Data and network security the basic concept of firewall
- 1. Use firewalls • Firewalls can help to limit access to database. • Either conventional firewall or a specialized SQL firewall can be used. • In conventional firewall, only filter of IP addresses and ports therefore it can only help with addresses that exist in the TCP/IP header • SQL firewalls, can set policies that are based not only on IP addresses but also on SQL commands, database users, application types, and database objects. • More about SQL firewalls in Chapter 5. • In an Oracle environment sometimes it redirects traffic—after the client engages the listener, it may be told to redirect to another port on which the rest of the session will occur. • Choosing a firewall that supports SQL*Net/Net8/Net9 redirection resolves the problem – the firewall will inspect the packet payload and look for the port that the client is being told to move to, and then will dynamically open that port for this client only.
- 2. Summary • Focus on Database Security: The chapter emphasizes the importance of securing a database, which is essentially a set of services open to the network, waiting to respond to requests. • Understanding Attacks: Hackers can exploit weaknesses in these services by sending incorrect (malformed) requests to specific network "ports" (digital entry points) where the database listens for incoming data. • Reduce Exposure: By turning off any unused services and network options, you reduce the chances of hackers exploiting them. If you’re not using something, it’s best to disable it to keep it from becoming a security risk. • Monitor and Analyze Continuously: It’s crucial to regularly monitor and analyze all active ports, services, and security settings to prevent any potential misuse or attack. • Networking Layer Focus: This chapter specifically looked at the "networking layer" of the database, which is the part that listens and responds to data requests.
- 3. network access map for database environment • Networking and database teams might not communicate often: – many companies, network engineers (who manage routers, firewalls, and VLANs) and database administrators (DBAs) are different groups. – the database owner, may not be familiar with how the network is set up (like which VLANs or routing rules affect your database). • Risk of mutual ignorance: – Networking staff may not know exactly what your database needs, and you might not understand network topologies (how everything is connected). – This lack of communication can lead to security risks or performance issues if something is misconfigured. – To keep your database environment secure and running smoothly, you must understand how the network is configured and what can access the database. • Even if networks are complicated, both the network and database teams need to work together to avoid security gaps and ensure everything works properly.
- 4. network access map for database environment • Network diagram is extremely useful because it allows you to quickly verify that your database is being accessed from appropriate applications and/or people. • However, like network diagrams, they can become unwieldy when you try to cram too much information on a single page – Overcrowded Connections:If there are many lines showing connections between endpoints, the diagram becomes cluttered. It’s hard to tell which devices connect to which database or how data flows. – Too Many Endpoints:Ï'dIf every server, application, or user device is shown individually, the diagram becomes too detailed. Readers can get lost trying to follow all the elements. – Complex IP Address Listings:Ï'dShowing every IP address or subnet can overwhelm the viewer. Identifying patterns or critical access points becomes challenging when too much technical detail is presented at once. – Overlapping Information:Ï'dLines may cross or overlap, making it hard to trace connections correctly. You might accidentally misread a connection or skip an important one. – Lack of Focus:Ï'dWhen the diagram includes all connections at once, important details (like high-risk paths) may get buried in the noise. This makes it difficult to identify critical areas that need attention. • How It Impacts Usability:Ñ – .Slower decision-making: It takes longer for administrators to find relevant information.Ò – .Higher chance of errors: Misinterpreting connections or missing critical relationships can lead to mistakes. – Ó.Hard to troubleshoot: Pinpointing a problem in a sea of connections becomes time-consumingÏ'd • Solution is using tabular reports
- 5. Track tools and applications • 1. Know What’s Accessing Your Data: Track which tools, versions, and software are accessing your database to keep things secure.Ï'dÒ. • Separate Access Types: Different types of users and tools (like developers vs. regular users) can be separated, so it’s easier to spot unusual or unauthorized access.Ï'dÓ. • Better Security Tracking: By tracking where people are connecting from and what tools they’re using, you can better understand who is doing what and where they are.
- 6. the importance of tracking and auditing • . Tracking Actions, Not Just Connections: When auditing database activity, it’s useful to go beyond just knowing who connected. You also want to see what commands or actions were actually performed during each session.Ï'dÒ • Accessing Command History: To check what was done, you’ll need access to specific database tables or views (like V$SQL in Oracle or dbcc inputbuffer in SQL Server) that store records of the commands executed.Ï'dÓ. • Using Built-In Monitoring: For simpler cases where only connection info is needed, most databases offer built-in tools for tracking connections, events, and other activities.Ï'dÔ. • Challenge with Internal Tables: These internal tables update frequently, so capturing a snapshot of activity at any moment can be challenging.
- 7. Use port scanners • 1. Closing Unnecessary Ports: • Ï'dIt’s good practice to turn off any communication methods (protocols) and network ports that aren’t needed. Each open port is a possible way for hackers to access the system, so closing unnecessary ones helps make the system safer.Ò. • Using Port Scanners:Ï'dJust as hackers use tools called port scanners to find open ports and services on a network, administrators should also use them to see what’s open on their own systems.Ï'dThis helps administrators know exactly what services are accessible and may need to be secured or turned off.Ó. Examples of Common Database Ports:Ï'd • For example, SQL Server uses port 1433 by default, but many administrators might not realize that another port, 1434 (UDP), is also open and could be exploited if not secured.Ï'd4 • Oracle Database Ports:Ï'dThe table shown lists common ports for Oracle databases: • Ï'dPort 1521: Used by the Oracle Listener, which manages incoming connections. • Ï'dPorts 1522–1540: Often used for the same purpose if multiple listeners are configured.Ï'd • Port 1575: Used by the Oracle Names Server, a service that helps in identifying database locations. • two tools you should know about. – Netstat – nmap
- 8. Secure services from known network attacks • many network services within databases are particularly vulnerable because they often use networking modules that hackers can exploit through network attacks. This is why network security is a major focus in cybersecurity. • Network techniques are common among hackers because the network is relatively accessible and because many software modules that interface to the network can be attacked by sending data packets that are malformed, that exploit a bug, or that use a built-in feature in a way that was not ever considered. • SQL Slammer
- 9. SQL slammer • Aliases : SQL Slammer, sapphire, W32.SQLExp.Worm • Released : Jan 2003 • Worm – Fastest worm in history – Spread world-wide in under 10 minutes – Doubled infections every 8.5 sec – 376 byte long • Platform: Microsoft SQL Server 2000 • Vulnerability : – Target port 1434(SQL monitor) – Causes Buffer overflow – Obtains windows API func generator – Initialize pseudo random number generator – Continuously sends itself via UDP packets to random IP addresses • Infected 2 lacs systems, disabled SQL server databases on infected machines, saturated world network with tfc and Disrupted internet contv world-wide • Damages : 13000 bank of America ATMs stopped working, airport check in kiosk stopped working
Editor's Notes
- #1: On the other hand