material clase seg db.pdf

8/10/2019 Material clase Seg DB.pdf

1/78


2/78

Se uridad en Base de Datos

Ing. Alfredo Juan Haln Tafich M.C.


3/78

Traduccin de palabras tcnicas

Data breach: Fuga o prdida de datos.Organization asset: Activos de la organizacin.Forensic anal sis: Anlisis forense.

Security regulations: Normas de seguridad.Regulatory compliance: Cumplimiento de normas.Data encryption: Cifrado de datos.Threat: Amenaza.


4/78


5/78

The cost of a data breach

Data constitutes organizations most important and prized asset.Information can describe an institutions relationship with itscustomers, com etitive or ro rietar rocesses, tradin

relationships with partners, and tactical and strategic positioningagainst their competitors.When data is lost or stolen, real and significant damage canoccur.

Potential costs associated with Developing and Understanding.Additional security infrastructure, such as encryption and auditingsolutions.


6/78

Actions after a data breach

Forensic analysis and internal investigation of the theft.Notification campaign, emails, phone calls, letters, and so on.Call center costs due to increased volume of customer traffic.

Legal costs for defense and investigation.Internal investigations resulting in mitigation.Classify to salvage customer and investor relations.Fees and penalties.


7/78

Indirect Costs after a data breach

Loss of employee productivity.Erosion of customer base due to loss of confidence.Reticence for new customers to establish relationshi s.

Reduced shareholder confidence and value.Decreased competitive standing.ROI Calculation.


8/78

Regulatory compliance

Health Insurance Portability and Accountability Act of 1996.(HIPAA)Gramm-Leach-Blile Act of 1999. GLBA

Sarbanes-Oxley Act. (SOX)California Senate Bill 1386. (SB 1386)Payment Card Industry Data Security Standard. (PCI)IBM Data Server Security. (ISS)

Ley Federal de proteccin de datos personales en posesin delos particulares (LFPDPPP)


9/78

HIPAA

Also known as Public Law 104-191 or the Kennedy-KassenbaumBill, is an act passed by the U.S. Congress and signed into effecton Au ust 21, 1996.

Guarantee health insurance coverage of employees.Reduce health care fraud and abuse.Implement administrative simplification to augment effectivenessand efficiency of the health care system.

Protect the health information of individuals against accesswithout consent or authorization.


10/78

GLBA

Enacted on November 12, 1999, approximately seven monthsafter the merger between Citicorp and Travelers Group to formCiti rou .

Ensure the security and privacy of customer information.Protect against threats to the security and integrity of customerinformation.Protect against unauthorized access or usage of this information

that could result in harm or inconvenience to the customer.


11/78

SOX

Passed by the U.S. Senate and the U.S. House ofRepresentatives with large majorities and signed into law on July30, 2002.Audit committee issues.Audit committee expertise.

Enhanced review of periodic disclosures.New oversight board for corporate governance.Certification of financial statements.Improper influence of conduct of audits.

Forfeiture of bonuses and profits (in some cases).Off-balance sheet transactions.Pro-forma financial information.Dealings with securities analysts.


12/78

SB 1386

In September 2002, the Governor of California signed Senate Bill1386 into effect.In effect this means that an business that maintains ersonal

information of a resident of California must have the appropriateprovisions and capabilities to know when this information mayhave been accessed by an unauthorized person.


13/78

PCI

The standard includes 12 requirements across six categories,concentrating on data authentication, access control, audits, anddata encr tion. To com l , com anies that handle a ment card

information are required to establish stringent security policies,processes, and procedures.


14/78

ISS

Securing data requires a holistic and layered approach thatconsiders the broad range of threats. This is commonly referred toas defense in de th, and re uires a securit b desi n a roach,

where multiple layers of security work together to provide thethree ultimate objectives of security, commonly known as the CIAtriad: confidentiality, integrity, and availability.


15/78

LFPDPPP

Como aplica?Dnde em ieza?

Que incluye el aviso de privacidad?Como se cumple con la Ley?Existe alguna solucin tecnolgica?


