Bài giảng Security models

pptx 141 trang phuongnguyen 2850
Download
Bạn đang xem 20 trang mẫu của tài liệu "Bài giảng Security models", để tải tài liệu gốc về máy bạn click vào nút DOWNLOAD ở trên

Tài liệu đính kèm:

  • pptxbai_giang_security_models.pptx

Nội dung text: Bài giảng Security models

  1. Operating System Security Fundamentals Tiếp theo bài 1 bắt đầu từ Slide 10 Giảng Viờn: Trần Thị Kim Chi â FPT Software 1
  2. Agenda a. Access control b. Inference and covert channels c. Open/close policy d. Database Application Security Models Discretionary/mandatory access control â FPT Software 2
  3. Access control • Access control is a security technique that can be used to regulate who or what can view or use resources in a computing environment. • Access control systems perform authorization identification, authentication, access approval, and accountability of entities through login credentials includingpasswords, personal identification numbers (PINs), biometric scans, and physical or electronic keys. â FPT Software 3
  4. Types of Access control • There are two main types of access control: – Physical, – logical. • Physical access control limits access to campuses, buildings, rooms and physical IT assets. • Logical access limits connections to computer networks, system files and data. â FPT Software 4
  5. Types of Access control The four main categories of access control are: • Mandatory access control • Discretionary access control • Role-based access control • Rule-based access control â FPT Software 5
  6. Mandatory access control (MAC) • Mandatory access control (MAC) is a system- controlled policy restricting access to resource objects (such as data files, devices, systems, etc.) based on the level of authorization or clearance of the accessing entity, be it person, process, or device. • andatory-access-control-MAC â FPT Software 6
  7. Discretionary access control (DAC) • Discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)". • Discretionary access control is commonly discussed in contrast to mandatory access control (MAC, sometimes termed non-discretionary access control). â FPT Software 7
  8. Role-based access control (RBAC) • Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise • based-access-control-RBAC • access-control-for-effective-security-management â FPT Software 8
  9. Rules Based Access Control • Rules Based Access Control is a strategy for managing user access to one or more systems, where business changes trigger the application of Rules, which specify access changes. • Implementation of Rules Based Access Control systems is feasible so long as the number of triggering business events and the set of possible actions that follow those events are both small. • - See more at: id.com/concepts/rules_based_access_control.html#stha sh.TJMhLiGM.dpuf â FPT Software 9
  10. Authentication Methods • Authentication: – Verifies user identity – Permits access to the operating system • Physical authentication: – Allows physical entrance to company property – Magnetic cards and biometric measures • Digital authentication: verifies user identity by digital means â FPT Software 10
  11. Authentication Methods • Digital certificates: digital passport that identifies and verifies holder of certificate • Digital token (security token): – Small electronic device – Displays a number unique to the token holder; used with the holder’s PIN as a password – Uses a different password each time â FPT Software 11
  12. Authentication Methods • Digital card: – Also known as a security card or smart card – Similar to a credit card; uses an electronic circuit instead of a magnetic strip – Stores user identification information • Kerberos: – Developed by MIT – Uses tickets for authentication purposes â FPT Software 12
  13. Authentication Methods • Lightweight Directory Access Protocol (LDAP): – Developed by the University of Michigan – A centralized directory database stores: • Users (user name and user ID) • Passwords • Internal telephone directory • Security keys – Efficient for reading but not suited for frequently changing information â FPT Software 13
  14. Authentication Methods • NTLM: – Developed and used by Microsoft – Employs a challenge/response authentication protocol • Public Key Infrastructure (PKI): – User keeps a private key – Authentication firm holds a public key – Encrypt and decrypt data using both keys â FPT Software 14
  15. Authentication Methods • RADIUS: used by network devices to provide a centralized authentication mechanism • Secure Socket Layer (SSL): authentication information is transmitted over the network in an encrypted form • Secure Remote Password (SRP): – Password is not stored locally – Invulnerable to brute force or dictionary attacks â FPT Software 15
