CISSP Security of the Software Environment – Bk1D8T2St1P2

CISSP Security of the Software Environment in this explain how to secure database , types of databases and which software and hardware application are using in it.

Databases and DBMSs

Database is a structured collection of data held in a computer system. This structured collection of data provides information in a model form to an information  system that is meaningful for its use. An example model form of database information could be, in the case of a structured SQL database, a table of user data for a program   to use.

A database management system (DBMS) is a software application that manages databases and provides an interface to users to interact with its databases. A DBMS allows for the definition, creation, querying, update, and administration of databases.

A database is strongly associated with the DBMS that created it. Standards such as SQL provide some degree of interoperability between DBMSs. Protocols such as Open Database Connectivity (ODBC) or Java Database Connectivity (JDBC) allow applications to use DBMS functionality.

DBMS functionality falls into four main classifications:
  • Data definition, which allows for the creation, modification, and removal of database definitions
  • Update, which facilitates the insertion, modification, and deletion of the actual data
  • Retrieval, which provides information in a form that is usable to the calling environment
  • Administration, which facilitates the registering and monitoring users, enforces to apply data security, monitors performance, maintains data integrity, manages concurrency control, and provides recovery of information in the case of an unexpected system software failure
Capabilities

A DBMS provides a data definition language (DDL), a data manipulation language (DML), and a data dictionary.

The data definition language, also known as the data description language, is used to create and modify database objects in a database. These database objects subject to the DDL between varying DBMS models, but for instance, in the relational database model, these objects would include views, schemas, tables, indexes, and so on.

The data dictionary contains a database’s metadata. It is a collection of information about the database, such as data ownership, data description, relationships to other data, origin, usage, and format. Because of this metadata, it is a critical aspect of the DBMS and typically used only by database administrators.

The data manipulation language allows users to manipulate data in a database. DML typically facilitates inserting data into database tables, retrieving data from database tables, deleting data from existing tables and modifying data. SQL is the best known DML.

Database Transactions and ACID

Operations performed on the database through the DBMS interface are defined by a control structure called a transaction. A transaction is a sequence of operations such as insert, update, or delete that a DBMS executes as a single logical unit of work against  a database. Thus, a transaction is a general representation of any independent change made to a database. A valid transaction must exhibit atomicity, consistency, isolation, and durability, which are commonly referred to together as ACID.

The ACID characteristics are necessary for reliable data management. When a data- base possesses these characteristics, it is considered to be ACID-compliant. Why are these characteristics essential to reliable data management? Let’s examine each of the ACID characteristics in more detail.

Atomicity is a requirement that all data modifications must be “all or nothing.” When a transaction is executed against a database, either all or none of the transaction’s constituent operations will be committed to the database. With atomicity, there are no partial changes. If one part of the transaction fails, the entire transaction fails. Atomicity holds in the presence of deadlocks, software failure, hardware failures, and application failures.

Consistency is the requirement that a database transaction must only change its subject data in ways that are valid according to all defined rules, constraints, cascades, and triggers, and that the representation of data in the database is uniform per transaction where every read has the data from the most recent write.

Isolation requires that multiple simultaneous transactions do not impact each other’s execution and individual end state. The DBMS manages multiple simultaneous transactions against a database. Isolation only ensures that transactions will not interfere with each other and not the order in which transactions will execute.

Durability ensures that all transactions committed to the database are recorded, persistent, and stable. Database backups and transaction logs are used to ensure that no transactions are lost.

Database Normalization

Central to the use of a DBMS is how it organizes the data that it maintains. This concept is known as database normalization. Database normalization comes from the relational database model and describes how formally the data is organized against criteria of standard structures known as normal forms. These normal forms define requirements for data to be primarily referenced, nonduplicative, and independent of other data.

The main objectives of normalization are to reduce data duplication and improve data integrity.

You may already be familiar with the structures that the normalization process uses to organize data to achieve these goals. Data is organized into what is known as a schema of tables, with each table representing a collection of related data. Columns and rows organize data in tables. Columns distinguish separate data attributes that are associated with the others in the table. A row associates these attributes into a logical grouping of data known as a set.

The concept of a key is used to distinguish these sets of data and rows (or data rows), and thus reduces data duplication. Keys are data elements, often unique among their group, that are used to both identify and look up rows of data. There are different types of keys; however, for the purposes of this discussion, the most common types of keys are primary keys and foreign keys. A primary key is the unique data attribute that identifies the row. Foreign keys are used to maintain references, known as relations, between the data in rows of one table and the data in rows of another table.

Relating data among tables in this fashion also reduces data duplication because the relation allows for each of the data elements represented in tables throughout the schema to be associated and meaningfully referenced with other data without necessarily having to duplicate the data to make these connections. Here is where we return the discussion   to normal forms.

The normal forms of how data is structured formalize how data is organized to reduce data duplication and improve data integrity.