16/78


17/78

Database Components

Database Server InfrastructureNetwork ComponentsA lica ion S r c re

Clients (End Point)


18/78

Database Server Infrastructure

Server HardwareServer Operating SystemWindowsUnix

LinuxServer DBMS

OracleInformix

DB2SQL ServerEtc.


19/78

Network Components

Core SwitchSwitchesRoutersAccess Points


20/78

Application Structure

Language ProgrammingVisual BasicPSPEtc.

SQL elementsDatabaseTablesStore Procedures

Etc.


21/78

Clients (End Point)

Traditional PCScreen emulation (3270 type)Bar code readerPrinters and scanners

Internet access


22/78


23/78

Database Elements

TablesPrimary KeyForeign Key

Indexes

Data ModelEntitiesAssociations

-

UniqueMultiple

SynonymsViews

Etc.

1-MM-M

Normalization


24/78

Primary KeyA primary key is a column or group of (non-superfluous) columns thatinsures the uniqueness of rows within a table. A primary key thatconsists of more than one column is a composite primary key.

Primary keys do not imply either sequence or access path.

Primary keys are indicated by the letters PK under the appropriatecolumn heading (s)

Assuming that EMPLOYEE.NUMBERs are always unique:

EMPLOYEE

NUMBER

EMPLOYEE

NAME

HIRE

DATE

BIRTH

DATE

SALARY

AMOUNT

PK


25/78

Primary Key ..Assuming that the combination of ORDER.NUMBER andPART.NUMBER is always unique:

ORDERNUMBER

PARTNUMBER

ORDEREDQUANTITY

SHIPPEDQUANTITY

PK +

Primary key values may not be null because a row without a primarykey cannot (technically) be distinguished from other rows in the same

table

Primary key values must never be null (PK implies NN).


26/78

Primary Key ..

By definition

Primary key columns may not contain duplicate values (PK impliesND).

This rule is currently the subject of debate among relational databasetheorists. In certain cases, it seems desirable to allow changes to somecomposite primary keys. Generally speaking, however, it is advisableto abide by the rule.

.


27/78

Foreign Key

A foreign key is a column or group of columns that is not the wholeprimary key of a table, but is based upon the same domain(s) as the

primary key of the same or; some other, table. A foreign key thatconsists of more than one column is a composite foreign key.

EMPLOYEE.DEPT.CODE is a foreign key since it is not the primarykey of the EMPLOYEE table, but is based upon the same domain asthe primary key of the DEPT table.

DEPTCODE

DEPTNAME

EMPLOYEENUMBER

EMPLOYEENAME

DEPTCODE

PK PK FK


28/78

ORDER.CUSTOMER.NUMBER is a foreign key since it is not theprimary key of the ORDER table, but is based upon the same domainas the primary key of the CUSTOMER table.

CUSTOMERNUMBER

CUSTOMERNAME

ORDERNUMBER

CUSTOMERNUMBER

PK PK FK

Foreign Key ..

Locate the foreign key(s) in the following tables:

BUILDINGNUMBER

BUILDINGNAME

DEPTNUMBER

DEPTNAME

BUILDINGNUMBER

PK PK

MANAGERNUMBER

MANAGERNAME

PROJECTNUMBER

PROJECTNAME

MANAGERNUMBER

PK PK


29/78

Reading tables

The system is concerned with departments and employees (from the table

Given these two tables,

DEPTCODE

DEPTNAME

EMPLOYEENUMBER

EMPLOYEENAME

DEPTCODE

PK NN,ND PK NN FK

.

Each department must have a department code (PK implies NN)Each department code is unique (PK implies ND).Department codes are not subject to change (PK implies no changes).Every department has a department name (NN).Every department has only one department name (each department codeappears on only one row).

No two departments have the same name (ND).Each department may have zero, one or more employees (FK)All employees have employee numbers (PK implies NN).Each employee number is unique (PK implies ND).Employee numbers cannot be modified (PK).

And so forth...