  16. Authorization • Process that decides whether users are permitted to perform the functions they request • Authorization is not performed until the user is authenticated • Deals with privileges and rights â FPT Software 16
  17. Operating System Authentication • Many databases (including Microsoft SQL Server 2000) depend on OS to authenticate users • Reasons: – Once an intruder is inside the OS, it is easier to access the database – Centralize administration of users • Users must be authenticated at each level â FPT Software 17
  18. User Administration • Create user accounts • Set password policies • Grant privileges to users • Best practices: – Use a consistent naming convention – Always provide a password to an account and force the user to change it at the first logon – Protect passwords – Do not use default passwords â FPT Software 18
  19. Creating a SQL Server User • Create a login ID first; controls access to SQL Server system • Associate login ID with a database user • Must be member of fixed server roles (SYSADMIN or SECURITYADMIN) • Two types of login IDs: – Windows Integrated (trusted) login – SQL Server login â FPT Software 19
  20. Creating Windows Integrated Logins • Command line: – SP_GRANTLOGIN system stored procedure – Can be associated local, domain, group usernames • Enterprise Manager: – Use the Security container – Logins -> New Login â FPT Software 20
  21. Creating Windows Integrated Logins â FPT Software 21
  22. Creating SQL Server Logins • Command line: – SP_ADDLOGIN system stored procedure – Password is encrypted by default – Specify a default database • Enterprise Manager: – Security container – Logins -> New Login – SQL Server Authentication option â FPT Software 22
  23. Creating SQL Server Logins • Command line: – SP_ADDLOGIN system stored procedure – Password is encrypted by default – Specify a default database • Enterprise Manager: – Security container – Logins -> New Login – SQL Server Authentication option â FPT Software 23
  24. Removing Users • Simple process • Make a backup first • Obtain a written request (for auditing purposes) â FPT Software 24
  25. SQL Server: Removing Windows Integrated Logins • Command line: SP_DENYLOGIN system stored procedure • Enterprise Manager: – Highlight the desired login – Choose Delete from the Action menu â FPT Software 25
  26. Modifying Users • Modifications involve: – Changing passwords – Locking an account – Increasing a storage quota • ALTER USER DDL statement â FPT Software 26
  27. SQL Server: Modifying Windows Integrated Login Attributes • Command line: – SP_DEFAULTDB system stored procedure – SP_DEFAULTLANGUAGE stored procedure • Enterprise Manager: – Expand the security container – Select desired login – Properties (on the Action Menu) â FPT Software 27
  28. Default Users • Oracle default users: – SYS, owner of the data dictionary – SYSTEM, performs almost all database tasks – ORAPWD, creates a password file • SQL Server default users: – SA, system administrator – BUILT_IN\Administrators â FPT Software 28
  29. Remote Users â FPT Software 29
  30. Database Links • Connection from one database to another: allow DDL and SQL statements • Types: PUBLIC and PRIVATE • Authentication Methods: – CURRENT USER – FIXED USER – CONNECT USER â FPT Software 30
  31. Database Links • Connection from one database to another: allow DDL and SQL statements • Types: PUBLIC and PRIVATE • Authentication Methods: – CURRENT USER – FIXED USER – CONNECT USER â FPT Software 31
  32. Linked Servers • Allow you to connect to almost any: – Object Linking and Embedding Database (OLEDB) – Open Database Connectivity (ODBC) • OPENQUERY function • Map logins in your SQL Server instance to users in the linked database • Remote servers: allow communication using RPC â FPT Software 32
  33. Practices for Administrators and Managers • Manage: – Accounts – Data files – Memory • Administrative tasks: – Backup – Recovery – Performance tuning â FPT Software 33
  34. Best Practices • Follow company’s policies and procedures • Always document and create logs • Educate users • Keep abreast of database and security technology • Review and modify procedures â FPT Software 34
  35. Best Practices • For SQL server: – Mimic Oracle’s recommended installation for UNIX – Use local Windows or domain Windows accounts • Block direct access to database tables • Limit and restrict access to the server • Use strong passwords • Patches, patches, patches â FPT Software 35
  36. Best Practices • For SQL server: – Mimic Oracle’s recommended installation for UNIX – Use local Windows or domain Windows accounts • Block direct access to database tables • Limit and restrict access to the server • Use strong passwords • Patches, patches, patches â FPT Software 36
