Bài giảng Bảo mật cơ sở dữ liệu: Security models trình bày các nội dung: Access control, types of Access control, mandatory access control, rules based access control, authentication methods, operating system authentication,... Mời các bạn cùng tham khảo.
Trang 1© FPT Software 1
Giảng Viên: Trần Thị Kim Chi
Operating System Security Fundamentals Tiếp theo bài 1 bắt đầu từ Slide 10
Trang 2d Database Application Security Models
Discretionary/mandatory access control
Trang 3© FPT Software 3
view or use resources in a computing environment.
• Access control systems perform authorization identification, authentication , access
approval, and accountability of entities through login credentials includingpasswords , personal identification numbers (PINs), biometric scans, and physical or electronic keys.
Trang 4© FPT Software 4
Types of Access control
• There are two main types of access control:
Trang 5© FPT Software 5
• Mandatory access control
• Role-based access control
Trang 6© FPT Software 6
Mandatory access control (MAC)
• Mandatory access control (MAC) is a system-controlled policy restricting access to resource objects (such as data files, devices, systems, etc.) based on the level of authorization or clearance of the accessing entity, be it person, process, or device.
• http://searchsecurity.techtarget.com/definition/mandatory-access-control-MAC
Trang 7© FPT Software 7
Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based
on the identity of subjects and/or groups to which they belong The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control )".
• Discretionary access control is commonly discussed in contrast to mandatory access control
(MAC, sometimes termed non-discretionary access control)
Trang 8© FPT Software 8
Role-based access control (RBAC)
• Role-based access control (RBAC) is a method of regulating access to computer or network
resources based on the roles of individual users within an enterprise
• http://searchsecurity.techtarget.com/definition/role-based-access-control-RBAC
• http://
searchsecurity.techtarget.com/tip/Role-based-access-control-for-effective-security-management
Trang 9© FPT Software 9
where business changes trigger the application of Rules , which specify access changes.
• Implementation of Rules Based Access Control systems is feasible so long as the number of
triggering business events and the set of possible actions that follow those events are both small.
• - See more at:
http://hitachi-id.com/concepts/rules_based_access_control.html#sthash.TJMhLiGM.dpuf
Trang 10© FPT Software 10
Authentication Methods
• Authentication:
– Verifies user identity
– Permits access to the operating system
• Physical authentication:
– Allows physical entrance to company property
– Magnetic cards and biometric measures
• Digital authentication: verifies user identity by digital means
Trang 11© FPT Software 11
• Digital token (security token):
– Small electronic device
– Displays a number unique to the token holder; used with the holder’s PIN as a password
– Uses a different password each time
Trang 12© FPT Software 12
Authentication Methods
• Digital card:
– Also known as a security card or smart card
– Similar to a credit card; uses an electronic circuit instead of a magnetic strip
– Stores user identification information
• Kerberos:
– Developed by MIT
– Uses tickets for authentication purposes
Trang 13© FPT Software 13
– Developed by the University of Michigan
– A centralized directory database stores:
• Users (user name and user ID)
Trang 14© FPT Software 14
Authentication Methods
• NTLM:
– Developed and used by Microsoft
– Employs a challenge/response authentication protocol
• Public Key Infrastructure (PKI):
– User keeps a private key
– Authentication firm holds a public key
– Encrypt and decrypt data using both keys
Trang 15© FPT Software 15
• RADIUS: used by network devices to provide a centralized authentication mechanism
• Secure Socket Layer (SSL): authentication information is transmitted over the network in an
encrypted form
• Secure Remote Password (SRP):
– Password is not stored locally
– Invulnerable to brute force or dictionary attacks
Trang 16© FPT Software 16
Authorization
• Process that decides whether users are permitted to perform the functions they request
• Authorization is not performed until the user is authenticated
• Deals with privileges and rights
Trang 17© FPT Software 17
• Many databases (including Microsoft SQL Server
2000) depend on OS to authenticate users
• Reasons:
– Once an intruder is inside the OS, it is easier to access
the database
– Centralize administration of users
• Users must be authenticated at each level
Trang 18© FPT Software 18
User Administration
• Create user accounts
• Set password policies
• Grant privileges to users
• Best practices:
– Use a consistent naming convention
– Always provide a password to an account and force the user to change it at the first logon
– Protect passwords
– Do not use default passwords
Trang 19© FPT Software 19
• Associate login ID with a database user
• Must be member of fixed server roles (SYSADMIN or SECURITYADMIN)
• Two types of login IDs:
– Windows Integrated (trusted) login
– SQL Server login
Trang 20© FPT Software 20
Creating Windows Integrated Logins
• Command line:
