D A T A B A S E S E C U R I T Y
Home Lesson
Malware Injection Denial of Service Weak Authentication Sensitive Data Exposure Privilege Database Abused
Access Control Inference Policy User Identification Accountability And Auditing Encryption

Two Equal Columns

PRIVILEGE DATABASE ABUSED

Privileges of databases can be abused in many ways. Users may abuse privilege for unauthorized purposes.

Privilege abuse comes in different flavours:

    1. Excessive privilege abuse.
    2. Legitimate privileges abuse.
    3. Privilege Elevation.

Excessive privilege abuse.

When users (or applications) are granted database access privileges that exceed the requirements of their job function, these privileges may be abused for malicious purpose.

Scenario #1 : A university administrator whose job requires only the ability to change student contact information may take advantage of excessive database update privileges to change grades

Countermeasure - Query-Level Access Control

  • The solution to excessive privileges is query-level access control.
  • Query-level access control refers to a mechanism that restricts database privileges to minimum-required SQL operations (SELECT, UPDATE, etc.) and data.


    • Legitimate privileges abuse.

    Users may also abuse legitimate database privileges for unauthorized purposes.

    Scenario #2 : Consider a hypothetical rogue healthcare worker with privileges to view individual patient records via a custom Web application. The structure of the Web application normally limits users to viewing an individual patient’s healthcare history – multiple records cannot be viewed simultaneously and electronic copies are not allowed. However, the rogue worker may circumvent these limitations by connecting to the database using an alternative client such as MS-Excel. Using MS-Excel and his legitimate login credentials, the worker may retrieve and save all patient records.

    It is unlikely that such personal copies of patient record databases comply with any healthcare organization’s patient data protection policies. There are two risks to consider. The first is the rogue worker who is willing to trade patient records for money. The second (and perhaps more common) is the negligent employee that retrieves and stores large amounts of information to their client machine for legitimate work purposes. Once the data exists on an endpoint machine, it becomes vulnerable to, Trojans, laptop theft, etc.

    Countermeasure - Understanding the Context of Database Access

  • The solution to legitimate privilege abuse is database access control that applies not only to specific queries as described above, but to the context surrounding database access. By enforcing policy for client applications, time of day, location, etc., it’s possible to identify users who are using legitimate database access privileges in a suspicious manner

    • Privilege Elevation

    Attackers may take advantage of database platform software vulnerabilities to convert access privileges from those of an ordinary user to those of an administrator. Vulnerabilities may be found in stored procedures, built-in functions, protocol implementations, and even SQL statements

    Scenario #3 : A software developer at a financial institution might take advantage of a vulnerable function to gain the database administrative privilege. With administrative privilege, the rogue developer may turn off audit mechanisms, create bogus accounts, transfer funds, etc

    Countermeasure - IPS and Query Level Access Control

  • Privilege elevation exploits can be prevented with a combination of traditional intrusion prevention systems (IPS) and query-level access control (see Excessive Privileges above).
  • IPS inspects database traffic to identify patterns which correspond to known vulnerabilities.
  • For example, if a given function is known to be vulnerable, then an IPS may either block all access to the vulnerable procedure, or (if possible) block only those procedures with embedded attacks.
    • source : https://schell.com/Top_Ten_Database_Threats.pdf