  37. Best Practices • Document tasks and procedures for auditing purposes • Creating users: – CREATE USER statement in Oracle – Login ID in SQL Server • Removing users: – SQL DROP statement – SP_DENYLOGIN Windows system stored procedure â FPT Software 37
  38. Best Practices • Modifying user attributes: ALTER USER DDL statement • Local database and users • Remote users • Database links • Linked servers â FPT Software 38
  39. Password Policies • First line of defense • Dictionary attack: permutation of words in dictionary • Make hard for hackers entering your systems • Best password policy: – Matches your company missions – Enforced at all level of the organization â FPT Software 39
  40. Defining and Using Profiles • Profile: – Describes limitation of database resources – Defines database users behavior – Prevents users from wasting resources • Not offered by every database system: – Oracle does – Microsoft SQL Server 2000 does not â FPT Software 40
  41. Creating Profiles in SQL Server • Profiles are not available in Microsoft SQL Server 2000 or 2005 • Query and connection time-outs: handled at application level within OLEDB â FPT Software 41
  42. Designing and Implementing Password Policies • Password is the key to open a user account; strong passwords are harder to break • User authentication depends on passwords • Hacker violations begin with breaking a password • Companies spend on: – Training – Education â FPT Software 42
  43. What Is a Password Policy? • Set of guidelines: – Enhances the robustness of a password – Reduces the likelihood of password breaking • Deals with: – Complexity – Change frequency – Reuse â FPT Software 43
  44. Importance of Password Policies • First line of defense • Most companies invest considerable resources to strengthen authentication by adopting technological measures that protect their assets • Forces employees to abide by the guidelines set by the company and raises employee awareness of password protection • Helps ensure that a company does not fail audits â FPT Software 44
  45. Designing Password Policies • Complexity: set of guidelines for creating passwords • Aging: how long a password can be used • Usage: how many times a password can be used • Storage: storing a password in an encrypted manner â FPT Software 45
  46. Implementing Password Policies • Microsoft SQL Server 2000: – Integrated server system – Windows authentication mode • NTLM: – Challenge/response methodology – Challenge is eight bytes of random data – Response is a 24-byte DES-encrypted hash â FPT Software 46
  47. Implementing Password Policies • Microsoft SQL Server 2000: – Integrated server system – Windows authentication mode • NTLM: – Challenge/response methodology – Challenge is eight bytes of random data – Response is a 24-byte DES-encrypted hash â FPT Software 47
  48. Implementing Password Policies • Kerberos: – A key known by client and server encrypts handshake data – Requires a Key Distribution Center (KDC) – Tickets – Time must be synchronized networkwide â FPT Software 48
  49. Implementing Password Policies â FPT Software 49
  50. Password Policies • Best practices: – Password aging – Password reuse – Password history – Password encryption – Password storage and protection – Password complexity – Logon retries – Single sign-on â FPT Software 50
  51. Granting and Revoking User Privileges • Permit or deny access to data or to perform database operations • In Oracle: – System privileges: • Granted only by a database administrator • Granted by a user with administration privileges – Object privileges: • Granted to a user by the schema owner • Granted by a user with GRANT privileges â FPT Software 51
  52. Granting and Revoking User Privileges • In SQL Server (4 levels); system/server privileges: – Sysadmin – Serveradmin – Setupadmin – Securityadmin – Processadmin – Dbcreator – Diskadmin – Bulkadmin â FPT Software 52
  53. Granting and Revoking User Privileges • In SQL Server (continued): – Database privileges: • Fixed database roles • Statement permissions – Grant permission using the GRANT statement – Revoke permission using the REVOKE statement – Enterprise Manager – Deny permission using the DENY statement â FPT Software 53
  54. Granting and Revoking User Privileges â FPT Software 54
  55. Granting and Revoking User Privileges â FPT Software 55
  56. Granting and Revoking User Privileges â FPT Software 56
  57. Granting and Revoking User Privileges • In SQL Server: – Table and database objects privileges: • GRANT, REVOKE, and DENY • EXECUTE permission • Enterprise Manager (3 methods) – Column privileges: • GRANT, REVOKE, and DENY • Enterprise Manager (2 methods) â FPT Software 57