– SP_GRANTLOGIN system stored procedure
– Can be associated local, domain, group usernames
• Enterprise Manager:
– Use the Security container
– Logins -> New Login
Trang 21© FPT Software 21
Trang 22© FPT Software 22
Creating SQL Server Logins
• Command line:
– SP_ADDLOGIN system stored procedure
– Password is encrypted by default
– Specify a default database
• Enterprise Manager:
– Security container
– Logins -> New Login
– SQL Server Authentication option
Trang 23© FPT Software 23
• Command line:
– SP_ADDLOGIN system stored procedure
– Password is encrypted by default
– Specify a default database
• Enterprise Manager:
– Security container
– Logins -> New Login
– SQL Server Authentication option
Trang 24© FPT Software 24
Removing Users
• Simple process
• Make a backup first
• Obtain a written request (for auditing purposes)
Trang 25© FPT Software 25
• Command line: SP_DENYLOGIN system stored procedure
• Enterprise Manager:
– Highlight the desired login
– Choose Delete from the Action menu
Trang 26– Increasing a storage quota
• ALTER USER DDL statement
Trang 27© FPT Software 27
• Command line:
– SP_DEFAULTDB system stored procedure
– SP_DEFAULTLANGUAGE stored procedure
• Enterprise Manager:
– Expand the security container
– Select desired login
– Properties (on the Action Menu)
Trang 28© FPT Software 28
Default Users
• Oracle default users:
– SYS, owner of the data dictionary
– SYSTEM, performs almost all database tasks
– ORAPWD, creates a password file
• SQL Server default users:
– SA, system administrator
– BUILT_IN\Administrators
Trang 29© FPT Software 29
Trang 30© FPT Software 30
Database Links
• Connection from one database to another: allow DDL and SQL statements
• Types: PUBLIC and PRIVATE
• Authentication Methods:
– CURRENT USER
– FIXED USER
– CONNECT USER
Trang 31© FPT Software 31
• Connection from one database to another: allow DDL and SQL statements
• Types: PUBLIC and PRIVATE
• Authentication Methods:
– CURRENT USER
– FIXED USER
– CONNECT USER
Trang 32© FPT Software 32
• Allow you to connect to almost any:
– Object Linking and Embedding Database (OLEDB)
– Open Database Connectivity (ODBC)
• OPENQUERY function
• Map logins in your SQL Server instance to users in the linked database
• Remote servers: allow communication using RPC
Trang 34© FPT Software 34
Best Practices
• Follow company’s policies and procedures
• Always document and create logs
• Educate users
• Keep abreast of database and security technology
• Review and modify procedures
Trang 35© FPT Software 35
• For SQL server:
– Mimic Oracle’s recommended installation for UNIX
– Use local Windows or domain Windows accounts
• Block direct access to database tables
• Limit and restrict access to the server
• Use strong passwords
• Patches, patches, patches
Trang 36© FPT Software 36
Best Practices
• For SQL server:
– Mimic Oracle’s recommended installation for UNIX
– Use local Windows or domain Windows accounts
• Block direct access to database tables
• Limit and restrict access to the server
• Use strong passwords
• Patches, patches, patches
Trang 38© FPT Software 38
Best Practices
• Modifying user attributes: ALTER USER DDL statement
• Local database and users
• Remote users
• Database links
• Linked servers
Trang 39© FPT Software 39
• First line of defense
• Dictionary attack: permutation of words in dictionary
• Make hard for hackers entering your systems
• Best password policy:
– Matches your company missions
– Enforced at all level of the organization
Trang 40© FPT Software 40
Defining and Using Profiles
• Profile:
– Describes limitation of database resources
– Defines database users behavior
– Prevents users from wasting resources
• Not offered by every database system:
– Oracle does
– Microsoft SQL Server 2000 does not
Trang 41© FPT Software 41
• Profiles are not available in Microsoft SQL Server 2000 or 2005
• Query and connection time-outs: handled at application level within OLEDB
Trang 42© FPT Software 42
Designing and Implementing Password Policies
• Password is the key to open a user account; strong passwords are harder to break
• User authentication depends on passwords
• Hacker violations begin with breaking a password
• Companies spend on:
– Training
– Education
Trang 43© FPT Software 43
• Set of guidelines:
– Enhances the robustness of a password
– Reduces the likelihood of password breaking
• Deals with:
– Complexity
– Change frequency
– Reuse
Trang 44© FPT Software 44
Importance of Password Policies
• First line of defense
• Most companies invest considerable resources to strengthen authentication by adopting
technological measures that protect their assets
• Forces employees to abide by the guidelines set by the company and raises employee
awareness of password protection
• Helps ensure that a company does not fail audits
Trang 45© FPT Software 45
• Complexity: set of guidelines for creating passwords
• Aging: how long a password can be used
• Usage: how many times a password can be used
• Storage: storing a password in an encrypted manner
Trang 46© FPT Software 46
Implementing Password Policies
• Microsoft SQL Server 2000:
– Integrated server system
– Windows authentication mode
• NTLM:
– Challenge/response methodology
– Challenge is eight bytes of random data
– Response is a 24-byte DES-encrypted hash