30/78

Data ModelA data model is a collection of constructs, operators and integrity ruleswhich together support a dynamic representation of real-world objectsand events

Constructs

Constructs are the basic building blocks of a data model.Relational data models use a single type of construct, tables.

OperatorsOperators are the means whereby the data in a data model ismaintained and retrieved. Typical relational operators are add,change, delete, select, project, join, group, and so forth.

Integrity Rules

Integrity rules serve to maintain order and consistency in a data

model. No null, no duplicate, primary key and foreign keyconstraints are examples of integrity rules


31/78

Entities

An entity is a person, place or thing, of inters to the user community,

about which the system is to maintain, correlate, and displayinformation

Entities are nouns

.

Entities have existence in, and of, themselves and are therefore notdependent upon, or subordinate to, something else.

Entities may be tangible (such as buildings or employees), intangible(like departments or accounts), or semi-tangible (orders, perhaps or,invoices).

Characteristics of entities (such as an employee's name), and other

information about entities (the total number of customers, or the averagenumber of orders placed in May) are not considered entities.


32/78

Associations

An association is a relationship between two or more entities (or other

associations), of interest to the user community, about which thesystem is to maintain, correlate an display information.

Associations occur in three forms: one-to-one(1:1), one-to-many(1:M),and many-to-many(M:M).

Associations are within the scope of the system.

Associations typically occur between one entity and another (customersand orders, for example, or orders and parts), but can involve anynumber of entities and interrelationships (see the topic "Complex

Associations" in Section Four for a further discussion of this matter).

Associations occur in three different forms (discussed in the following

topics).


33/78

One to One associations

A one-to-one association occurs when two entities (say, A and B) arerelated as follows: each occurrence of entity A is related to at most oneoccurrence of entity B, and each occurrence of entity B is related to atmost one occurrence of entity A

One-to-one associations are relatively rare.

One-to-one associations are modeled by placing the primary key of theentity A table as a foreign key, no duplicates (FK, ND) allowed column inthe entity B table

A B


34/78

One to One associations ..The data model for the one-to-one association above is

A

KEY

B

KEY

A

KEYPK PK FK, ND

A1 B1 A1

A2 B2 A3

A3 B3 A5

A4

A5

Foreign keys that model one-to-one associations should be placed tominimize or eliminate null values.

Since oneone--toto--oneone associationsassociations areare symmetricalsymmetrical,, either key may be

placed in the other table.


35/78

One to Many associations

A one-to-many association occurs when two entities (say, A and B) are

related as follows: each occurrence of entity A is related to zero, one or

more occurrence(s) of entity B, but each occurrence of entity B isrelated to at most one occurrence of entity A.

One-to-many associations are quite common.

One-to-many associations are modeled by placing the primary key ofthe entity A table as a foreign key (FK) column in the entity B table.

Entity A Entity B


36/78

One to Many associations ..

The data model for the one-to-many association above is:

AKEY

BKEY

AKEY

PK PK FK

A1 B1 A1

A2 B2 A3

A3 B3 A1

B4 A1

B5 A3

SinceSince oneone--toto--manymany associationsassociations areare notnot symmetricalsymmetrical, the A key must

be placed in the B table, and not vice versa.

Note that 1:M associations in tabular form look exactly like 1:1associations, with the exception of the "ND" integrity constraint.


37/78

Many to Many associationsA many-to-many association occurs when two entities (say, A an B) arerelated as follows: each occurrence of entity A is related to zero, one ormore occurrence(s) of entity B, and each occurrence of entity B is

related to zero, one or more occurrence(s) of entity A.

Many-to-many associations are quite common.

Many-to-many associations are modeled by defining a new table with acomposite primary key. The components of the new primary key are

the primary keys of the entity A and entity B tables. Both components

of the new primary key are also individual foreign keys.


38/78

Many to Many associations ..The data model for the M: M association described above is:

A

KEY

B

KEYPK PKA1 BI

A2 B2

A

KEYBKEY

PK +FK FKA1 BI

A1 B2A2 B1

Since many-to-many associations are symmetrical, and since the order

of the columns of a table is arbitrary, the above table could have beendrawn in reverse (B/A, the B Key first).