  58. Creating, Assigning, and Revoking User Roles • Role: – Used to organize and administer privileges – It is like a user, except it cannot own object – Can be assigned privileges – Can be assigned to users â FPT Software 58
  59. Creating, Assigning, and Revoking User Roles • In SQL Server; user-defined roles: – Standard and application – Create roles using SP_ADDROLE system-stored procedure – Add members to a role using SP_ADDROLEMEMBER stored procedure – Drop members from a role using SP_DROPROLEMEMBER stored procedure â FPT Software 59
  60. Creating, Assigning, and Revoking User Roles • In SQL Server (continued): – User-defined roles (continued): • Drop roles using SP_DROPROLE stored procedure • Use Enterprise Manager – Fixed server roles: • Cannot be modified or created • Add member to a role using SP_ADDSRVROLEMEMBER stored procedure â FPT Software 60
  61. Creating, Assigning, and Revoking User Roles â FPT Software 61
  62. Creating, Assigning, and Revoking User Roles • In SQL Server (continued): – Fixed server roles (continued): • Drop members from a role using SP_DROPSRVROLEMEMBER stored procedure • Use Enterprise Manager – Fixed database roles: • Cannot be modified • Give access to database administrative tasks • Add members to a role using SP_ADDROLEMEMBER stored procedure â FPT Software 62
  63. Creating, Assigning, and Revoking User Roles â FPT Software 63
  64. Creating, Assigning, and Revoking User Roles • In SQL Server (continued): – Fixed database roles (continued): • Drop members from a role using SP_DROPROLEMEMBER stored procedure • Use Enterprise Manager – Public database role: • Cannot be dropped • Users automatically belong to this role • Users cannot be dropped â FPT Software 64
  65. Best Practices • Develop a secure environment: – Never store passwords for an application in plaintext – Change passwords frequently – Use passwords at least eight characters long – Pick a password that you can remember – Use roles to control and administer privileges – Report compromise or loss of a password – Report any violation of company guidelines â FPT Software 65
  66. Best Practices • Develop a secure environment (continued): – Never give your password to anyone – Never share your password with anyone – Never give your password over the phone. – Never type your password in an e-mail – Make sure your password is complex enough – Use Windows integrated security mode – In Windows 2000/3 domain use domain users and take advantage of Kerberos â FPT Software 66
  67. Best Practices • When configuring policies: – Require complex passwords with special characters in the first seven bytes – Require a password length of at least eight – Set an account lockout threshold – Do not allow passwords to automatically reset – Expire end-user passwords – Do not expire application-user passwords – Enforce a password history â FPT Software 67
  68. Best Practices • Profiles define database users behavior • In Oracle: – DBA_PROFILE view – ALTER USER • SQL Server does not support profiles • Password policy: – Enhances password robustness – Reduces likelihood of password breaking â FPT Software 68
  69. Best Practices • In SQL Server: – NTLM – Kerberos • In Oracle: – System privileges – Object privileges • In SQL Server: – System or server, database, table and column privileges â FPT Software 69
  70. Best Practices • GRANT and REVOKE • Role is used to: – Organize and administer privileges in an easy manner – Role is like a user but cannot own objects – Role can be assigned privileges – GRANT and REVOKE • Best practices for developing a secure environment â FPT Software 70
  71. E-mail Security • Tool must widely used by public • May be the tool must frequently used by hackers: – Viruses – Worms – Spam – Others • Used to send private and confidential data as well as offensive material â FPT Software 71
  72. E-mail Security • Used by employees to communicate with: – Clients – Colleagues – Friends • Recommendations: – Do not configure e-mail server on the same machine were sensitive data resides – Do not disclose technical details about the e-mail server â FPT Software 72
  73. Security problems with files • Common threats: – File permission – File sharing • Files must be protected from unauthorized reading and writing actions • Data resides in files; protecting files protects data â FPT Software 73
  74. File Permissions • Read, write, and execute privileges • In Windows 2000: – Change permission on the Security tab on a file’s Properties dialog box – Allow indicates grant – Deny indicates revoke â FPT Software 74
