Industry View

Database Crime Scene Prevention

Imperva's Amichai Shulman looks at database attack and defense.

By Amichai Shulman, CTO, Imperva

Page 6

  • Apply internal network access controls to the database server. Make sure that workstations cannot access non-database services on the database server machine.
  • Do not allow anonymous access control to your database server.
  • Remove or block default accounts.
  • Change the default password for those default accounts that cannot be removed or blocked.
  • Apply proper password policy to database accounts. Enforce "strong" password policies.
  • Put in place mechanisms that will detect in real time exhaustive searches of credentials. These attacks are easily identified by a large number of failed authentication attempts in a relatively short time frame. Put in place mechanisms to block network access of machines trying to perform exhaustive credentials search.

3. Halt Privilege Abuse
Take steps to control access and usage to ensure that legitimate commands are not used in unauthorized circumstances, etc.

  • Apply context based access controls. These mechanisms allow you to define access privileges based on the following criteria:
    - Network address of the workstation
    - Client software
    - Time of day
    - OS user
  • Apply query level access controls. These mechanisms allow you to define the criteria allowed in database queries and structure of queries, thus avoiding bypass of some client-side application logic.

    • 4. Prevent Privilege Elevation
    Take steps to prevent the perpetrator from becoming a DB Admin or Root ⬠with all the attendant privileges associated with these privileged accounts.

    • Deploy a database IDS/IPS solution with the following capabilities:
      - Reactive protection: detect and block known vulnerabilities based on a frequently updated set of signatures
      - Proactive protection: detect and block abnormal protocol messages possibly representing database network communication protocol attacks.

    • Apply query level access controls.

    5. Don't Let Them Cover Their Tracks
    Finally, if all of your other mechanisms fail to prevent the crime, you and the authorities will want an audit trail that fingers the perpetrator. Deploy an independent database audit mechanism. This approach ensures that logging does not affect database performance and that an attacker cannot tamper with the auditing mechanism once connected to the database server. ##

    Amichai Shulman is co-founder and CTO of application data security vendor Imperva. He also heads up the Application Defense Center (ADC), Imperva's research organization focused on application and data security.

database security

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Security Directions: A Virtual Conference

Security Directions Available On Demand Sept. 30 - Dec. 30

Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.

» Register Now

WEBCAST
Protecting PII: How to Work with IT to Manage Risk

Compuware Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.

» View this Webcast

Featured Sponsors