39/78

Atributes

An attribute is a characteristic or quality of an entity or an association,

of interest to the user community, about which the system is tomaintain, correlate and display information.

Attributes may be related to either entities (the name of a customer, forexamp e , or assoc a ons say, e quan y o a par cu ar par on a

particular order).

All columns of a table are technically attributes of that table, andtherefore are also attributes of the entity of association modeled by thattable. But it is useful to distinguish between three different "roles" that

attributes can play in table.


40/78

1.- Primary key attribute identify the entity or association modeled by atable.

2.- Forei n ke attributes define relationshi s between entities and other

Attributes ..

entities and/or associations.

3.- Other attributes (that are neither primary key nor foreign key

components) further the entity or association modeled by a table.


41/78


42/78

Database Security

Concerns the use of a broad range of information security controls toprotect databases (potentially including the data, the database applicationsor stored functions, the database systems, the database servers and theassociated network links) against compromises of their confidentiality,

.

It involves various types or categories of controls, such as technical,procedural/administrative and physical.Database securityis a specialist topic within the broader realms ofcomputer security, information security and risk management.


43/78

Database Security ..

Security risks to database systems include, for example:

Unauthorized or unintended activity or misuse by authorized database users,database administrators, or network/systems managers, or by unauthorizedusers or hackers (e.g. inappropriate access to sensitive data, metadata orfunctions within databases, or inappropriate changes to the database

programs, structures or security configurations);

Malware infections causing incidents such as unauthorized access, leakageor disclosure of personal or proprietary data, deletion of or damage to the dataor programs, interruption or denial of authorized access to the database,

attacks on other systems and the unanticipated failure of database services;

Overloads, performance constraints and capacity issues resulting in theinability of authorized users to use databases as intended;


44/78

Security risks ........

Physical damage to database servers caused by computer room fires orfloods, overheating, lightning, accidental liquid spills, static discharge,electronic breakdowns/equipment failures and obsolescence;


Design flaws and programming bugs in databases and the associatedprograms and systems, creating various security vulnerabilities (e.g.unauthorized privilege escalation), data loss/corruption, performancedegradation etc.;

Data corruption and/or loss caused by the entry of invalid data or commands,mistakes in database or system administration processes, sabotage/criminaldamage etc.


45/78

Many layers and types of information security control are appropriate to

databases, including:

Access controlAuditing


u en ca on

EncryptionIntegrity controlsBackupsApplication security

Database architecture


46/78

Access control is the selective restriction of access to a place or otherresource. The act of accessing may mean consuming, entering, or using.

Permission to access a resource is called authorization.

Locks and login credentials are two analogous mechanisms of access control.

Access control

Database auditing involves observing a database so as to be aware of the

actions of database users. Database administrators and consultants often setup auditing for security purposes, for example, to ensure that those without thepermission to access information do not access it.

Auditing


47/78

Authentication is the act of confirming the truth of an attribute of a datum orentity. This might involve confirming the identity of a person or softwareprogram, tracing the origins of an artifact, or ensuring that a product is what itspackaging and labeling claims to be.

Authentication

Encryption is the process of encoding messages (or information) in such a waythat eavesdroppers or hackers cannot read it, but that authorized parties can.

ncryp on


48/78


49/78

A backup, or the process of backing up, refers to the copying and archiving ofcomputer data so it may be used to restore the original after a data loss event.

Backups have two distinct purposes. The primary purpose is to recover dataafter its loss, be it by data deletion or corruption. Data loss can be a commonexperience of computer users. A 2008 survey found that 66% of respondents

had lost files on their home PC.

Backups

The secondary purpose of backups is to recover data from an earlier time,according to a user-defined data retention policy, typically configured within abackup application for how long copies of data are required. Though backupspopularly represent a simple form of disaster recovery, and should be part of a

disaster recovery plan, by themselves, backups should not alone be

considered disaster recovery.One reason for this is that not all backup systems or backup applications areable to reconstitute a computer system or other complex configurations suchas a computer cluster, active directory servers, or a database server, by

restoring only data from a backup.