  75. File Permissions • In UNIX – Three permission settings: owner; group to which owner belongs; all other users – Each setting consist of rwx • r for reading, w for writing, and x for executing – CHMOD command used to change file permissions â FPT Software 75
  76. File Transfer • FTP (File Transfer Protocol): – Internet service for transferring files from one computer to another – Transmits usernames and passwords in plaintext – Root account cannot be used with FTP – Anonymous FTP: ability to log on to the FTP server without being authenticated â FPT Software 76
  77. File Transfer • Best practices: – Use Secure FTP utility if possible – Make two FTP directories: • One for uploads with write permissions only • One for downloads with read permissions only – Use specific accounts with limited permissions – Log and scan FTP activities – Allow only authorized operators â FPT Software 77
  78. Sharing Files • Naturally leads to security risks and threats • Peer-to-peer programs: allow users to share files over the Internet • Reasons for blocking file sharing: – Malicious code – Adware and spyware – Privacy and confidentiality – Pornography – Copyright issues â FPT Software 78
  79. Memory • Hardware memory available on the system • Can be corrupted by badly written software • Two options: – Stop using the program – Apply a patch (service pack) to fix it • Can harm data integrity â FPT Software 79
  80. Covert channels • MLS designed to restrict legitimate channels of communication • May be other ways for information to flow • For example, resources shared at different levels may signal information • Covert channel: “communication path not intended as such by system’s designers” â FPT Software 80
  81. Covert Channel Example • Alice has TOP SECRET clearance, Bob has CONFIDENTIAL clearance • Suppose the file space shared by all users • Alice creates file FileXYzW to signal “1” to Bob, and removes file to signal “0” • Once each minute Bob lists the files – If file FileXYzW does not exist, Alice sent 0 – If file FileXYzW exists, Alice sent 1 • Alice can leak TOP SECRET info to Bob! â FPT Software 81
  82. Covert Channel Example Alice: Create file Delete file Create file Delete file Bob: Check file Check file Check file Check file Check file Data: 1 0 1 1 0 Time: â FPT Software 82
  83. Covert Channel Example • Other examples of covert channels – Print queue – ACK messages – Network traffic, etc., etc., etc. • When does a covert channel exist? 1. Sender and receiver have a shared resource 2. Sender able to vary property of resource that receiver can observe 3. Communication between sender and receiver can be synchronized â FPT Software 83
  84. Covert Channel Example • Covert channels exist almost everywhere • Easy to eliminate covert channels – Provided you eliminate all shared resources and all communication • Virtually impossible to eliminate all covert channels in any useful system – DoD guidelines: goal is to reduce covert channel capacity to no more than 1 bit/second – Implication is that DoD has given up trying to eliminate covert channels! â FPT Software 84
  85. Covert Channel Example • Consider 100MB TOP SECRET file – Plaintext version stored in TOP SECRET place – Encrypted with AES using 256-bit key, ciphertext stored in UNCLASSIFIED location • Suppose we reduce covert channel capacity to 1 bit per second • It would take more than 25 years to leak entire document thru a covert channel • But it would take less than 5 minutes to leak 256-bit AES key thru covert channel! â FPT Software 85
  86. Inference Control Example • Suppose we query a database – Question: What is average salary of female CS professors at SJSU? – Answer: $95,000 – Question: How many female CS professors at SJSU? – Answer: 1 • Specific information has leaked from responses to general questions! â FPT Software 86
  87. Inference Control and Research • For example, medical records are private but valuable for research • How to make info available for research and protect privacy? • How to allow access to such data without leaking specific information? â FPT Software 87
  88. Naùve Inference Control • Remove names from medical records? • Still may be easy to get specific info from such “anonymous” data • Removing names is not enough – As seen in previous example • What more can be done? â FPT Software 88
  89. Less-naùve Inference Control • Query set size control – Don’t return an answer if set size is too small • Randomization – Add small amount of random noise to data • Many other methods ⎯ none satisfactory â FPT Software 89
  90. Turing Test • Proposed by Alan Turing in 1950 • Human asks questions to one other human and one computer (without seeing either) • If human questioner cannot distinguish the human from the computer responder, the computer passes the test • The gold standard in artificial intelligence • No computer can pass this today â FPT Software 90
