Databases Reference
In-Depth Information
Mobile databases have their own potential vulnerabilities that can
include the ones you are already aware of as well as others. As an
example, NGS Software published a series of vulnerability notes in
Dec 2003 about Sybase Anywhere 9 (see www.securitytracker.com/
alerts/2003/Dec/1008435.html). Incidentally, mobile databases are
usually less prone to a network attack by a sophisticated attacker.
Securing the data on the mobile unit is not really a database issue and
needs to be fully addressed at the operating system level. However,
you can use encryption of data at rest, as described in Chapter 10.
Using extract and load scripts with good validation is better than
using naïve replication because you can combat or at least identify
bad data.
You
must
document and monitor all of these data paths into your
database, because this is certainly a “back-door” type access into your
core database.
8.7
Summary
In this chapter you learned that securing database access means more than
monitoring “front-door” connections. You learned that many database
environments implement distributed data and that numerous architectures
support replication, log shipping, and database links/synonyms/nicknames.
In fact, the section describing replication is the largest single topic in the
SQL Server 2000 Reference Library.
Because replication tends to be fairly complex and because many sophis-
ticated environments with valuable data employ some form of database-to-
database communications, an attacker may choose to use this back door to
the data. In addition, because of the complexity of replication, many secu-
rity issues can result from mistakes in configuration or not-so-best practices.
Therefore, don't forget to watch these access paths into your database when
putting a full security blueprint in place.
In the next chapter you will learn about additional back doors (or per-
haps a more appropriate name is hidden doors) into the database: Trojans
that may be created by malicious attackers or inexperienced developers to
be used later in an attack.
Search WWH ::
Custom Search