An Organization External Threats And Preventive Measures

An organization can benefit tremendously by implementing the robust database security strategy:

• Improve the market presence and gain customers’ confidence
• Eliminates any legal issues if data security and integrity is breached.

Implementation of Database Security

As we discussed previously how important is the database security, the implementation of the same is not just carrying out one single step. It is a tedious task for a database administrator to implement security measures as the type of security measure varies depending upon the type of threat, hence before looking for a preventive measure an administrator has to first find the answer for the question “what asset is at risk?”. The threats to the database security can be categorized as:

1. External threats
2. Internal threats.

Let’s discuss the most common types of external threats and the possible preventive measures for the same.

SQL Injection: As the name suggest this type of attack involves tinkering the structure of SQL executed on a database such as Oracle, Microsoft SQL. This is the most common database vulnerability taken advantage of by the hackers to retrieve sensitive information. In this type of attack the front-end of an application is compromised to retrieve the information stored in the database connected to that application, to change the state of the information by pushing some inappropriate data into the database tables or deleting the data thus violating data integrity. It is the common practice in web development to generate SQL queries based on the input provided by the user in to input fields on a web page. If a web page lacks proper input validation and input format checking, then it is susceptible to injection of malicious SQL scripts by a hacker. When such SQL query gets executed against a database it provides the access of the database information to the hacker without even going through any kind of database authentication or authorization. This type of SQL injection attack is referred to as “authentication bypass”.

In April 2014, Ponemon institute released their report “The SQL Injection Threat Study” which listed their findings about the perception that various organizations have about the SQL Injection attack and the actions taken by them to combat the situation. The findings were based on the survey undertaken by 595 employees working in IT or IT Security. Ponemon institute states that at least 65 percent of the organizations agreed that in the past they had suffered SQL Injection and 31 percent out of 65 organizations believed that their security administrators were not efficient enough to prevent the attack from happening or could not report the occurrence of attack within no time. Let’s understand SQL injection by the help of an example.

Imagine XYZ pty ltd is an online legal agency and its clientele consists of various reputed accountancy and law firms. These accountants and lawyers use XYZ’s online service to register companies, trusts and superannuation trusts for themselves or their own clients. XYZ offers free sign up to their portal. An attacker signs up to XYZ website and navigates to the search page to search a product. The attacker has no intent to search for a product to order rather it wishes to access grab any kind of confidential information which might reap him fruits.

Following preventive techniques should be incorporated by the developers to mitigate the SQL injection attacks:

• Always validate the input data to match the expected date format. Take advantage of “whitelisting” which means limiting the input to the expected characters such as alphabets, numbers only.
• Create parameterized dynamic queries instead of concatenation of input data straightaway.
• Prefer using stored procedure instead of inline SQL queries.

Denial of Service (DoS) attack

The denial of service attack refers to a situation in which the attacker inundates the server with deluge of request whereby utilizing all the server resources and rendering the server unavailable to the intended users as well. When the attackers utilize different machines/software located at different location to such a bottleneck situation then it is referred to a Distributed Denial of Service (DDoS) attack.

The DoS or DDoS can be prevented by implementing firewalls or taking advantage of some third-party software which might be an expensive solution.

Weak authentication

The weak authentication implies that the username and password combinations are weak enough to be figured out by an attacker by trying to enter various combinations again and again. This is a “brutal force” strategy where an attacker can repeatedly enter various username/password manually or using some sort of unethical software program. In another way the attacker gains access to a legitimate account by sneaking under the nose of an authorized user.

Some of the preventive measure that can be implemented are:

1. Enforcing strong password policy and encouraging users to change their passwords frequently.
2. Allowing only minimum attempts to login into the system, after which lock out the account.
3. Encouraging users to lock the system when they leave their desk and implementing computer settings to lock after certain interval of inactivity.
4. Encouraging users to guard their sensitive information and not to share with their fellow colleagues as well.
5. Implementing security cameras to track unauthorized human activities.

Malware

Malware is a malicious software such as a virus, a spyware, any software used by hijackers which get installed on your computer along with the software you really meant to install on your computer. Such software then infiltrates your computer and try to get access to your sensitive information such as stored password or other accounts. The solution against malware attack would be to install antiviruses, firewalls, encrypt the data and storage files, frequent database patches.