  91. Captchar • CAPTCHA ⎯ Completely Automated Public Turing test to tell Computers and Humans Apart • Automated ⎯ test is generated and scored by a computer program • Public ⎯ program and data are public • Turing test to tell ⎯ humans can pass the test, but machines cannot pass the test • Like an inverse Turing test (sort of ) â FPT Software 91
  92. CAPTCHA Paradox • “ CAPTCHA is a program that can generate and grade tests that it itself cannot pass ” • “ much like some professors ” • Paradox ⎯ computer creates and scores test that it cannot pass! • CAPTCHA used to restrict access to resources to humans (no computers) • CAPTCHA useful for access control â FPT Software 92
  93. CAPTCHA: Rules of the Game • Must be easy for most humans to pass • Must be difficult or impossible for machines to pass – Even with access to CAPTCHA software • The only unknown is some random number • Desirable to have different CAPTCHAs in case some person cannot pass one type – Blind person could not pass visual test, etc. â FPT Software 93
  94. Do CAPTCHAs Exist? • Test: Find 2 words in the following ❑ Easy for most humans ❑ Difficult for computers (OCR problem) â FPT Software 94
  95. CAPTCHAs • Current types of CAPTCHAs – Visual • Like previous example • Many others – Audio • Distorted words or music • No text-based CAPTCHAs – Maybe this is not possible â FPT Software 95
  96. CAPTCHA’s and AI • Computer recognition of distorted text is a challenging AI problem – But humans can solve this problem • Same is true of distorted sound – Humans also good at solving this • Hackers who break such a CAPTCHA have solved a hard AI problem • Putting hacker’s effort to good use! • May be other ways to defeat CAPTCHAs â FPT Software 96
  97. Open/close policy Open Systems I want to be able to work and play well with others. Systems that are described as open are built upon standards, protocols, and interfaces that have published specifications, which enable third-party vendors to develop add-on components and devices. This type of architecture provides interoperability between products by different vendors of different operating systems, applications, and hardware devices. This interoperability is provided by all the vendors involved who follow specific standards and provide interfaces that enable each system to easily communicate with other systems and allow add-ons to hook into the system easily. A majority of the systems in use today are open systems. The reason that an administrator can have Windows NT 4.0, Windows 2000, Macintosh, and Unix computers on the same network communicating easily is because these platforms are open. If a softwareâ FPT Software 97 vendor creates a closed system, they are restricting their sales to proprietary environments
  98. Open/close policy Closed Systems I only want to work and play with you and him. Systems that are referred to as closed use an architecture that does not follow industry standards. Interoperability and standard interfaces are not employed to enable easy communication between different types of systems and add-on features. Closed systems are proprietary, meaning that the system can only communicate with like systems. A closed architecture can provide more security to the system because it does not have as many doorways in, and it operates in a more secluded environment than open environments. Because a closed system is proprietary, there are not as many tools to thwart the security mechanisms and not as many people who understand its design, language, and securityâ weaknesses FPT Software to exploit. However, more security brings less 98 functionality. A majority of the systems today are built with open architecture to enable them
  99. Open/close policy Open security is the application of open source software (OSS) approaches to help solve cyber security problems. OSS approaches collaboratively develop and maintain intellectual works (including software and documentation) by enabling users to use them for any purpose, as well as study, create, change, and redistribute them (in whole or in part). Cyber security problems are a lack of security (confidentiality, integrity, and/or availability), or potential lack of security (a vulnerability), in computer systems and/or the networks they are a part of. â FPT Software 99
  100. Security policy • Set of rules defining who is authorized to access what and under which conditions, and the criteria under which such authorization is given or cancelled. • Security policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls. For systems, the security policy addresses constraints on functions and flow among them, constraints on access by external systems and adversaries including programs and access to data by people. â FPT Software 100
