Cryptography and System Security- Assignment 1
THREATS VULNERABILITIES AND CONTROL IN MYSQL
MySQL is a relational database management system that runs as a server providing multi-user access to a number of databases. SQL was developed to operate on data in databases that follow a particular relational model. It is a programming language that deals with data, that is, for querying, modifying and managing data. Vulnerability is a weakness in the system that makes it prone for attack. Threat is a danger that might exploit a vulnerability and cause security issue. Critical vulnerabilities affecting the MySQL, can lead fully compromise of servers. The flaws could be exploited by attackers to arbitrary code execution, root privilege escalation and collecting sensitive information. Here the various threats, vulnerabilities affecting MySQL database is studied and the control measures for the same is understood.
A high amount of research and work is done in the security attack of MySQL and the various threats and vulnerabilities involved in it. Vulnerabilities affecting Web server applications are climbing and so are the attacks, both evidenced by this year’s automated SQL injection attacks. Security threat landscape is predominantly characterized by the following: Malicious activity has become Web-based , Attackers targeting end users instead of computers, Underground economy consolidates and matures, Rapid adaptability of attackers and attack activity.
The paper presented by SANS Institute Reading Room talks about SQL Injection: Modes of Attack, Defence, and Why It Matters. MySQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete system compromise. It later talks about database foot printing: – To be successful, an attacker will first need to map out the tables on the database, a process called database foot printing. The method chosen to do this will depend on how poorly configured the server is.
Common Weakness Enumeration on MySQL: Improper Authorization
The software does not perform or incorrectly performs an authorization check when someone attempts to access a resource or perform an action. Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user’s privileges and any permissions or other access-control specifications that apply to the resource. When access control checks are not applied consistently – or not at all – users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution.
SQL injection attacks pose a serious security threat to Web applications: they allow attackers to obtain unrestricted access to the databases underlying the applications and to the potentially sensitive information these databases contain. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database. It is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution
SQL injection is one type of web hacking that requires nothing but port 80.
The cause of SQL injection threat is relatively simple and well understood: insuf?cient validation of user input. The extent of injection attack depends on injection mechanism and alternate encoding decoding techniques.
An example of MySQL injection attack:
$name = “pragnya”;
$query = “SELECT * FROM customers WHERE username = ‘$name'”;
echo “Normal: ” . $query . “<br />”;
// user input that uses SQL Injection
$name_bad = “‘ OR 1′”;
// our MySQL query builder, however, not a very safe one
$query_bad = “SELECT * FROM customers WHERE username = ‘$name_bad'”;
// display what the new query will look like, with injection
echo “Injection: ” . $query_bad;
Normal: SELECT * FROM customers WHERE username = ‘pragnya’Injection: SELECT * FROM customers WHERE username = ” OR 1”
The normal query is no problem, as our MySQL statement will just select everything from customers that has a username equal to pragnyaHowever, the injection attack has actually made our query behave differently than we intended. By using a single quote (‘) they have ended the string part of our MySQL query
username = ‘ ‘ and then added on to our WHERE statement with an OR clause of 1 (always true). username = ‘ ‘ OR 1. This OR clause of 1 will always be true and so every single entry in the “customers” table would be selected by this statement. So user credentials could be easily fetched.
Excessive privileges: When workers are granted default database privileges that exceed the requirements of their job functions, these privileges can be abused. The employee could access data of others.
Legitimate privilege abuse: Users may abuse legitimate database privileges for unauthorized purposes.
Malware: A perennial threat, malware is used to steal sensitive data via legitimate users using infected devices.
Storage media exposure: Backup storage media is often completely unprotected from attack as a result, numerous security breaches have involved the theft of database backup disks and tapes.
Unmanaged sensitive data: Many companies struggle to maintain an accurate inventory of their databases and the critical data objects contained within them. Forgotten databases may contain sensitive information, and new databases can emerge without visibility to the security team. Sensitive data in these databases will be exposed to threats if the required controls and permissions are not implemented.
Cross-site scripting (XSS) vulnerability in the command line client in MySQL occurs when the html option is enabled, allowing attackers to inject arbitrary web script or HTML by placing it in a database cell, which might be accessed by this client when composing an HTML document. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Cross-site scripting carried out on websites accounted for roughly 84% of all security vulnerabilities.
Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Access control involves the use of several protection mechanisms such as: Authentication (proving the identity of user) ,Authorization (ensuring that a user can access a resource), and Accountability (tracking of activities performed)
When any mechanism is not applied or otherwise fails, attackers can compromise the security of the software by gaining privileges, reading sensitive information, executing commands, evading detection, etc. There are two distinct behaviours that can introduce access control weaknesses:
Specification: incorrect privileges, permissions, ownership, etc. are explicitly specified for either the user or the resource.
Enforcement: the mechanism contains errors that prevent it from properly enforcing the specified access control requirements. This problem occurs within the program itself, in that it does not actually enforce the intended security policy that the administrator specifies.
Default, blank, and weak username/password :
It might be a difficult task at an organization that has to keep track of hundreds or even thousands of databases. But removing default, blank and weak log-in credentials is an important first step for filling chinks in your database armour. The hackers are keeping track of default accounts, and they’ll use them when they can.
Unencrypted sensitive data at rest and in motion
Organizations should never store sensitive data in clear text within a database table. And all connections to the database should always use encryption.
Unnecessarily enabled database features
Every database installation comes with add-on packages of all shapes and sizes that are mostly going to go unused by any one organization. Since the name of the game in database security is to reduce attack surfaces, enterprises need to look for packages that don’t use and disable or uninstall them. This not only reduces risks of zero-day attacks through these vectors, but it also simplifies patch management.
DBMS is used to manage the backend databases and websites. The vulnerability allows an attacker to create the MySQL configuration file without having the privileges to do so, effectively taking over the server.Via an existing SQL injection vulnerability. An attacker can use this to modify the msyqld configuration file or run arbitrary remote code on the database server.
The vulnerability is tied to the unsafe file handling of error logs and other files. Assuming an attacker has already gained MySQL system user access, they could further escalate their privileges on the system as root user. The error.log file is the crux of the problem here; because of the way it behaves, it performs unsafe file operations that can allow it to be removed and quickly replaced with an arbitrary system file, something that opens the door to root privileges.
Buffer overflow allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name. The first vulnerability is due to the improper handling of HTTP GET requests. A remote attacker could submit a malformed GET request containing a percent character ( % ) to cause a buffer overflow.
A defensive matrix of best practices and internal controls is needed to properly protect databases. This matrix includes:
Assessing for any database vulnerabilities, identifying compromised endpoints and classifying sensitive data.
Managing user access rights and removing excessive privileges and dormant users.
Monitoring all database access activity and usage patterns in real time to detect data leakage, unauthorized SQL and big data transactions, and protocol and system attacks.
Blocking malicious web requests.
Automating auditing with a database auditing and protection platform.
Archiving external data and encrypting databases.
Passwords can be written as plain text in SQL statements such as CREATE USER, GRANT, SET PASSWORD, and statements that invoke the PASSWORD () function
MySQL lists user accounts in the user table of the mysql database. Each MySQL account can be assigned a password, although the user table does not store the cleartext version of the password, but a hash value computed from it.
In other words, the server checks hash values during authentication when a client first attempts to connect. The server generates hash values if a connected client invokes the PASSWORD() function or uses a password-generating statement to set or change a password.
Make sure that the only Unix user account with read or write privileges in the database directories is the account that is used for running mysqld.
If you do not trust your DNS, you should use IP addresses rather than host names in the grant tables. In any case, you should be very careful about creating grant table entries using host name values that contain wildcards.
Use original and difficult to guess table and column names
Set length limits on any form fields on your site and don’t use real column names
Validate all your data on the server side at a minimum for content, length and format Audit your code
Lockdown your server
MySQL includes several plugins that implement security features:
Plugins for authenticating attempts by clients to connect to MySQL Server. Plugins are available for several authentication protocols.
A password-validation plugin for implementing password strength policies and assessing the strength of potential password.
Keyring plugins that provide secure storage for sensitive information.
Taking the appropriate measures to protect backup copies of sensitive data and monitor your most highly privileged users is not only a data security best practice, but also mandated by many regulations.
Capture database audit logs across all databases without impacting system performance and provide a means to alert based on events in the logs.
The main goal is to protect against the constantly increasing number of security threats. The solution provided a wide range of security features that addressed critical use cases such as audit database usage, enforce policies to prevent unauthorized access, controls and reporting for security and data privacy regulations and compliance. Addressing network-level security helps avoid ongoing threats and eliminate system vulnerabilities.