50/78

Application security encompasses measures taken throughout theapplication's life-cycle to prevent exceptions in the security policy of an

application or the underlying system (vulnerabilities) through flaws in the

Application security

, , , , .


51/78

Hierarchical architectureNetwork architecture

Database architecture

e a ona arc ec ure

Object Oriented architecture


52/78

Seguridad de la Informacin


53/78

Uno de los mayores retos en la administracin de TI, es el manejo de laseguridad de la informacin.

Seguridad de la Informacin

tecnologa basada en Internet.

El potencial dao causado por ataques, podra detener la operacin de unaorganizacin.


54/78

En la actualidad, todos los ejecutivos de una empresa necesitan entender lasamenazas a los sistemas basados en Internet.

Seguridad en la era de Internet

.

Desde 1996, el Computer Security Institute y el San Francisco Federal Bureauof Investigation Computer Intrusion Squad, han hecho encuestas anuales aempresas para conocer los crmenes cometidos.

Tipos de Ataques


55/78

Tipos de Ataques

Prdidas en 2006


56/78

Prdidas en 2006

Tecnologas de Seguridad usadas


57/78

Tecnologas de Seguridad usadas


58/78

Autentificacin.-

Verificar la autenticidad de usuarios.

Identificacin.-Identificar usuarios ara otor ar acceso.

5 Pilares de la Seguridad

Privacidad.-Proteger la informacin.

Integridad.-Mantener la informacin en su forma original.

No repudiacin.-Que nadie pueda negar que una transaccin ocurri.


59/78

Si bien los sistemas de informacin son slo una parte de las operaciones de

una empresa, stos han llegado a ser una parte crucial.

Usando recursos internos:Mlti les Centros de Com uto

Recuperacin en caso de desastre

Proceso Distribuido

Respaldo de ComunicacionesLANs

Usando recursos externosServicios integrados

Servicios especializadosAlmacenamiento de datos


60/78

Mltiples centros de computo

En los ltimos aos y para ahorrar dinero, las empresas han consolidado

Usando recursos internos

sus mltiples centros de cmputo en uno solo.

Septiembre 11, caus que esto cambiara, ya que mltiples centros,pueden proporcionar respaldo de emergencia a servicios crticos.Para respaldo de datos, las empresas tienen lugares retirados con discos,que son actualizados regularmente y que pueden ser accesados en lneao en modo batch.


61/78

Proceso distribuido

Otras organizaciones usan proceso distribuido para recuperarse en casode desastre. Ellas realizan el proceso crtico en forma local ms bien que


continuar in-interrumpidas en caso de desastre en el centro de cmputo.Debido al costo de esta alternativa, por la redundancia de datos,

normalmente se utiliza solamente para aplicaciones que deben continuaroperando, como ejemplo: proceso de rdenes y transaccionesfinancieras.


62/78

Respaldo de comunicaciones

Las compaas manejan el respaldo de las comunicaciones de dosformas:

Duplicando sus instalaciones Utilizando servicios de Carriers


Servidores en una LAN pueden ser usados para respaldar servidores deotras LAN.


63/78

Servicios Integrados

Respaldo completo de las instalaciones del cliente.

Servicios Especializados

Usando recursos externos

Respaldo parcial de las instalaciones del cliente.

Almacenamiento de Datos

Bvedas resistentes al fuego que pueden mantener los datos en lnea.


64/78


65/78

Vulnerability refers to the inability to withstand the effects of a hostileenvironment. A window of vulnerability (WoV) is a time frame within which

defensive measures are reduced, compromised or lacking.

Data Base Vulnerability


66/78

Default, blank, and weak username/password

It might be a daunting task at an organization that has to keep track ofhundreds or even thousands of databases. But removing default, blank and


-

database armor. The bad guys are keeping track of default accounts, andthey'll use them when they can.