  101. Open/close policy Open security is the application of open source software (OSS) approaches to help solve cyber security problems. OSS approaches collaboratively develop and maintain intellectual works (including software and documentation) by enabling users to use them for any purpose, as well as study, create, change, and redistribute them (in whole or in part). Cyber security problems are a lack of security (confidentiality, integrity, and/or availability), or potential lack of security (a vulnerability), in computer systems and/or the networks they are a part of. â FPT Software 101
  102. Open/close policy • To explain why closed security policies are better protection than open ones, let me give you an example. Let's suppose that my company has determined that the Oracle listener will listen on port 1599 (a non-default port) and that all database passwords will contain 8 letters followed by 2 numbers. If I publish this information on the Web, I now let any hacker know exactly which port to point to and exactly how my database passwords are composed. Do you want to give this information to a potential hacker? It's better to safeguard this information within your company. â FPT Software 102
  103. Open/close policy • To explain why closed security policies are better protection than open ones, let me give you an example. Let's suppose that my company has determined that the Oracle listener will listen on port 1599 (a non-default port) and that all database passwords will contain 8 letters followed by 2 numbers. If I publish this information on the Web, I now let any hacker know exactly which port to point to and exactly how my database passwords are composed. Do you want to give this information to a potential hacker? It's better to safeguard this information within your company. â FPT Software 103
  104. Database Application Security Models • Application: – Solves a problem – Performs a specific business function • Database: collection of related data files used by an application • Application user: user within the application schema â FPT Software 104
  105. Database Application Security Models • Types: – Application administrator – Application owner – Application user – Database administrator – Database user – Proxy user – Schema owner – Virtual user â FPT Software 105
  106. Security Models • Access Matrix Model: – Represents two main entities: objects and subjects: • Columns represent objects • Rows represent subjects – Objects: tables, views, procedures, database objects – Subjects: users, roles, privileges, modules – Authorization cell â FPT Software 106
  107. Security Models • Access Modes Model: – Based on the Take-Grant model – Uses objects and subjects – Specifies access modes: static and dynamic modes – Access levels: a subject has access to objects at its level and all levels below it â FPT Software 107
  108. Security Models â FPT Software 108
  109. Application Types • Client/Server applications: – Management Information System (MIS) department: • Thirty year ago centralized information • Developed mainframe projects • Was a bottleneck – Personal computer was introduced: developing need for client/server applications – Based on the business model â FPT Software 109
  110. Client/Server Applications â FPT Software 110
  111. Application Types • Provides a flexible and scalable structure • Components: – User interface – Business logic – Data access • Components usually spread out over several tiers: – Minimum two – Normally, four to five â FPT Software 111
  112. Application Types â FPT Software 112
  113. Application Types â FPT Software 113
  114. Web Applications • Evolved with the rise of dot-com and Web-based companies • Uses the Web to connect and communicate to the server • A Web application uses HTML pages created using: – ActiveX – Java applets or beans – ASP (Active Server Pages) â FPT Software 114
  115. Web Applications â FPT Software 115
  116. Web Applications • Components: – Web browser layer – Web server layer – Application server layer – Business logic layer – Database server layer â FPT Software 116
  117. Data Warehouse Applications • Used in decision-support applications • Collection of many types of data taken from a number of different databases • Typically composed of a database server • Accessed by software applications or reporting applications: online analytical processing (OLAP) â FPT Software 117
  118. Application Security Models • Models: – Database role based – Application role based – Application function based – Application role and function based – Application table based â FPT Software 118