A variety of normal forms have been defined. The most commonly used of these normal forms are unnormalized, first normal form, second normal form, and third normal form. Unnormalized data does not  have any  relationships with other tables   and often has redundant data and multiple data elements grouped into single columns. This actually can provide an advantage in that queries to the data are simpler    and thus may be faster compared against querying more normalized data. Fast queries are an advantage when serving data on an Internet scale of demand. NoSQL databases often are  based upon or  more directly  support the  unnormalized normal form, which  is why they are popular in web-scale software applications. The downside is that the absence of relationships with other tables can lead to data redundancy and a lack of data integrity.

The first normal form creates separate tables for related data. The first normal form requires data attributes to have an atomic value. Requiring an atomic value for each data attribute means that groups of data cannot be stored into an attribute. The first normal form uses primary keys to identify sets of data. The advantage is that the first normal form reduces data duplication.

The second normal form extends the first normal form by making all nonkey data attributes dependent upon the primary key. The second normal form improves how data   is grouped, but in complex schemas, with multiple related data sets, it does not eliminate the potential for relationships between data attributes that are linked together by nonprimary keys. This type of relationship is known as a transitive dependency. The third normal form removes transitive dependencies.

The third normal form extends the second normal form by requiring that subsets of column data in what was second normal form that could be identified by a unique attribute are separated out into their own tables.

How does this relate to apply security? Of the CIA triad, the degree to which data is normalized impacts its integrity and availability. Normalization structures control how data is accessed and modified and thus improves data integrity by improving its consistency and enforces the atomicity of its representation. The degree of normalization impacts data availability, however, because it increases the complexity of queries to access and manipulate data as well as increases the complexity of modifying the data. These consequences impact the speed of data retrieval and updates, which, when there is a high volume of requests for data and software application response times are critical to success, can have a negative impact on the availability characteristics of the software application.

Database Models

A relational database model with its table-based format is a common database management system. This is not the only type of database, however. There are many more database models. A database model defines the logical database structure and essentially determines the manner in which data is stored, organized, and manipulated.

Common logical data models for databases include the following:
  • Network model
  • Graph
  • Object model
  • NoSQL
  • Relational model
Network

The network database model represents its data as a graph in which object types are  nodes and relationship types are arcs. This graph model is a flexible way of expressing objects and their relationships because it doesn’t restrict data relationships in a strict hierarchy or lattice.

Charles Bachman invented the network model. Its standard specification was published by the Conference on Data Systems Languages (CODASYL) Consortium, ultimately becoming an ISO specification.

One of the leading benefits of the network model is that it allows a natural modeling of relationships between entities while maintaining a hierarchical structure.

Graph

The graph database model extended the network model to break from the constraints of   a hierarchy to allow a more fluid and humancentric way of thinking. A graph database model uses graph structures to represent data. Nodes in the graph represent data entities. Nodes can hold any number of attributes, or properties. Labels can be applied to nodes   to add metadata such as constraint or index information. Relationships are semantically significant directed connections between two nodes in the graph. Such a relationship between nodes could be “Sally” (the first node, a person) “is employed by” (a directed relationship) “Big Security Consulting Company” (the second node, a company).

A graph database with these structures and associations allows for the user to ask meaningful questions to search the data in the form of semantic queries, such as “Where is Sally employed?” or “Who does the Big  apply Security Consulting Company employ?” Imagine what it would take to do this in a relational model. For those of  you who know SQL, this is much  more efficient and straightforward than composing a JOIN method. All nodes in  a  graph database have connections. Therefore, there  are no orphan nodes in a graph database. Graph native databases can access nodes  and relationships in constant time and traverse millions of  connections per second per core.

Because graph databases excel in qualitative directed relationships among entity data, they are well suited for representing and querying complex data environments such as cybersecurity data. MITRE’s platform for exchanging cyber-threat intelligence, the Structured Threat Information Expression (STIX), was developed to provide collaborative threat analysis, automated threat detection, and response capabilities.

STIX version 2.x uses graph database technology as core architecture to deliver these capabilities.

For more information on STIX, see https://docs.google.com/document/d/ 1yvqWaPPnPW-2NiVCLqzRszcx91ffMowfT5MmE9Nsy_w/edit#heading=h.8bbhgdisbmt. A widely used graph database is Neo4J. For more information on Neo4J, see https://neo4j.com/.

Object

An object database represents information in the form of objects as used in object-oriented programming. Object-oriented database management systems (OODBMSs), otherwise referred to as ODBMS (Object Database Management System), combine database capabilities with object-oriented programming language capabilities. The benefit of an OODBMS is how it allows object-oriented programmers to directly use   the OODBMS to store and retrieve objects and their state without having to use a translation and mapping layer such as what they use with relational databases. Having the same model of data representation makes integration of the database in software and programming language more fluid and allows the programmer to maintain consistency within one environment.