, & /


67/78

To create a strong password:

Dont use words that can be easily guessed or found in the dictionary


,Create a complex sentence instead of a wordDo not share your password with anyone or write it down and leave it in yourdesk drawer


68/78

SQL injections

When your database platform fails to sanitize inputs, attackers are able to-


,eventually allowing them to elevate privileges and gain access to a wide

spectrum of functionality. A lot of vendors have released fixes to prevent theseproblems, but it won't do much good if your DBMS remains unpatched.

1000


69/78

For example, the model SQL code might be:

SELECT Count(*) FROM UsersTableWHERE UserName = contents of username textbox

=


When a user enters a valid username, such as Mary and a password ofqwerty, the SQL query becomes:

SELECT Count(*) FROM UsersTableWHERE UserName=Mary

AND Password=qwerty;


70/78

However, if a user enters the following as a username: OR 1=1 -- the SQL

query becomes:

SELECT Count(*) FROM UsersTable

WHERE UserName= OR 1=1 - -


AND Password=;

The expression 1 = 1 is true for every row in the table causing the OR clauseto return a value of true. The double hyphens comment out the rest of theSQL query string. This query will return a count greater than zero,

assuming there is at least one row in the users table, resulting in what

appears to be a successful login. In fact, it is not. Access to the system wassuccessful without a user having to know either a username or password.


71/78

Extensive user and group privileges

Organizations need to ensure privileges are not given to users who will


. ,Rothacker recommends only making users part of groups or roles and

administering the rights through those roles, which can be managedcollectively more easily than if users were assigned direct rights.


72/78

Unnecessarily enabled database features

Every database installation comes with add-on packages of all shapes andsizes that are mostly going to go unused by any one organization. Since thename of the game in database security is to reduce attack surfaces,enterprises need to look for packages that don't use and disable or uninstall


. - ,

but it also simplifies patch management. When it'those packages need thepatching, your organization won't need to scramble.

.


73/78

Broken configuration management

Similarly, databases have a panoply of many different configuration choices-


functionalities. Organizations need to be on the lookout for unsafe

configurations that could be enabled by default or turned on for convenience ofDBAs or application developers.


74/78

Buffer overflows

Another hacker favorite, buffer overflow vulnerabilities, are exploited by


expecting--say, by adding 100 characters into an input box asking for a SSN.

Database vendors have worked hard to fix the glitches that allow these attacksto occur. This is yet another reason why patching is so critical.


75/78

Privilege escalation

Similarly, databases frequently sport common vulnerabilities that allow


and gain access to administrator rights. For example, an attacker might

misuse a function that runs under a sysdba, Rothacker explains. As thesevulnerabilities are uncovered, administrators need to reign them in with timelyupdates and patching.


76/78

Denial-of-service attack

SQL Slammer provided a very illuminating illustration of how attackers can use


.Even more illuminating is the fact that when Slammer went down in 2003, a

patch already was out there that addressed the vulnerability it attacked. Evenseven years later, SQL Slammer is still around and picking on unpatchedservers.


77/78

Unpatched databases

This could be repetitive, but it bears repeating. So many database' '


will break their databases. But the risk of getting hacked today is way higher

than the risk of applying a patch that will go haywire, Rothacker says. Thatmight not have been true five years ago, but vendors have become muchmore rigorous with their testing.


78/78

Unencrypted sensitive data at rest and in motion

Perhaps it is a no-brainer, but organizations should never store sensitive datain clear text within a database table. And all connections to the databaseshould always use encryption.


Encryption is an important part of housing sensitive data. Network traffic

should also be encrypted to ensure that the passwords used to accesssensitive, critical data cannot be seen by traffic.

Any information that goes over the network or stored in the database shouldbe encrypted and kept from prying eyes. Some network configurations anddatabase management systems might allow for critical information to be sent

in clear text. To ensure this doesnt occur, make sure you have the latestversion of software and turn off text indexing.

material clase seg db.pdf

Documents