Trang 47© FPT Software 47
– Integrated server system
– Windows authentication mode
• NTLM:
– Challenge/response methodology
– Challenge is eight bytes of random data
– Response is a 24-byte DES-encrypted hash
Trang 48© FPT Software 48
Implementing Password Policies
• Kerberos:
– A key known by client and server encrypts handshake data
– Requires a Key Distribution Center (KDC)
– Tickets
– Time must be synchronized networkwide
Trang 49© FPT Software 49
Trang 51© FPT Software 51
• Permit or deny access to data or to perform database operations
• In Oracle:
– System privileges:
• Granted only by a database administrator
• Granted by a user with administration privileges
– Object privileges:
• Granted to a user by the schema owner
• Granted by a user with GRANT privileges
Trang 52© FPT Software 52
Granting and Revoking User Privileges
• In SQL Server (4 levels); system/server privileges:
Trang 53– Grant permission using the GRANT statement
– Revoke permission using the REVOKE statement
– Enterprise Manager
– Deny permission using the DENY statement
Trang 54© FPT Software 54
Granting and Revoking User Privileges
Trang 55© FPT Software 55
Trang 56© FPT Software 56
Granting and Revoking User Privileges
Trang 57© FPT Software 57
• In SQL Server:
– Table and database objects privileges:
• GRANT, REVOKE, and DENY
• EXECUTE permission
• Enterprise Manager (3 methods)
– Column privileges:
• GRANT, REVOKE, and DENY
• Enterprise Manager (2 methods)
Trang 58© FPT Software 58
Creating, Assigning, and Revoking User Roles
• Role:
– Used to organize and administer privileges
– It is like a user, except it cannot own object
– Can be assigned privileges
– Can be assigned to users
Trang 59© FPT Software 59
• In SQL Server; user-defined roles:
– Standard and application
– Create roles using SP_ADDROLE system-stored procedure
– Add members to a role using SP_ADDROLEMEMBER stored procedure
– Drop members from a role using SP_DROPROLEMEMBER stored procedure
Trang 60© FPT Software 60
Creating, Assigning, and Revoking User Roles
• In SQL Server (continued):
– User-defined roles (continued):
• Drop roles using SP_DROPROLE stored procedure
• Use Enterprise Manager
– Fixed server roles:
• Cannot be modified or created
• Add member to a role using SP_ADDSRVROLEMEMBER stored procedure
Trang 61© FPT Software 61
Trang 62© FPT Software 62
Creating, Assigning, and Revoking User Roles
• In SQL Server (continued):
– Fixed server roles (continued):
• Drop members from a role using SP_DROPSRVROLEMEMBER stored procedure
• Use Enterprise Manager
– Fixed database roles:
• Cannot be modified
• Give access to database administrative tasks
• Add members to a role using SP_ADDROLEMEMBER stored procedure
Trang 63© FPT Software 63
Trang 64© FPT Software 64
Creating, Assigning, and Revoking User Roles
• In SQL Server (continued):
– Fixed database roles (continued):
• Drop members from a role using SP_DROPROLEMEMBER stored procedure
• Use Enterprise Manager
– Public database role:
• Cannot be dropped
• Users automatically belong to this role
• Users cannot be dropped
Trang 65© FPT Software 65
• Develop a secure environment:
– Never store passwords for an application in plaintext
– Change passwords frequently
– Use passwords at least eight characters long
– Pick a password that you can remember
– Use roles to control and administer privileges
– Report compromise or loss of a password
– Report any violation of company guidelines
Trang 66© FPT Software 66
Best Practices
• Develop a secure environment (continued):
– Never give your password to anyone
– Never share your password with anyone
– Never give your password over the phone
– Never type your password in an e-mail
– Make sure your password is complex enough
– Use Windows integrated security mode
– In Windows 2000/3 domain use domain users and take advantage of Kerberos
Trang 67© FPT Software 67
• When configuring policies:
– Require complex passwords with special characters in the first seven bytes
– Require a password length of at least eight
– Set an account lockout threshold
– Do not allow passwords to automatically reset
– Expire end-user passwords
– Do not expire application-user passwords
– Enforce a password history
Trang 68– Enhances password robustness
– Reduces likelihood of password breaking
Trang 70© FPT Software 70
Best Practices
• GRANT and REVOKE
• Role is used to:
– Organize and administer privileges in an easy manner
– Role is like a user but cannot own objects
– Role can be assigned privileges
– GRANT and REVOKE
• Best practices for developing a secure environment
Trang 71© FPT Software 71
• Tool must widely used by public
• May be the tool must frequently used by hackers:
Trang 72– Do not configure e-mail server on the same machine were sensitive data resides
– Do not disclose technical details about the
e-mail server
Trang 73© FPT Software 73
• Common threats:
– File permission
– File sharing
• Files must be protected from unauthorized reading and writing actions
• Data resides in files; protecting files
protects data
Trang 74© FPT Software 74
File Permissions
• Read, write, and execute privileges
• In Windows 2000:
– Change permission on the Security tab
on a file’s Properties dialog box
– Allow indicates grant
– Deny indicates revoke