The following are popular object-oriented databases:
  • InterSystems Caché
  • Versant Object Database
  • ObjectStore
  • Matisse
NoSQL

NoSQL databases make up a database family whose focus is on the challenges of web-scale and massive data sets where flexibility, speed, and scale are important. Whereas you will soon see that relational model databases have a static, structured data representation, NoSQL databases are much more flexible on what data is stored in the database.

The NoSQL model has four common models of data storage, which are document databases, key-value stores, wide-column stores, and graph databases.

Document databases hold data as JSON-formatted documents. The structure of the data in these documents typically does not need to be specified in advance. Popular NoSQL document databases are CouchDB and MongoDB. It is also becoming more popular to use open-source search engine frameworks, such as Elastic Search, as NoSQL type databases.

Key-value stores keep data in the database accessible via key values. The data stored can range from simple integers to JSON documents. A popular NoSQL key-value store is Redis.

Wide-column stores store data in columns instead of rows. The advantage of a NoSQL column-oriented database is that this type of storage can increase the speed   of queries because it can skip over nonrelevant data that otherwise would come with a query on a relational row-based model. A popular NoSQL wide column-based database is Cassandra.

Relational Databases

The relational database model is the most popularly used database model. It is based on the relational model of data proposed by E. F. Codd in 1970. A relational DBMS manages relational model databases.

In a relational model, all data has an inherent structure. This structure is known as a schema, and it is a formal definition of how data will be composed in the database. The schema organizes data into one or more tables, known as relations, of columns and rows. Rows in this model are also known as records or tuples. Columns in the relational model are called attributes. Each table is intended to represent one entity type. An entity type represents a thing, such as a customer or product item. Each row represents an entity instance, with the columns of the row representing values attributed to that instance.

A unique key identifies each row in a table. Rows in a table can be associated with rows in other tables. Such a relationship is made by adding a column for the unique key of the associated row, also known as a foreign key. These relationships are a logical connection between different tables, based on the data relationships and interactions between the tables.

Popular relational DBMSs are Oracle Database, Microsoft SQL Server, MySQL, and PostgreSQL, among others.

DBMS Threats and Vulnerabilities

Databases contain and provide access to vast amounts of information. They are naturally subject to a number of threats and vulnerabilities. The following are some such threats and vulnerabilities to be aware of:

  • Default, blank, and weak username/password: Default, blank, and weak login credentials should not exist in database.
  • SQL injection: Failure to sanitize inputs can result in exposure to potential SQL injections with the possibility of allowing attackers to achieve privileged access to the database. Preferred use of prepared statements, along with input validation and sanitization, go far to prevent this from happening. A prepared statement is functionality provided by a DBMS that allows for parameterized repeated reuse of a SQL statement.
  • Extensive user and group privileges: Unmanaged user and group privileges is a problem. Instead, groups or roles should be used to administer privileges to users by associating users with their proper group or It is not advisable to assign users direct rights.
  • Unnecessarily enabled database features: Database software products can come with enabled features that an organization doesn’t need. Disabling or uninstalling unused and unnecessary services reduces the attack surface.
  • Broken configuration management: Databases offer many configurations to optimize performance or enhance functionality. While these configurations could be useful, they can also be unsafe. Evaluate all database software configurations that could be enabled by default or turned on for someone’s convenience.
  • Buffer overflows: Like any software that accepts input from the external environment, databases can be subject to buffer overflow vulnerabilities such as flooding an input with excessive characters. Examine inputs. Sanitize and validate inputs. Keep your database software and  apply security patches up to date.
  • Privilege escalation: Beware that some database vulnerabilities allow attackers to escalate privileges to gain administrator rights.
  • Denial-of-service attack: SQL Slammer showed how attackers exploit DBMS vulnerabilities to take down database servers by a denial-of-service attack. Ironically, a patch existed at the time that addressed this vulnerability. Keep your database software and apply security patches up to date.
  • Unpatched databases: Don’t unnecessarily expose your critical data assets to vulnerabilities that can be fixed by patching. Keep your database software and apply security patches up to date.
  • Unencrypted sensitive data at rest and in motion: Protect sensitive data with proper encryption. All connections to the database should be encrypted.
Securing the Database Management System

Consider the following best practices and internal controls when formulate and security matrix for your DBMSs:

  • Routinely assess and address DBMS vulnerabilities.
  • Place DBMS and apply security in network Zone.
  • Check and sanitize all inputs.
  • Apply security in  DBMS endpoints.
  • Manage user access rights with emphasis on enforcing least privileges.
  • Remove inactive users.
  • Prefer SQL prepared statement.
  • Avoid building SQL statements with string concatenation.
  • Classify all sensitive data.
  • Monitor, detect, prevent, and alert on unauthorized SQL and big data transaction.
  • Classify all sensitive data.
  • Monitor, detect, prevent, and alert on unauthorized SQL and big data transaction.
  • Block malicious web requests.
  • Automate DBMS auditing.
  • Routinely apply security in snapshots and backups of database.
  • Encrypt databases.