What Is Database Security?
Database security includes two layers of meanings: the first layer refers to the system's operational security. The system's operational security is usually threatened as follows. Some network criminals can invade computers through networks, LANs and other channels to prevent the system from starting normally, or overload the computer to run. A large number of algorithms, and cpu fans are turned off, causing cpu overheating and other destructive activities; the second layer refers to system information security. System security is usually threatened as follows. Hackers invade the database and steal the desired information. The security features of database systems are mainly for data, including data independence, data security, data integrity, concurrency control, and fault recovery.
- According to Verizon's 2012 data breach investigation and analysis report and technical analysis of the information security incidents, it is concluded that there are two trends in information leaks:
- (1) A hacker steals data in the database through a B / S application, using a Web server as a springboard; traditional solutions have no control over application access and database access protocols. For example, SQL injection is a typical database hacking method.
- (2) Data leaks often occur internally, and a large number of operation and maintenance personnel have direct contact with sensitive data, and traditional external security-based network security solutions have lost their use.
- The database has become the protagonist in these leaks. This is related to the fact that we have ignored the security issue of the database in the traditional security construction. In the traditional information security protection system, the database is at the core of the protection and is not easy to be attacked by external hackers. At the same time, the database itself Already have strong security measures and seemingly adequate security, but this traditional security defense approach has fatal flaws [1]
- The Xsecure product series achieves all-round protection of the database. It needs to cover the database before, during, and after the security; it covers the database application security, maintenance security, use security and storage security; it is the most comprehensive database anti-leakage product.
- The security features of database systems are mainly for data, including data independence, data security, data integrity, concurrency control, and fault recovery. Let s introduce them separately
- Database security configuration Before performing security configuration, you must first configure the operating system securely to ensure that the operating system
- Security control means to prevent all possible illegal access to the database as much as possible. Each database management system provides some security control methods for database administrators to choose from. The following are some of the commonly used methods.
- User identification and authentication
- Authorization
- View definition and query modification
- data encryption
- Security audit [2]
- The phenomenon of library dragging occurs frequently, and the technology of hackers stealing databases is constantly improving. Although the database's protection capabilities are also improving, compared to hackers' methods, pure database protection is still more than enough. Database auditing is no longer an emerging technology, but it has frequently given us new inspiration in database security incidents. There are roughly several types of threats to the database:
- Insider error
One potential risk to database security is "unintentional authorized user attacks" and insider errors. The most common manifestations of this type of security event include: accidental deletion or leakage due to inadvertent, and unintentional circumvention of security policies. The first risk occurs when authorized users inadvertently access sensitive data and mistakenly modify or delete information. A second risk occurs when a user makes an unauthorized backup for backup or "bringing work home." Although this is not a malicious behavior, it is clear that it violates the company's security policy and will cause data to be stored on the storage device. When the device is maliciously attacked, it will cause an unintended security event. For example, laptops can pose this risk.- Social engineering
Due to the advanced phishing technology used by the attackers, a large number of serious attacks occur when legitimate users unknowingly provide security secrets to the attackers. The success of these new attacks means that this trend will continue in 2012. In this case, users provide information to a seemingly legitimate request via a compromised website or via an email response. Employees should be notified of such illegal requests and educated not to respond. In addition, companies can mitigate the impact of successful phishing attacks by detecting suspicious activity in a timely manner. Database activity monitoring and auditing can minimize the impact of this attack.- Insider attack
Many database attacks originate from within the enterprise. The current economic environment and related layoffs are likely to cause dissatisfaction among employees, leading to increased attacks from insiders. These insiders are driven by greed or desire for revenge, and are not affected by firewalls and intrusion prevention systems, etc., which easily bring risks to the enterprise.- Misconfiguration
Hackers can use database misconfigurations to control "mechanical" access points to bypass authentication methods and access sensitive information. This kind of configuration defect becomes the main means for attackers to launch certain attacks with the elevation of privileges. If the default configuration of the database is not reset properly, non-privileged users may access unencrypted files, and unpatched vulnerabilities may cause unauthorized users to access sensitive data.- Unpatched vulnerabilities
Today's attacks have evolved from open exploits to more elaborate methods and dare to challenge traditional intrusion detection mechanisms. The exploit script can be posted online within hours of the database patch being released. The exploit code available immediately, coupled with dozens of days of patch cycles (in most enterprises), virtually opened the door to the database.- Advanced Persistent Threat
The reason why it is called a high-level persistent threat is that it is carried out by an organized professional company or government agency. They have mastered a large number of technologies and techniques that threaten the security of the database, and they are "determining that Qingshan will not relax" and "establish root causes." In the "money (with financial support)", "there is still a lot of strength to fight, and the wind will be from north to west, north and south". This is a serious risk: companies that are keen on stealing data, or even foreign governments, specifically steal large amounts of key data stored in databases, and are no longer satisfied with obtaining simple data. In particular, some personal privacy and financial information, once stolen, these data records can be sold or used on the information black market and manipulated by other government agencies. Given that database attacks involve thousands or even millions of records, they are growing and widespread. By locking down database vulnerabilities and closely monitoring access to critical data stores, database experts can detect and stop these attacks in a timely manner.- Specify a system UNIX system administrator. This person is responsible for managing the UNIX environment, including users, applications, file systems, and devices. User management focuses on establishing user accounts with appropriate security and regularly removing accounts that are no longer used. UNIX system administrators must generally be responsible for maintaining the security of the root password. UNIX system administrators must be responsible for enforcing corporate security policies and standards on 5300 systems [3] .