Databases Reference
In-Depth Information
both. Also, you will see sessions that are initiated by clients running from
a database host—e.g. the use of Enterprise Manager running on host A
connecting to a database instance running on host B.
In addition to monitoring database-to-database communications, you
should create a baseline for such interaction and monitor divergence closely.
People do not use features such as OPENROWSET for ad hoc reporting
within business applications. People usually connect directly to a database
as opposed to connecting to one instance in order to make a query to
another instance. Therefore, database-to-database communications that is
part of an enterprise architecture can be legitimate but is unlikely to
change. If it does, it is a strong indication of something going wrong, and
you should investigate it closely.
8.2
Secure database links and watch for link-based
elevated privileges
Links allow you to expose objects from one database to another database.
They provide flexibility in that objects from one database are accessible to
clients connected to another database, as shown in Figure 8.2. In this figure,
the client accessing database A can issue queries that really use table T2,
which is stored in database B. The client is not aware that T2 really lives in
database B.
A client can transparently issue a query that uses both tables in database
A and tables that physically reside in database B. The client is oblivious to
the actual location of the tables. When the query is handled by database A,
the database engine makes a request on database B. From the perspective of
database B, this is a request like any other—it comes from the network,
needs to be authenticated and authorized, and the response sent back. The
main difference from a security perspective (and the place where bad prac-
tices may prevail) has to do with the fact that the connection to database B
may not be using the client's credentials; they may be using credentials
assigned when the link is created. All clients that use this link will do so
using the link's credentials, and if lax authorization exists in the assignment
of the links, this can result in overexposure of database B.
To create links you use the database administration tools or your favorite
SQL command line/tool. Tools include Oracle's Net Manager, shown in Fig-
ure 8.3. You can add, remove, and query all database links using this tool.
To add a link in SQL Server, open the Enterprise Manager and navigate
to your server in the tree pane. Then open the Security folder and the
Search WWH ::
Custom Search