Given the vital importance of the information held
within corporate and government databases it is surprising that the
security of these databases is often of unknown provenance, at
least as far as those charged with information security duties are
concerned.
I am not setting out to offend an entire section of the IT
industry by picking on database administrators. However, I believe
database administrators and security managers need a better mutual
understanding so that the security of these vital resources can be
improved without overly database performance.
One of the common refrains I hear from database administrators
is that they are unable to implement security mechanisms as the
associated performance hit is too high. It is not my intention to
explore the various intrinsic database security mechanisms or to
discuss their strengths and weaknesses. My purpose here is to
suggest methods of securing information while shifting the burden
of securing databases from the administrators and not excessively
impacting performance.
Over the past couple of years, the mysteries of database
security have been brought towards the mainstream of information
security. This move towards the mainstream is in part due to the
increased focus of talented security researchers on the security of
databases.
Their work has highlighted a number of vulnerabilities within
the well-known database products ranging from design flaws through
to traditional buffer overflows within the database applications
themselves. Unfortunately, their work has also identified that
database suppliers are not, in general, as diligent in patching as
the major operating systems suppliers.
Technology, although it is not the whole answer, can help to
secure databases. For example, companies such as Guardium and
Secerno offer database firewalls that control the traffic flowing
to and from databases based on a comprehensive understanding of the
underlying database communications.
These tools understand the SQL statements being passed to the
bac-end database and can reject those that are considered
dangerous. If the thought of a relatively immature technology
making access decisions that could prevent your mission-critical
systems accessing the information they rely upon is a little
disturbing, then you could use these tools in a monitoring mode
until confidence levels increase.
Alternatively, a database audit trail that is completely outside
the control of the database administrators may itself be the goal
it certainly provides a greater degree of separation of duties than
relying on the intrinsic database audit functionality.
In addition, a number of tools for performing automated security
audits of databases are available. They cater for the common
flavours of database and provide comprehensive reports of security
vulnerabilities together with suggested remediation activities.
Taken in conjunction with a baseline of good practices,
including database and host hardening, appropriate vetting of
database administrators, effective user management, and patching,
the tools discussed here can help to reduce the risks of one of
your most precious assets - your information - being compromised
through poor or untested database security measures.
Lee Newcombe is a principal consultant at Capgemini