Databases Reference
In-Depth Information
ronb 16256 0.0 0.2 2736 1424 pts/5 S 11:07 0:00
isql -Usa -S eagle
5.1.2
Implementation options: Knowing and
controlling how database logins are used
The first step in addressing vulnerabilities associated with lax protection
of database password information is knowing who is accessing your data.
You should start by creating a report showing which database usernames
are being actively used, what IP addresses are connecting using these user-
names, and what applications are being used to access the database. The
applications sometimes map to executables and sometimes to drivers; in
both cases I refer to them as source programs. I usually recommend also
showing the number of database sessions each such entry produces over
timeā€”it helps identify which access points are the main application tun-
nels. Figure 5.2 shows an example of such a report (the usernames have
been somewhat blurred so as not to reveal any information that might be
useful to a hacker).
This report can help you in several ways:
1.
It shows you who is accessing your database
. You can then use this
information to find application owners and schedule reviews of
how passwords are being stored in each one of these client
machines. Without this information you can never know when
you've covered all places that store your database passwords. You
should pursue each such access point and review where and how
the passwords are stored. While this may be difficult and take a
long time because you will need to work with others who may
not be part of your group, this is the only way you can be assured
that there are no gaping holes.
2.
Once you have cataloged all access points, use this report as a baseline
.
This means either periodically producing this report and compar-
ing it with the original (the baseline) to look for new access
points, or creating a real-time alert that notifies you when a new
access point suddenly appears. Such a new access point can mean
one of two things, both of which may require your attention:
The first is a new application or client that legitimately is using
this database user. Examples of such cases can include upgrades
to the database drivers, application servers, change in tools, or
new modules/programs being installed. In all cases you should
Previous Page
Next Page
Implementing Database Security and Auditing
Search WWH ::




Custom Search
Home