breach by isolating affected systems.

3. Eradication: Remove the cause of the incident from the network.

4. Recovery: Restore the system and data from backups to operational status.

5. Post-Incident Analysis: Review and analyze the incident to derive lessons and improve future security measures.

Real-World Database Breaches

• Equifax (2017): 147M records exposed due to unpatched vulnerabilities.

• Yahoo (2014): 3B accounts compromised through poor security practices.

• Facebook (2019): 540M records exposed due to misconfigured databases.

Future Trends in Database Security

• AI for Threat Detection: Utilizing artificial intelligence to identify and respond to threats in real-time.

• Blockchain for Data Integrity: Employing blockchain technology to ensure data integrity and prevent unauthorized changes.

• Homomorphic Encryption: Allows computations on encrypted data without needing to decrypt it, enhancing security while maintaining usability.