  119. Security Model Based on Database Roles • Application authenticates application users: maintain all users in a table • Each user is assigned a role; roles have privileges assigned to them • A proxy user is needed to activate assigned roles; all roles are assigned to the proxy user • Model and privileges are database dependent â FPT Software 119
  120. Security Model Based on Database Roles â FPT Software 120
  121. Security Model Based on Database Roles • Implementation in SQL Server: – Use application roles: • Special roles you that are activated at the time of authorization • Require a password and cannot contain members – Connect a user to the application role: overrules user’s privileges â FPT Software 121
  122. Security Model Based on Database Roles • Implementation in SQL Server (continued): – Create and drop application roles using the command line and the Enterprise Manager: • SP_ADDAPPROLE • SP_DROPAPPROLE – You can activate application roles using SP_SETAPPROLE â FPT Software 122
  123. Security Model Based on Database Roles • Implementation in SQL Server (continued): – Connect to database as the proxy user – Validate the user name and password – Retrieve the application role name – Activate the application role â FPT Software 123
  124. Security Model Based on Database Roles • Application roles are mapped to real business roles • Application authenticates users • Each user is assigned to an application role; application roles are provided with application privileges (read and write) â FPT Software 124
  125. Security Model Based on Database Roles â FPT Software 125
  126. Security Model Based on Database Roles • Implementation in SQL Server – Create a database user – Connect the application to the database using this user – Create stored procedures to perform all database operations â FPT Software 126
  127. Security Model Based on Application Functions • Application authenticates users • Application is divided into functions • Considerations: – Isolates application security from database – Passwords must be securely encrypted – Must use a real database user – Granular privileges require more effort during implementation â FPT Software 127
  128. Security Model Based on Application Functions â FPT Software 128
  129. Security Model Based on Application Roles and Functions • Combination of models • Application authenticates users • Application is divided into functions: – Roles are assigned to functions – Functions are assigned to users • Highly flexible model â FPT Software 129
  130. Security Model Based on Application Roles and Functions â FPT Software 130
  131. Security Model Based on Application Tables • Depends on the application to authenticate users • Application provides privileges to the user based on tables; not on a role or a function • User is assigned access privilege to each table owned by the application owner â FPT Software 131
  132. Security Model Based on Application Tables â FPT Software 132
  133. Security Model Based on Application Tables • Implementation in SQL Server: – Grant authorization on application functions to the end user – Alter authorization table from the security model based on database roles; incorporate the table and access columns required to support model â FPT Software 133
  134. Application Security Models â FPT Software 134
  135. Application Security Models â FPT Software 135
  136. Data Encryption • Passwords should be kept confidential and preferably encrypted • Passwords should be compared encrypted: – Never decrypt the data – Hash the passwords and compare the hashes â FPT Software 136
  137. Summary • Security: level and degree of being free from danger and threats • Database security: degree to which data is fully protected from unauthorized tampering • Information systems: backbone of day-to-day company operations â FPT Software 137
  138. Summary • Information security architecture – Model for protecting logical and physical assets – Company’s implementation of a C.I.A. triangle • Enforce security at all levels of the database â FPT Software 138
  139. Summary • An application user is simply a record created for a user within the application schema; usually does not have database privileges or roles assigned • Access matrix: – Columns represent objects – Rows represent subjects – Authorization cell • Access mode â FPT Software 139
  140. Summary • Application types: client/server, Web, and Data Warehouse • Application security models – Database roles – Application roles – Application functions – Roles and functions in the application – Application tables â FPT Software 140
  141. â FPT Software 141